|
 |
|
|||||||||||||||||||||||||
|
Scripting Pro VIP 
[Feature]  "OEM Software": Good Deal or Theft? How do those "OEM software" guys sell software so cheaply? — Mark Minasi “Shipping Is a Feature…” Argh. Mark laments the fact that Microsoft considers shipdate to be an important feature of its Windows Hypervisor product. — Mark Minasi 10 Reasons Not to Deploy Windows Vista The decision to upgrade to Vista has to make business sense, but many companies find the costs in training and application compatibility problems outweigh any benefits Vista brings. — Alan Sugano 10 Reasons to Deploy Windows Vista The decision to upgrade your XP systems to Vista is simple when you consider features such as easier backup, a great desktop search, and vastly improved security options. — Mark Minasi 4 Ways to Help PowerShell Find External Tools Learn how to help PowerShell locate external tools, saving time and keeping you organized. — Alex K. Angelopoulos 5 Ways to Trim Your IT Budget Standardizing IT equipment is the first step toward making reduced IT budgets stretch further. — Mark Smith A Healthy Dose of Windows Server 2008 Wariness Microsoft will probably release Windows 2008 to manufacturing by October or November of this year, at the latest. And, you see, that's why I'm worried. — Mark Minasi Access Security Event Logs with PowerShell See how using Windows PowerShell with Windows Security event logs can help you guard against intrusion. — Robert Sheldon Accessing Database Data with ADO — Robert Sheldon Accessing SQL Server Data from PowerShell, Part 1 Learn how to use ADO.NET to retrieve SQL Server data through PowerShell scripts. — Robert Sheldon Accessing SQL Server Data from PowerShell, Part 2 Because PowerShell is integrated with the.NET framework, you can leverage the .NET object model within PowerShell scripts and build ADO.NET objects that retrieve SQL Server data; learn how to use ADO.NET to insert, update, and delete SQL Server data. — Robert Sheldon Am I Who I Say I Am? David Chernicoff explains the advantages of authenticating email as a way to combat spam. — David Chernicoff App-V Security Use App-V's SystemGuard, MSI utility, and Sequencer to deploy virtual applications seamlessly in secured environments, protecting the integrity of desktops and terminal servers. — Russell Smith Are Recycle Bins Wasting a Lot of Space on Your Windows Servers? Here's a VBScript script you can use to monitor how much disk space is being consumed by the Recycle Bins stored in a server's Recycler folder and how much space is available on that server's local hard drives. — Jim Turner Attention Windows 7.0: Please Don’t Interrupt Me! Mark yearns for a more polite Windows. — Mark Minasi Backing Up and Restoring Microsoft Exchange Server 2007, Part 1 NTBackup and simple Windows PowerShell commands can help bring your data back when the unthinkable happens — Nathan Winters BitLocker and AD, Together at Last Here's what you need to know about BitLocker/AD integration. — Mark Minasi Can Slow-and-Steady Win the Wireless Race? Mark proposes a new, more user-friendly wireless standard. — Mark Minasi Cell Phone–and-PDA Combo Devices Mark Smith checks out some of the current cell phone–and-PDA combinations. Find out what product he finally chose and why. — Mark Smith Certifications: Pass or Fail? A discussion of the pros and cons of vendor-sponsored certifications. — Mark Minasi Connect Microsoft Email Clients to Gmail Gmail is a powerful email server that supports millions of mailboxes. Use IMAP to connect Outlook or other email clients to Gmail to create the best of two worlds—well-developed email UIs in popular clients with a good (and free) email server. — Tony Redmond Countdown to XP SP2: Dealing with ICF Mark continues his evaluation of one of XP SP2's biggest features: enabling ICF by default. — Mark Minasi Countdown to XP SP2: Forced Protection Windows XP Service Pack 2 (SP2) is nearly here. In the next four installments of his VIP column, Mark considers the pros and cons of some of the changes that SP2 will bring. — Mark Minasi Countdown to XP SP2: More than a Firewall After an in-depth discussion of Windows XP Service Pack 2's (SP2's) Windows Firewall, Mark examines some of the service pack's other interesting features. — Mark Minasi Countdown to XP SP2: Planning Ahead Mark continues his look at the forthcoming Windows XP Service Pack 2 (SP2) Windows Firewall feature. — Mark Minasi Data Manipulation with ADO ActiveX Data Objects (ADO) let you access, filter, sort, and retrieve data from Microsoft SQL Server and Microsoft Access databases using VBScript and other scripting languages. Here are some of the most common uses of ADO