“Microsoft Kerberos Configuration Manager for SQL Server is a diagnostic tool that helps troubleshoot Kerberos related connectivity issues with SQL Server.”

Microsoft Kerberos Configuration Manager for SQL Server can be download from the following link.

• Read more
• 1 comment(s)

Exchange 2013 Server Role Requirements Calculator v5.1 can be download from the following link.

• Read more
• No comments

“With the Lync Server 2010 and 2013 Bandwidth Calculator, you can enter information about your users and the Lync Server features that you want to deploy, and the calculator will determine bandwidth requirements for the WAN that connects sites in your deployment. The accompanying User Guide describes the recommended process for estimating your WAN bandwidth needs for Lync client real-time traffic. The User Guide will be updated periodically with new information and modifications.”

Lync 2010 and 2013 Bandwidth Calculator can be download from the following link.

• Read more
• No comments

“The Microsoft Application Virtualization (App-V) Best Practice Analyzer is a diagnostic tool that verifies configuration settings for a computer running a Microsoft Application Virtualization Management Server version 5.0, Microsoft Application Virtualization Publishing Server version 5.0, and/or Microsoft Application Virtualization Reporting Server version 5.0.
Feature Summary:

• -Gathers information about a Server and a Microsoft Application Virtualization 5.0 Management, Publishing, and/or Reporting service instance installed on that Server
• -Determines if the configurations are set according to the recommended best practices
• -Reports on all configurations, indicating settings that differ from recommendations
• -Indicates potential problems in the installed instance of App-V Server 5.0
• -Recommends solutions to potential problems
• -Produces an HTML report with all errors and warnings”
• The Microsoft Application Virtualization Server 5.0 Best Practice Analyzer can be download from the following link.

• Read more
• No comments

http://www.digitalwhisper.co.il/files/Zines/0x29/DW41-3-Adv_Auth.pdf

• Read more
• 1 comment(s)

“PST Capture 2.0 is used to discover and import Outlook Personal Folder (.pst) File Format files into Exchange Server and Exchange Online. PST Capture helps an organization that wishes to gain more control over their email data repositories by placing them into Exchange. By optionally installing PST Capture Agents on target machines, administrators can determine where .pst files are located and who their file owner is via the PST Capture Console. Administrators can import .pst files via Import Lists to Exchange Server or Exchange Online. Data can be directly imported into the primary mailbox or associated archive mailbox.”

Microsoft Exchange PST Capture 2.0 can be download from the following link.

• Read more
• 1 comment(s)

“Exchange Connector connects Service Manager to Exchange for processing incoming emails related to work items. Once Exchange Connector has been configured to monitor exchange mailboxes, it can be used to create and update work items based on templates specified by the admin. By specifying special keywords to look for in the incoming emails, admins can configure Exchange Connector to perform actions like approving or rejecting review activities, or enable activity implementers to mark activities assigned to them as completed.”

System Center Service Manager Connector 3.0 for Exchange can be download from the following link.

• Read more
• No comments

“The Virtual CD-ROM Control Panel utility enables users of Windows XP, Vista, and 7 to mount ISO disk image files as virtual CD-ROM drives. This can be highly useful for reading disk images to install software or recover backup files. Notes: This tool is not supported by Microsoft; use at your own risk. Windows 8 users do NOT need this tool. Windows 8 natively supports ISO files. In Windows 8, you can simply open an ISO file and Windows automatically assigns it a drive letter and reads it as a virtual drive.”

Virtual CD-ROM Control Panel can be download from the following link.

• Read more
• No comments

Symptom

The following error message may appear during upgrading Exchange 2013 RTM (that reside on Windows 2012 Server) to Exchange 2013 RU1: “The Windows component RSAT-Clustering-CmdInterface isn't installed on this computer and needs to be installed before Exchange Setup can begin.”

 

 

Resolution

Using PowerShell with Administrator privilege invoke the following command:

“Install-WindowsFeature RSAT-Clustering-CmdInterface” & retry the Exchange 2013 RU1 installation

Note: A reboot may need to complete the installation.

