Monthly Archives: February 2010

Team Canada Gold Medal Hockey Winners!

I am jumping up and down scaring the neighbours!

It happened Team Canada in an OVERTIME Game took the Gold!

This is strange I am an American.  I was born in the States. Raised in the States.  Heck I still remember the Pledge of Allegiance.

So why?  Why am I cheering for Canada?

Canada is my home.

My family is in Canada.

My job is in Canada.

Canada supplied me a life where none could compare.

I will take my Canadian Citizenship because I am PROUD to call Canada my home.

I am not “UnProud” of my American status, but Canada became my home like nothing else.

Canada is a huge part of what launched the “Friday Funny Guy”, Canada was a huge part of my inspiration to take my dreams to my limits.

And as such, I cheer for Canada in it’s victories and cry it it’s woes.

And today, although I am not officially “Canadian” I stand beside and with other Canadians proud of What Canada has done and achieved.

Today, I cheer for Canada and Team Canada as they chalk up Gold Medal #14 and bring Canadian Pride to the limits

Thank you Canada

 

Sean
The Energized Tech

FacebookTwitterGoogle+Share

Powershell – Viewing the code from a Function

Powershell

Ever get bitten by a bug and need to know “How was this done?”

In Powershell there are many functions you create, and just as many pre-written.   But when I go to see how a function was done (so I can learn more), I find if the function has more than one line you just get something like this.

CommandType Name Definition
——————                   ——- ———-
Function       get-exblog

 

Which doesn’t do you a lot of good.    

But really it’s not difficult to view.    For example if you want to get a list of all functions (which are like Cmdlets but you can view / edit and change them) run the following command

GET-CHILDITEM FUNCTION::

or you can also run a

GET-COMMAND –CommandType Function

…The output and results are the same, a BIG list of functions and their definitions or at least PARTIAL definitions.

So if you see a particular function you’re curious about in the list like say GET-EXBLOG (which is part of the Exchange Command Shell) just run this command

(GET-CHILDITEM FUNCTION::GET-EXBLOG).Definition

or

(GET-COMMAND GET-EXBLOG –CommandType Function).Definition

In both cases you will see the code that produces that Function which is

invoke-expression ‘cmd /c start http://go.microsoft.com/fwlink/?LinkId=35786′

Which goes off and launches the Exchange Blog.

So I never knew how to launch a Browser session from Powershell.  But now thanks to viewing this function I see a way.  Maybe not necessarily the BEST or the ONLY way but it’s a good way to learn if you can see how somebody else did it.  

Powershell – Learning *IS* easy :)

Sean
the Energized Tech

FacebookTwitterGoogle+Share

Quickly restart your Technet and MSDN Downloads – File Transfer Manager

 

Ok Look I know this should have been blatantly obvious but it wasn’t.

 

You’re downloading from Technet.   The computer rebooted.  The wire got yanked.   Aliens cut off the internet.

But for whatever reason your download got halted.  And although the “File Transfer Manager” CAN resume those downloads, it’s a matter of going to Technet, restart a Transfer and see it pickup on the screen.

I figured it HAD to be easier but I just didn’t see where the shortcut was.

So today I fired up Process Explorer from Sysinternals.com and looked to see where my “File Transfer Manager” was running from.

A quick right click of the mouse on the “TransferMGR.EXE” application in Process Explorer

image

And you could see where it was launching from.  Done.

So if you’re stuck in a jam and just want to restart your downloads from Technet or MSDN?   Create a shortcut to the “File Transfer Manager” under “C:\Windows\Downloaded Program Files\TransferMGR.exe” and just double click on it any time.  

As always you can click on previous downloads and choose “Resume”, “Suspend” or “Cancel”

 

And you DON’T have to relogin to Technet to do this either :)

 

Sean
The Energized Tech
”Saving the world from one headache at a time”

FacebookTwitterGoogle+Share

Domain Trusts – Easier than you think

Not a lot of us get to work with actually establishing a trust between Domains.  On the Enterprise it happens but in small Business it doesn’t really.  Unless you’re in that grey area of “Too big to be a little guy but not yet Enterprise”

If you’re in that area, you’re probably the “Lone Gunman” managing the network.  You might have a Test environment of your own (or thanks to Virtualization, be thinking of having one)

You might even be in a company just large enough that you merged (or became merged) into a larger Division.

One of the big problems you will encounter right off the bat, is you need to share resources at some level with the parent company, even as simple as accessing a website.

If there is no Trust established you’ll encounter issues much like you would in a normal peer to peer network, in which you must validate against the resource in question with credentials from that Domain.   If there is no trust in place, you must manage multiple accounts, permissions.   If something as simple as an inventory application needs to run, it can’t.   There is usually validation on some level.  And switching domains to using “Anonymous” and “Everyone” permissions is not only a BAD break fix, it will make you far more liable to viruses, hacks, attacks and breach many rules in compliance like SOX/PCI and other nasty Multi letter acronyms I just can’t memorize on a daily basis.

So you need a trust.   One way or two way?  Forest level or External? What will I get to do automatically?

These are questions that should roam through your head. But on the most basic level, HOW difficult is it to establish?