for databases. — Robert Sheldon Deployment Blockers for Upgrading to Exchange Server 2007 Avoid the gotchas and ensure a successful upgrade. You’ll need to be clear on AD topology, and then deal with deployment issues with public folders, client software, archival and retention, fax, mobility, and coexistence with other Exchange versions. — Paul Robichaux Disaster Recovery in the Wake of Katrina Mark's thoughts turn to disaster recovery in the wake of a devastating tragedy. — Mark Minasi Disks, Spin No More What's interesting about PQI's announcement of its new hard disk? It's a solid state disk. — Mark Minasi Do Betas Make Sense Anymore? Mark suggests that betas don't make sense as testing tools anymore. — Mark Minasi Don't Let Daylight Saving Time Sneak Up on You By simply double-clicking GetDLSDates.vbs, you can get a reminder of when daylight saving time begins and ends in the current year. Without having to change any code, this script will work the same year after year. — Jim Turner DPM 2007: Protecting and Restoring Data DPM 2007 uses Microsoft VSS to provide in-depth protection to your key Microsoft application platforms. Learn about setting up recovery points and restoring data, enabling end-user restores, and performing bare-metal restores. — John Savill DPM 2007: Set It Up and Get Started Get all the information you need about what Microsoft System Center Data Protection Manager is and how it works, and walkthrough the installation and setup process for DPM 2007. — John Savill Dual-Core Turions: A Nice, Cool Surprise Here's a quick look at how AMD and Intel are taking advantage of something called "nonlinear heating rates." — Mark Minasi Enhance PowerShell's Syntax Display The author’s Get-Usage script displays usage for more categories of command types than PowerShell’s Get-Command or Get-Help cmdlets. — Alex K. Angelopoulos Establishing Quotas for Exchange 2007 Mailboxes Learn the important factors to consider when setting Exchange 2007 mailbox quotas, including disk performance, database overhead, and backup-window limitations. You'll also get practical formulas to determine your maximum mailbox and database volumes. — Brien Posey Exchange 2003 SP2's Direct Push Technology Learn about Direct Push, an Exchange 2003 SP2 feature that pushes email to a mobile device from an Exchange server while conserving bandwidth and minimizing mobile-service charges. — Nathan Winters Exchange 2007 Deployment Postmortem Learn from someone else's Exchange 2007 migration experiences. — Michael Dragone Exchange 2007 SP1 and OCS 2007: What You Get Exchange 2007 and OCS 2007 are complementary parts of Microsoft's UC strategy. Exchange 2007 SP1 enhances this relationship with features such as additional dial plan options, better fax handling, and Communicator access for remote workers. — Paul Robichaux Exchange 2007 SP1's Standby Continuous Replication You can add site resilience to your Exchange organization by implementing SCR with Exchange 2007 SP1. Find out the steps for setting up SCR and what you need to do to recover in the event of a failure. — Tony Redmond Exchange 2007 Transport Rules Implementing Exchange Server 2007’s new transport rules feature makes complying with regulatory requirements easier than in Exchange Server 2003 or Exchange 2000 Server. Learn how to use transport rules to add a disclaimer and apply an ethical firewall. — Tony Redmond Exchange Management with EMS: Fundamental Concepts With PowerShell's basic syntax and consistent grammar, managing your Exchange systems through EMS is easier than you might think. — Paul Robichaux Exchange Management with EMS: Getting Exchange Objects You can use EMS to retrieve any type of Exchange object and its properties, then use the pipelining feature to pass results to another command. Be sure your scope is correct. — Paul Robichaux Exchange Management with EMS: Setting Properties Exchange Management Shell lets you set mailbox quotas, establish maintenance cycles, and manage every aspect of your Exchange environment, and built-in safety features help you get into property manipulation without fear of breaking anything. — Paul Robichaux Exchange Management with EMS: Turning Actions into Scripts Learn how to construct PowerShell scripts through Exchange Management Shell to automate common Exchange Server tasks by using things such as relational and logical operators, evaluative statements, and loops. — Paul Robichaux Exchange Server 2007 for Exchange 2003 Admins, Part 1 A redesigned architecture has given us a new set of management tools that you need to learn how to use. — Brien Posey Exchange Server Database Integrity Learn how Exchange keeps tabs on