For further information please review:

Installing the Failover Cluster Feature and Tools in Windows Server 2012

• Read more
• 1 comment(s)

“Use this scripts if you need to do one of the following - - Initial creation of mail enabled public folder objects in the destination Active Directory for public folder migration from Exchange 2007 or 2010 to Exchange 2013 - Synchronization of mail enabled public folder objects from cloud to on-premise Active Directory - Synchronization of mail enabled public folder objects from on-premise to cloud Active Directory - Synchronization of public folder mailbox objects from cloud to on-premise Active Directory.

For creating mail public folder objects in the destination Active Directory during migration, use the Export-MailPublicFoldersForMigration.ps1 and Import-MailPublicFoldersForMigration.ps1 scripts. For synchronizing objects for cross-premise public folder access, we recommend running these scripts every 30 minutes as part of a scheduled task. For detailed instructions on configuring Public Folder cross-premise access go to Technical Documentation

 

Export-MailPublicFoldersForMigration.ps1 Description - This script needs to be run by a local admin on the legacy (Exchange 2007 or 2010) Exchange server. Run the Export-MailPublicFoldersForMigration.ps1 to create the XML file containing the list of mail-enabled public folders from on-premise Active Directory. Usage - NOTE - Before running the script, copy the MailPublicFolders.strings.psd1 file in the same directory as the Export-MailPublicFoldersForMigration.ps1 script. .\Export-MailPublicFoldersForMigration.ps1 [path to mail public folder xml] • Path to mail public folder xml equals the file name and path on a network shared folder where you want the XML file saved. If you specify only the file name, the file will be generated in the current PowerShell directory on the local computer.

 

Import-MailPublicFoldersForMigration.ps1 Description - This script needs to be run remotely against the Exchange Online server (Exchange 2013). Run the Import-MailPublicFoldersForMigration.ps1 to import the list of mail-enabled public folders from on-premise Active Directory in the the XML file generated by the Export-MailPublicFoldersForMigration.ps1. Usage - NOTE - Before running the script, copy the MailPublicFolders.strings.psd1 file in the same directory as the Import-MailPublicFoldersForMigration.ps1 script. .\Import-MailPublicFoldersForMigration.ps1 [path to mail public folder xml] • Path to mail public folder XML equals the file name and path of the mail-enabled public folder XML file generated by the Export-MailPublicFoldersForMigration.ps1 script.

 

Import-MailPublicFolders.ps1 Description - This script needs to be run against the remote Exchange 2013 server to import mail public folder objects to the local Active Directory. Use this script for configuring cross-premise public folder access between two Exchange 2013 environments. Usage - Import-MailPublicFolders.ps1 -Credential [credential] -ToCloud • Credentials parameter specifies the tenant admin credentials. If running this script as part of a scheduled task, store these credentials in a variable and pass is to the script as follows Import-MailPublicFolders.ps1 -Credential $credentialVar -ToCloud • ToCloud is an optional parameter. Specify this only if your public folders are hosted on-premise and are configured for cross-premise access by cloud users.

 

Import-PublicFolderMailboxes.ps1 Description - This script needs to be run on the on-premise Exchange server to import public folder mailbox objects from cloud to the on-premise Active Directory. Use this script for configuring cross-premise public folder access between two Exchange 2013 environments or between Exchange 2007/2010 on-premise and Exchange 2013 cloud environment. Usage - Import-PublicFolderMailboxes.ps1 -ConnectionUri [cloud url] -Credential [credential] • ConnectionUri parameter is the Connection Uri to the O365 server. In most cases, the value for this will be https://outlook.office365.com/powerShell-liveID • Credentials parameter specifies the tenant admin credentials. If running this script as part of a scheduled task, store these credentials in a variable and pass is to the script as follows Import-PublicFolderMailboxes.ps1 -ConnectionUri [cloud url] -Credential $credentialVar “

 

Microsoft Exchange 2013 Public Folders Directory Sync Support Scripts can be download from the following link.

