Network Helpdesk

In working with Outlook 2010, I had a client who had Exchange mailboxes that he needed to get rid of because they no longer needed. The user tried removing the mailbox from Outlook by simply launching the "Mail" (Outlook profiles) from control panel. When the user would re-open Outlook the account was still there. After some looking around it was found that the user had been given the "Manage Full  Access Permission" in Exchange 2010 to this specific mailbox. This was causing Outlook for some reason to hold on to the mailbox in the left pane.

In order to get rid of the mailbox the "Manage Full  Access Permission" had to be removed from the specified users on this function of the mailbox in the Exchange management console.  You can also use the Exchange Power Shell to perform this by using this command - Remove-MailboxPermission -Identity Mailbox -User -useraccessing Fullaccess

After removing the user from the full access permissions, Outlook was closed and opened back up and the users were then removed. It is unclear if this is issue is caused by a Microsoft Exchange upgrade or if this is just one of those little issues that slipped through the cracks on patching either system. SkyByte Consulting supports clients large and small with issues like this and many others. 

1. In outlook 2010, click on your calendar.
   
2. From the Home tab, Select Calendar Groups.
   
3. In the drop-down list, click one of the following-
   
   
   1. To create a new group calendar, click Create New Group Calendar, and continue to step 4.
      
   2. If you have multiple Calendars open ( For example: You are viewing other peoples calendars along with your own), you can save the the calendars in the current view as a new calendar group in the navigation pane by clicking Save as New Calendar Group.
      
   3. To display team calendars in the navigation pane, click Show Team Calendars. Team calendars contain calendars for your manager, direct reports, and peers as determined from information in Active Directory.
      
4. In the Create New Calendar Group dialog box, type the name for the grouping, and click OK.
   
5. In the Select Name: Global Address List dialog box, find the individuals or resources you wish to add to the grouping. Click the Group Members -> button to add them (or double click their name). You can add multiple people or rooms by finding another person and clicking the button again.
   
   If you have a server-side distribution list (For example - a mail-enabled group, not a LISTSERV list or a personal distribution list), you may find that group and add it.
   
6. When you are done adding the people and rooms click OK and the calendar group is saved in your navigation pane. In it, you can see each of members or resources availability. If the individual or resource room doesn't allow people or a specific set of people to view the free/busy information, you will not see any details listed.
   
7. To add more people or resources, right-click on the calendar group in the navigation pane and click Add Calendar. Choose one of the following methods  to add the calendar-
   
   
   1. From Address Book
   2. From Room List
   3. From Internet
   4. Open Shared Calendar
      
8. To delete a calendar group, right-click the calendar group in the navigation pane and select Delete Group.

Yesterday I was setting up Backup Exec 2010 R3 as part of disaster recovery solutions initiative for a client. Installing the media server was the easy part, but installing the remote agent on one of the servers proved to much more of a pain. Using the utility built into Backup Exec, I deployed the agent to the server. I then logged into the server to verify that the agent had indeed installed. I noticed a red "X" on the tray icon, so I investigated. Upon looking into the error it said that the service did not start so I opened the services MMC and tried to start it manually. The service started then stopped immediately with the error -

"The Backup Exec Remote Agent for Windows Systems service on Local Computer started and then stopped. Some services stop automatically if they have no work to do for example, the Performance Logs and Alerts service."

I also looked in the event logs and found an error with the event ID: 58117 - The application failed to listen on the NDMP TCP/IP port. Check the network configuration.

After digging around on the Internet I found a support document from Symantec that explained the issue. Backup Exec's remote agent requires port 10000 to operate. For those of you who may not know port 10000 is a very commonly used port. Because the administration site for the software running on this particular server was also running on port 10000 the service was failing to start and I was receiving that vague error message (Thanks Symantec!).