It isn’t.  As long as some prep work is done.

You should be able to resolve names to IP addresses, if there are firewalls separating the networks, appropriate ports should be opened, and If one party is setting up the Trust, proper credentials must be available in both domains with appropriate permissions.  

***KLUNK***

Oh you thought it was going to be a COMPLETE walk in the park? Well it isn’t horribly difficult, just a little prep work.  That’s all.  Relax. ;)

If you have two separate Domains on different networks, you should have at least some Conditional Forwarders or Replicated copies of the Foreign DNS domain.  Conditional Forwarders are simpler to setup and require far less changes in security as all they do is change the ending domain name (IE: office.abc.com) and FORWARD the request the the DNS servers for that Domain

You’ll need that on both sides

To establish the Actual Trust you’ll need to go into “Active Directory Domains and Trusts” off the Start menu.

See ? Easy!

Right click on the Domain in question that you need to establish a trust.  Choose “Properties”.  At this point you will see a tab marked “Trusts”.  Click on that.

Here’s where the fun starts! On the lower left hand side you will see a button marked “New Trust”, click on that to bring up the “New Trust Wizard”

image

Type in the NETBIOS name (ABC) or the FQDN (IE: ABC.CONTOSO.LOCAL or CONTOSO.LOCAL) of the Domain you are attempting to establish a trust with.

image

If your resolution is all good and the domain is recognized, you will now be prompted with one of two boxes.  Either one asking you for the type of Trust (One way Inbound, Two Way, or One way Outbound) OR

image

Next you will be asked on whether to create the trusts on BOTH domains or just yours.  If you have Administrative credentials in the other Domain you can complete the whole process now,  If not you can at least get it started.  

image

You will be asked for whether the authentication will be “Domain Wide” or “Selective” – Selective is good for two separate companies that need to share resources but need to be EXTREMELY meticulous as to how resources are granted.  Nothing assumed.   Domain Wide is little more open.  Say a company that has separate divisions within Different Active Directory environments that need to be joined.   

In both cases a password is required.  This is a trust password.  The “secret phrase” that is needed to create the link.  Make it a good passphrase and not something silly like “yeahthisisagoodtrustpassphrase”

Password must meet whatever password rules are presently in force on the two Domains.  Toughest Rule wins.  So if one of you has a minimum 53 character password with Full Complexity in force?  Sorry.  Password would have to meet THAT rule.

image

At this point you have the option of confirming the Trust is in place on the other side.    Without credentials on the foreign domain, you can at least confirm the outgoing trust. 

image

But to confirm that the incoming trust is working (that your buddy on the other side typed in the password correctly and FOLLOWED the step by step instructions) requires Administrative credentials from that domain.

image

In a click or two, you’ll be done.   Now one thing to keep in mind, once the trust is in place you SHOULD double check Share and NTFS permissions.   If any SHARE or NTFS permission has “Everyone” access (even ReadOnly) the “Everyone” group is Universal.

If you want Grant users from the “Foreign but Trusted” domain access to resources you now need to learn about using a “Domain Local” security Group.  You can add users from the Other Domain to a “Domain Local” security group in your domain and grant THAT group access.   But interestingly once you start going into Server 2008, you can add Foreign domain users to “Global” security groups.   This seems to be a feature of the newer Server 2008 Active Directory (which I find immensely cool!)

There’s an absolutely EXCELLENT article written by Daniel Petri that covers on a beautiful an in depth level all you would ever want to know or not know about Domains and Trusts and is WELL worth the read!

Technology, Embrace it and extend yourself

Sean
The Energized Tech

FacebookTwitterGoogle+Share

Using GPO to lock down Wifi on a workstation

As we cross into Windows 7 and Vista environments there is a huge win on the Infrastructure side

Manageability.

Vista and Windows 7 were born into Wireless and of course the need for Wireless security.  Windows XP existed as it grew.  As such certain things are apparent.

You REALLY need to control WIFI.

And so with Vista and Windows 7 with Group Policy it’s incredibly EASY!

Within Group Policy under Server 2008 you can now deploy Policies which govern what networks can or cannot be used including standards for a Corporate Network.  Just create a new Group Policy (or edit an existing one, here we’re creating a new one) We need to make a change under “Computer Configuration/Windows Settings/Securit Settings/Wireless Network (IEEE 802.11) Policies”

gpowifi1

gpowifi2

 

It’s as simple as “New Vista Policy” and fill in the dotted lines! Give the Policy a Description and Name, You can choose whether or not to Enforce the use of the Windows WLAN Autoconfig from here as well, to enforce that

Wireless setup office wide is standardized and easier for support. 

  gpowifi3

 

At this point, you can add the Wifi hot Spots that are approved for your corporation.  Take note as well, the Wifi passwords are NOT kept in the GPO, they do have to be typed in on per machine basis.  But you can pre-configure the systems so that’s all you DO need to type in.    You can even enforce many of the Wifi roaming options on the PC’s

 

 

 gpowifi4 gpowifi5

 

As you can see below you can be as flexible as you want on your Wireless environment or ridiculously locked down as you want.  Your choice :)

 

gpowifi6

 

You can also create Wireless policies for Windows XP, to at least allow for some pre-configuration of the units.   But Windows XP cannot be locked down on Wifi nearly as beautifully as Windows 7 or Vista.  A nice feature if you DO have these in your environment.