• Read more
• No comments

“IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Office 365. IdFix is intended for the Active Directory administrators responsible for DirSync with the Office 365 service.”

IdFix DirSync Error Remediation Tool 1.02 can be download from the following link.

• Read more
• No comments

The MDOP ADMX Installer delivers ADMX templates for MDOP products - UE-V and App-V. The ADML files for UE-V are provided for 11 languages and the ADML files for App-V are provided for 24 languages. Feature Summary: ADMX templates for MDOP Products App-V 5.0 and UE-V 1.0 allow the administrator to do the following:

• Centrally manage App-V 5.0 and UE-V 1.0 clients
• Control various client settings specific to App-V5.0 and UE-V 1.0
• UE-V ADML languages
  • Chinese Simplified
  • Chinese Traditional
  • English
  • French
  • German
  • Italian
  • Japanese
  • Korean
  • Portuguese (Brazil)
  • Russian
  • Spanish
• App-V ADML languages
  • Chinese Simplified
  • Chinese Traditional
  • Czech
  • Danish
  • Dutch
  • English
  • Finnish
  • French
  • German
  • Greek
  • Hungarian
  • Italian
  • Japanese
  • Korean
  • Norwegian
  • Portuguese (Brazil)
  • Portuguese (Portugal)
  • Russian
  • Slovak
  • Slovenian
  • Spanish
  • Swedish
  • Turkish”
  • Microsoft Desktop Optimization Pack Administrative Templates can be download from the following link.

• Read more
• No comments

Due the amount of reports on web sites (etc.) that was hacked in the last few days, I gathered a few tips & tricks for enterprises:

1. Disable all remote connections that using user / pass authentication technology (e.g. OWA, ActiveSync, VPN, RDP, etc.).

Note1:  In case that you cant disable OWA, please consider to implement the following steps:

a. Deploy Captcha on the OWA.

b. Disable access of privilege users to OWA.

c. Force password policy & account policy:

Enforce password history to 24
Maximum password age to expire passwords between 60 and 90 days
Minimum password length - 9 characters
Enable - Password must meet complexity requirements
Disable - Store password using reversible encryption
Account lockout threshold – 5 Tries for account lockout & release manually lockout account

Note2: As alternative authentication technology you can use OTP (One Time Password) or biometric authentication technology or PKI (Public Key Infrastructure) authentication technology.

d. Verify that end users password is unique and doesn't use in a public resource/s (e.g. Public emails, public community newsgroups etc.).

2. Disable all the remote tools that using by Webmasters / System Admin for remote management of the enterprise website/s.

Note: Don’t forget to to limit access to the DNS management tools that may provide by a third party service provider.

3. Disallow end users to save enterprise data in a public resource/s (e.g. Public emails, public community newsgroups etc.).

4. Consider to block access from unsafe IP’s to the enterprise resources.

Note: Before apply any restriction its recommended to get approval for this step from the legal department and the enterprise management.

5. Arrange a “Rapid Intervention Team” that can take technical and business decisions in a real time.

Note: Its recommended to created a pre – decisions to common scenarios. For example: How explain customers that enterprise web site / email system is down, etc. Moreover, its recommended to create a short drill to verify that the procedures that was created can work in the D Day.

6. Verify that the IPS (Instruction Prevention System) is updated with the latest attacked signature.

7. Arrange a list of critical contacts (e.g. ISP contact person, Israel Police Lahav 443 Computer Crime department, etc.).

8. Verify that the software &  hardware are using the latest patch version.

9. In the enterprise mail relay block file types that may consider unsafe. You can use the following list as start point:

Manage blocked file types in SharePoint 2013

10. Instruct end users to avoid opening unknown emails / SMS.

11. Its recommended to disable macro support in software like: Document editor tools, document reader tools, etc..

12. Consider to add automatic counter mechanism to the enterprise website that allow blocking users that initiate multiple connection in the same time / frequency connections. The automatic counter mechanism can slow down users that create frequency connections (I would like to thank Mr. Nir Izraeli for this tips).