1. Confirm that there is another application using port 10000 by first opening a command prompt: Goto Start -> Run -> Type "CMD" and press Enter
2. At the command prompt type:
   NETSTAT -abno
   Then press ENTER
    
   This will give a list of all ports that are in use on the system along with the name of the process that is utilizing the port.  The ports are listed in the format of IP

1.  Edit the SERVICES file located in C:\WINDOWS\system32\drivers\etc\ using  Notepad
2.  Add an entry that reads like the following example (12000 is just an example port.  Pick any available port that did not show as in use in the NETSTAT results):
   ndmp          12000/tcp
    
   At the end of the line press ENTER so that the cursor goes down to the next blank line.  If the ENTER key is not pressed at the end of the NDMP line, the change will not take effect.
3. After making the change, save the file and restart the Backup Exec Remote Agent for Windows Servers service.

1. First and most importantly! - Create an admin account on your computer and change your everyday user to a standard account. If you do get infected, the virus will not have admin rights to your machine! It won't be able to install anything or modify any critical systems in your machine. This tip is the most critical by far!
2. Uninstall Adobe Flash Player. I know your probably saying "Why would I do that? I can't watch Youtube or play Farmville on Facebook!!" Well what you may not know is that Adobe flash has more holes than a piece of Swiss cheese and no matter how many updates the put out for it, you just can't fix bad code/programming.
3. Install an Anti virus client! They can be found for free and there is no excuse for not having one.. Microsoft offers Security Essentials (Microsoft Security Essentials)
4. Download an Anti Mal-ware program like Malwarebytes - This is by far one of the best tools for keeping you computer clean and spy ware/malware free. (Malwarebytes)
5. Don't just click because you can.... Just because it's on Facebook doesn't mean it's safe. No one is really going to sell you Viagra for 25 cents a pill, so stop clicking on the links. This type of attack is called click jacking and it's one of the most common ways PC's get infected!
6. If it sounds to good to be true.. It probably is. Like watching "The Big Bang Theory" episodes for free a week before they come out. Do not install anything on your machine that's not from a reputable source. This includes Active X controls and "plug-ins".
7.  Update your computer the Windows Updates and also keep your browser/s (Chrome, Firefox, Opera, Internet Explorer) up to date. Windows, Linux, or even Mac OS X all get updated regularly to plug holes in security that the programming and support teams find.
8. Spam isn't just for eating. Spam is something in the corporate world that plagues many companies and users. If some prince in Nigeria says he has 5 million dollars for you, that should be your best clue that the email is bad news. Who it's from- Emails from sdc2@#dd@misseddeliveries.dhl.com is not a real email address. Before I forget if you get an email from a friend with a link or a file with a .exe at the end, delete it and call the person to inform them that their E-mail has been hijacked or they are now a spam bot. 
9. Don't turn off you're Windows Firewall unless you know what your doing. I know it can get in the way of your Torrent downloads which 99% of the time are illegal anyway and filled with Viruses and Malware... Your firewall is the first line of defense in a PC so learn to use exceptions and that can be learned from some simple googling...
10. Common sense is key. If you think before you click you won't have to spend $50 to $200+ getting you PC cleaned off or wiped and reloaded. Also don't get mad at the computer repair person because you have to shell out the money. He didn't infect the computer, but he might be able to help you prevent it from happening again.

• Per User -
  • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains
• The Whole Machine (Globally)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains

If you are working on specific users needs than you will want to edit the HKCU(HKEY_CURRENT_USER), but if you need the same sites or domains trusted then use the HKLM(HKEY_LOCAL_MACHINE). Below I will give two different approaches to making this an easy add for your users or for you as the admin.