 

gpowifi7

gpowifi8 

Make sure you apply this policy on your Computers that have Wireless only or you’ll be spending all day typing in Wireless passwords on machines that will never have wifi.

 

Windows 7 and Vista and GPO

The Power is yours, leverage it.

Sean
The Energized Tech

FacebookTwitterGoogle+Share

Powershell – Controlling Mailflow in Exchange 2007

Powershell

One of the things I remember when working with Small Business was dealing with a Smart-Host.

A Smart host, which most of us take for granted is the “SMTP” server most users get from their ISP.   When working with Small Business Server 2003 and most Small businesses, we didn’t tend to host our own mail internally.  It just wasn’t cost effective.   So we would choose an external vendor and use the POP3 connector from SBS 2003.

Now the problem.

If you are sending email and you are NOT hosting it yourself ON that server, you must send the mail to a REAL SMTP server on the outside world.  That’s easy.  Use the Smart Host from your ISP and life is good.

Ahhh but the catch.  Most ISP’s have restrictions and rules on how much you can send to those connectors.

Home users don’t notice it.  They do a send/receive and in the back end it just works, or they hit “Send Receive” again.

 

In a Server, it all has to just work.  No interruption, all magic, seamless.

 

So one of the Features I used to tweak under the Exchange 2003 allowed me to limit how much mail was sent out in each session.   I could throttle it down so the Smart Host on the outside world COULDN’T be spammed inadvertently, but at the same time Exchange 2003 could happily do it’s job.

Then Exchange 2007 came along.   It works beautifully, except for one thing.   I couldn’t find that setting!  I have a friend who does a lot of work for Small Business and HE couldn’t find it.   And he really needed to regulate that flow of mail!

 

Well as luck would have it, Microsoft did NOT remove the feature.  They reallocated it to the Transport Server role.   Which is actually better since instead of a single SMTP connector holding the setting a particular SERVER holds it.  That means if mail is flowing out of a particular Transport server on Exchange that has lower bandwidth, or restrictions than it’s partners; You can adjust it.

 

Set-TransportServer –identity ‘EXCHANGETRANSPORTSERVERNAME’ -MaxPerDomainOutboundConnections 5

 

The Default setting is 20 connections at a time.  Which is fine.   But Some ISP’s don’t want 20 live connections to their SMTP server from the SAME IP address at once.    And may either REJECT or BLACKLIST your server until you get all nice with Tech Support on the phone.

This article from Microsoft is a great starting point on learning how to regulate some of the mail flow in Exchange 2007.  For the most part it’s all done with Powershell :)

 

Sean
The Energized Tech

FacebookTwitterGoogle+Share

Powershell – Controlling Mailflow in Exchange 2007

Powershell

One of the things I remember when working with Small Business was dealing with a Smart-Host.

A Smart host, which most of us take for granted is the “SMTP” server most users get from their ISP.   When working with Small Business Server 2003 and most Small businesses, we didn’t tend to host our own mail internally.  It just wasn’t cost effective.   So we would choose an external vendor and use the POP3 connector from SBS 2003.

Now the problem.

If you are sending email and you are NOT hosting it yourself ON that server, you must send the mail to a REAL SMTP server on the outside world.  That’s easy.  Use the Smart Host from your ISP and life is good.

Ahhh but the catch.  Most ISP’s have restrictions and rules on how much you can send to those connectors.

Home users don’t notice it.  They do a send/receive and in the back end it just works, or they hit “Send Receive” again.

 

In a Server, it all has to just work.  No interruption, all magic, seamless.

 

So one of the Features I used to tweak under the Exchange 2003 allowed me to limit how much mail was sent out in each session.   I could throttle it down so the Smart Host on the outside world COULDN’T be spammed inadvertently, but at the same time Exchange 2003 could happily do it’s job.

Then Exchange 2007 came along.   It works beautifully, except for one thing.   I couldn’t find that setting!  I have a friend who does a lot of work for Small Business and HE couldn’t find it.   And he really needed to regulate that flow of mail!

 

Well as luck would have it, Microsoft did NOT remove the feature.  They reallocated it to the Transport Server role.   Which is actually better since instead of a single SMTP connector holding the setting a particular SERVER holds it.  That means if mail is flowing out of a particular Transport server on Exchange that has lower bandwidth, or restrictions than it’s partners; You can adjust it.

 

Set-TransportServer –identity ‘EXCHANGETRANSPORTSERVERNAME’ -MaxPerDomainOutboundConnections 5

 

The Default setting is 20 connections at a time.  Which is fine.   But Some ISP’s don’t want 20 live connections to their SMTP server from the SAME IP address at once.    And may either REJECT or BLACKLIST your server until you get all nice with Tech Support on the phone.

This article from Microsoft is a great starting point on learning how to regulate some of the mail flow in Exchange 2007.  For the most part it’s all done with Powershell :)

 

Sean
The Energized Tech

FacebookTwitterGoogle+Share