13. Please remember that DDOS (Distributed Denial of Service) can initiate to common company resources (e.g. Website, email system, internet surfing line,etc.).

14. Deploy a strict data validation control in external and internal computer resources (e.g. internal portal, enterprise website, etc.). For further information please review OWASP Data Validation.

• Read more
• 1 comment(s)

“Microsoft System Center 2012 Configuration Manager SP1 supports the management of Apple Mac clients. The client for Mac computers allows you to discover, collect inventory, manage settings, and deploy applications and patches using your Configuration Manager environment.
Microsoft System Center 2012 Configuration Manager SP1 also supports the management of UNIX and Linux servers. The clients for UNIX and Linux extends the scope of your Configuration Manager environment to collect inventory, deploy software, and run reports about UNIX and Linux servers in your enterprise. The client operates as a workgroup client that is managed by Configuration Manager.
Feature Bullet Summary:
Mac Client:
The following Mac versions are supported in this release:

• Mac OS X 10.6 (Snow Leopard)
• Mac OS X 10.7 (Lion)
• Mac OS X 10.8 (Mountain Lion)

The following scenarios are supported through the Mac client in Microsoft System Center 2012 Configuration Manager SP1:

• Discovery – Discovers Mac OS X system in Active Directory and through network discovery
• Hardware Inventory – Provides hardware inventory and auditing of computers running Mac OS X, including a list of installed software similar to add/remove programs for Windows systems.
• Settings Management – Ensures computers running Mac OS X comply with company policies using scripts and preference list management.
• Application Deployment – Distributes required software via app model.
• Software Updates Management – Distributes patches utilizing Software Distribution and Settings management features.

UNIX/Linux Client:
The following UNIX and Linux versions are supported in this release.

• RHEL Version 6 (x86 & x64)
• RHEL Version 5 (x86 & x64)
• RHEL Version 4 (x86 & x64)
• Solaris Version 10 (x86 & SPARC)
• Solaris Version 9 (SPARC)
• SLES Version 11 (x86 & x64)
• SLES Version 10 SP1 (x86 & x64)
• SLES Version 9 (x86)

The following scenarios are supported by the UNIX and Linux clients:

• Hardware Inventory - Hardware inventory can be viewed through Resource Explorer and can be used to create collections of UNIX and Linux computers.
• Software Inventory - Through hardware inventory the list of natively installed software can be gathered from the UNIX and Linux computers - similar to add/remove programs for Windows systems.
• Software Distribution - Deploy new software, update existing software and apply OS patches to collections of UNIX/Linux computers (using a package and program). Run arbitrary maintenance scripts on a collection of UNIX/Linux servers.
• Secure and Authenticated Communications
• Consolidated Reports .”
• Microsoft System Center 2012 Service Pack 1 Configuration Manager - Clients for Additional Operating Systems can be download from the following link.

• Read more
• No comments

“The System Center 2012 Configuration Manager Upgrade Assessment Tool provides administrative users with information that they can use to determine if the computers that are managed by System Center 2012 Configuration Manager can run Windows 7 or Windows 8.

The Upgrade Assessment Tool provides the following functionality:

• -Retrieves device driver compatibility information for installed peripheral devices and creates reports that you can use to determine which device drivers need to be upgraded to support the Windows operating system.
• -Allows you to see which computers meet the recommended system requirements for Windows operating systems and to customize these requirements for your environments.
• -Creates summary reports that you can use to see an enterprise wide view of operating system upgrade readiness.
• -Allows you to create dynamic collections for an operating system deployment. The collection query rules can be based on system requirements, application compatibility status, and device driver status.”

System Center 2012 Configuration Manager Upgrade Assessment Tool can be download from the following link.

• Read more
• 2 comment(s)