The first way is using the following Visual Basic script:

Option Explicit

Dim DomainArray(5), strComputer, strHTTP, strHTTPS
Dim dwordZone, regPath, objReg, counter, subkeyPath
Dim subkeyValue
Const HKEY_LOCAL_MACHINE = &H80000002

DomainArray(0) = "trusteddomain0.com"
DomainArray(1) = "trusteddomain1.com"
DomainArray(2) = "trusteddomain2.com"
DomainArray(3) = "trusteddomain3.com"
DomainArray(4) = "trusteddomain4.com"

strComputer = "."
strHTTP = "http"
strHTTPS = "https"
dwordZone = "2"
regPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" &_
        "\ZoneMap\EscDomains\"
Set objReg = GetObject("winmgmts:{impersonationLevel = impersonate}!\\" & _
        strComputer & "\root\default:StdRegProv")

For counter = 0 to 4
        subkeyPath = regPath & DomainArray(counter)
        objReg.CreateKey HKEY_LOCAL_MACHINE,subkeyPath
        objReg.SetDWORDValue HKEY_LOCAL_MACHINE,subkeyPath,strHTTP,dwordZone
        objReg.SetDWORDValue HKEY_LOCAL_MACHINE,subkeyPath,strHTTPS,dwordZone
Next

The above script when executed will insert 'trusted domain0.com', 'trusteddomain1.com' and etc to Internet Explorers trusted sites zone when run on any machine. To run this script the user running it will need to be a local admin on the machine or any user that has access to write to the HKEY_LOCAL_MACHINE registry hive and any other changes that are global to the machine.

The next way involves creating a "Registry Entries" (.reg) file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain0.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain1.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain2.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain3.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain4.com]
"http"=dword:00000002
"https"=dword:00000002

Just like the previous script, this must also be run by a user with administrator privileges and any changes will be global on all users of the machine. You can customize this code to fit your needs. Please also make sure before deploying these that the changes will not violate your network security policy.

SkyByte Consulting  provides support for many clients from small to large and everywhere in between. In the case of Microsoft SharePoint, Dynamics, and other MS enterprise products you can deploy Microsofts Threat Management Gateway (TMG) or Unified Access Gateway (UAG) which can perform reverse proxy to the sites. I hope this post will help a few admins out there with authentication annoyances and prevent un-needed service tickets.

All information presented on this blog is for informational purposes only and is provided on an as-is basis.

• The URL for accessing Gmail (mail.google.com) is blocked by many organizations because they don't want personnel accessing their e-mail while on company time.
• There is now Global Address List functionality. This means that you wouldn't be able to have a single "Marketing Contacts" address book shared by all of your marketing people. The "shared contacts" functionality only really mans that things are shared within your domain.
• Contact sync to mobile devices - at least with the iPhone there is no way to sync a subset of Gmail contacts. Most people don't want all of their email contacts added to their phones address book.
• Having the reassurance of Microsoft Server Support specialists or Public Forums when your company runs into problems?

• Secure employee-owned devices with access to corporate resources.
• Manage and provision all mobile endpoints and desktop from a single interface.
• Reduce costs and allow employees to use their own mobile device for work.
• Safely support a wide variety of mobile phones connecting to a company network.

I recently ran into a situation that required me to get some information off of a Windows image backup. The file that Windows backup outputs is a .VHD file which is the same type that Hyper-V creates. I created a new virtual machine and attached the .VHD of the backup as the hard drive. When booting I received an error telling me "Boot Failure. Reboot and Select proper Boot device or Insert Boot Media in selected Boot device". After some digging around on the Internet I found some information explaining why it would not boot.

The .VHD file that Windows backup creates is just a data only file. These are not bootable and cannot be made bootable this is by design. There were some mentions of people getting this to work, but there were many who tried and failed. This .VHD file is intended to give you access to the file system on your old machine but not to be loaded into a virtual environment. To do this you would have to use the convert physical machine selection in Hyper-V or System Center Virtual Machine Manager to use the machine in a virtualization environment.

With the popularity of Server Virtualization Systems on the rise, maybe Microsoft will include an option on the backup and restore for Windows 8 that will allow for converting a physical to a virtual. This could even be just for Professional, Ultimate and Enterprise versions.

Recently a client of SkyByte Consulting had an issue opening hyperlinks embedded within emails. The error seemed to occur when Outlook 2003/2007/2010 was opened and a hyperlink was clicked from within an email. The cause was that Firefox had been installed onto the system and was made the default browser. It seems like Outlook only wanted to look to Internet Explorer for opening the link. 

There two solutions I found for this, which I've provided below.

Solution 1 -
1. Open Internet Explorer
2. Goto Tools->Internet Options->Security Tab
3. Click "Reset all zones to default level"
4. Close Internet Explorer and Outlook.
5. Re-open Outlook and click again on the hyperlink

Solution 2 -
Setup Internet Explorer as your default browser. Make sure to tell Firefox not to be the default and to never ask again

How many times have you not had sufficient space on your virtual server due to growing exchange data stores, SQL databases, or Data Protection Manager backups?  It can be a daunting task, in smaller networks, to have sufficient drive space on VM hosts. Using Microsoft Hyper V server 2008, I've setup test and dev machines and just hosted the VM files off on an external hard drive. 

In the past external hard drives running USB 1.1 and 2.0 were too slow to host a file such as a .VHD effectively. Within the last couple of years technologies like e-Sata and USB 3.0 have emerged as great choice's for an external interface. These newer external ports offer superior read and write throughput performance for hard drives. You can purchase expansion cards that give your server the ability to have these ports. In the case of e-Sata, you can also employ Raid setups using external drive housings that support raid 0,1,5,10 and others.

I've found that, depending on your virtualization hosts configuration, you can setup or relocate .VHD files onto an external drive. Also you could add an external drive to house all of your machine backups and images on drives up to 3TB in size. With the performance of both USB 3.0 and e-Sata you can create, deploy, and restore in a fairly quick amount of time. Non-essential or lightly used VM's could be hosted on a single external drive with higher use possible using an e-Sata Raid setup. This solution would be very easy to implement with many server virtualization systems and very inexpensive compared to upgrading the drives in a server.

San Fransisco, CA: Microsoft on Tuesday provided another glimpse at changes coming with the next-generation of Windows software that powers most of the world's computers.

Microsoft is making major improvements to a key Windows Explorer file management program to enhance how it interacts with the coming Windows 8 operating system, according to Windows division president Steven Sinofsky.
 
"Windows 8 is about re-imagining Windows, so we took on the challenge to improve the most widely used desktop tool in Windows," Sinofsky said atop a blog post detailing Explorer modifications.
 
"Windows Explorer is a foundation of the user experience of the Windows desktop and has undergone several design changes over the years, but has not seen a substantial change in quite some time," he added.
 
A control "ribbon" for commands was added to make them more easily accessible to people other than "power users" familiar with Windows Explorer shortcuts.
 
Engineers set out to "return Explorer to its roots as an efficient file manager and expose some hidden gems" in the form of handy commands many people may not know, according to Alex Simmons of the program management team.
 
Microsoft in June provided the first sneak peek at the successor to Windows 7, a next-generation operating system designed to work on both personal computers and touchscreen tablets.
 
Sinofsky demonstrated some of the features of the operating system code-named "Windows 8" at a D9 technology conference hosted by All Things Digital.
 
"Laptops, slates, desktops -- all can run one operating system," Sinofsky said.
 
"Windows 8" builds upon many of the features in Microsoft's latest mobile operating system for smartphones, Windows Phone 7, including the use of touch "tiles" instead of icons to launch and navigate between applications.
 
Microsoft has promised to reveal more features of Windows 8, which uses Internet Explorer 10 as a Web browser, at its developers conference in Anaheim, California, opening on September 13th

Nothing new has been released yet regarding new Windows Server 8 information and if Active Directory upgrades will need to be to unlock the potential for Windows 8 on current corporate network infrastructure.

Electronic discovery services (or e-discovery, eDiscovery) refers to discovery in civil litigation which deals with the exchange of information in an electronic format. This is ofter referred to as "Electronically Stored Information" or ESI. Usually a digital forensics analysis is performed to recover evidence. A wider array of people are involvedlved in eDiscovery like forensic investigators, lawyers and IT managers which leads to problems with confusing terminology.

Electronic information is considered different from paper information because of its intangible form, volume, transience and persistence. Electronic information is usually accompanied by metadata that is not found in paper documents and that can play an important part as evidence (for example the date and time a document was written could be useful in a copyright case). The preservation of metadata from electronic documents creates special challenges to prevent spoliation.

Corporate and government investigators face numerous pressures when performing digital investigations. The number of investigations grows every day along with the amount of electronically stored information requiring analysis. Deadlines continue to be more aggressive, raising the urgency to find all of the evidence and accurately determine who knew what, and when. Controlling the costs remains a major concern, preventing teams from adding more people to cope with an ever-increasing workload.

In working to meet these demands, security and forensics teams have relied on tradition technologies and work-flows. These manual work-flows often employ investigators collecting data across the enterprise using multiple tools, applying simple keyword search techniques and reviewing gigabytes of data document by document. Because of this, today’s corporate investigation process is onerous and time-consuming, requiring a large number of manual steps and significant re-work which, in turn, costs millions of dollars and leaves the organization vulnerable to substantial risk and financial exposure.

There are quite a few electronic discovery software's that can aid in the digital investigation process, helping investigators handle more cases in less time while improving the accuracy of the results. Electronic discovery software forensically collects electronic files from across the organization, automatically analyzes the data, and enables investigators to rapidly identify all evidence and suspects involved in a corporate or government investigation.



Electronic Discovery Software

AccessData - AD Summation eDiscovery (http://accessdata.com/products/ediscovery-litigation-support)

Fios - Relativity - (http://www.fiosinc.com/e-discovery-software/default.aspx)

Clearwell <Symantec> -  (http://www.clearwellsystems.com/electronic-discovery-solutions/electronic-discovery-litigation.php)


Lexisnexis - Concordence (http://law.lexisnexis.com/concordance)


SkyByte Consulting works with several Chicago law offices and companies to provide support and implementation of these software's and other forensic services.

I ran across an issue on a client's SQL Server 2005 Express instance. The problem was that at 4:01am every morning the SQL server would just shutdown with the event messages of

1. Service Broker manager has shut down.
2. SQL Server is terminating in response to a 'stop' request from Service Control Manager. This is an informational message only. No user action is required.
3. SQL Trace was stopped due to server shutdown. Trace ID = '1'. This is an informational message only; no user action is required.

After a week of trying to narrow down the issue I found that it was Windows Update automatically trying to install the SP4 update for MSSQL 2005 Express and failing. This failure would cause the SQL server to shutdown for the update, but not come back up. This shutdown was affecting programs like Blackberry Enterprise Server and also BackupExec which would then crash and need to have their services restarted after bringing the SQL instances back online. The fix for this issue was merely to disable the update and also for preventing future issues I disabled the automatic installation of updates.

This issue could relate to Microsoft SQL Server Upgrades and Blackberry Enterprise Server Support.

In Microsoft Outlook, how do I change the default address book?

To change the default address book in Outlook for Windows, follow the appropriate steps below:


Outlook 2010 :

1. From the Find group on the Home tab, select Address Book.
2. In the Address Book window that appears, from the Tools menu, select Options...
3. Under "When opening the address book, show this address list first:", use the scroll-down menu to select the appropriate listing (i.e., Global Address Book, or Outlook Address Book).
4. To save the changes, click OK.
5. To close the Address Book, click the X in the top right corner.

1.  From the Tools menu, select Address Book.
2. In the Address Book window that appears, from the Tools menu, select Options.
3. Under "Show this address list first:", use the scroll-down menu to select the appropriate listing (i.e., Personal Address Book, Global Address Book, or Outlook Address Book).
4. To save the changes, click Apply.
5. To exit, click OK.