database integrity, and see how you can use Eseutil and Isinteg to rectify any problems. — Michael B. Smith Exploring CAS Technology Learn the core concepts of the .NET Framework's Code Access Security (CAS) feature and how to administer it. — Jan De Clercq Feeling Sorta Blue, Ray It’s the great next-generation DVD format war: Blu-ray or HD DVD, which will win? After the past couple of weeks, I think we all know which will be victorious, and it worries me a trifle. — Mark Minasi Finding a User’s Last Logon The JScript script this article presents lets you discover exactly when a user last logged on to the domain. It also tells you which server authenticated the logon, and it doesn’t require Windows Server 2003 forest functional mode. — Bill Stewart Function Creates Multidimensional Arrays from Delimited Text Files You don’t have to write a separate routine for text-based processes to arrange data into a usable form—use this VBScript script to create a multidimensional array of the data to reference it by rows and columns like a database. — Jim Turner Future Computing in the Past Mark makes a few suggestions for fun holiday reading, IT style. — Mark Minasi Get Compliant with Exchange Server 2007 Journaling Regulatory compliance and internal audit policies force many organizations to journal email messages, voicemails, and fax messages. Exchange Server 2007 makes journaling easy by establishing managed journal rules enforced through the Hub Transport server. — Siegfried Jagott Getting Started with Exchange 2007 UM UM with Exchange Server 2007 combines email, fax, and voicemail in your Exchange Inbox. Using Exchange Management Console, you can configure the settings to get your organization unified. — J. Peter Bruzzese Getting Started: Remote Administration Learn how to install and run Microsoft terminal services tools. — Kathy Ivens Getting the Dell Express Service Code DellSerial.js can shorten the call time required when you need to work with Dell's technical support team. This script also demonstrates how JScript is sometimes easier to use than VBScript. — Bill Stewart Group Policy Made Great The Group Policy Management Console will greatly improve Group Policy but doesn't go far enough. Mark Minasi offers suggestions for improvements. — Mark Minasi Has Outlook Become Inlook? Mark turns cynical when answering the question, Why is Outlook regressing? — Mark Minasi Hawking Certification Like Light Beer Mark disusses his appalled reaction to a prurient advertisement for an MCSE boot camp. — Mark Minasi How About a Rational Vista License? How does Microsoft get away with its software licensing, given US copyright law? — Mark Minasi How to Easily View the Extended Properties of Files Windows Server 2008 and Windows Vista have seven times more file properties than their predecessors. Here's how you can easily select and view the properties you're interested in seeing, no matter whether you're using the newest or an older OS. — Jim Turner How to Find Constants and Their Values Because of the COM technology behind scripting objects, scripts don’t get access to any constants’ values embedded in those objects. Here are several ways to obtain those crucial values. — Alex K. Angelopoulos How to Implement SDI Using IPSec in a Mixed Environment This step-by-step guide shows you how to configure UNIX and Linux OSs to use IPSec with preshared keys so that Server and Domain Isolation (SDI) is supported for both outgoing and incoming connections. — John Howie How to Multi-Thread VBScript Scripts What can you do when you want to check your servers every 60 minutes but your script takes 90 minutes to run against all your computers? Try MultiThreader.vbs. This script executes a worker script in parallel processes, simulating multi-threaded behavior. — Chris Scoggins How to Preload Commands in a Command Shell Window Learn how to preload commands and change the color of the command shell window. — Dick Lewis IIS 6.0 Improvements Learn how Windows .NET Server 2003 improves the quality of IIS 6.0. — Michael Otey In Praise of Canon Printers Recently, I’ve experienced what you might call a paradigm shift. I’ve abandoned Epson and HP printers in favor of Canon printers. I didn’t make this decision lightly. In fact, you might say I didn’t make the decision at all: Epson and HP made it for me. — Mark Minasi Integrating Exchange Server 2007 and SharePoint Server Learn how to configure Microsoft Office SharePoint Server (MOSS) to work with Exchange Server and Outlook Web Access (OWA) so your organization can use an intranet to easily share documents. — Brien Posey Introducing the ADSI Edit Utility When Active Directory replaces the Directory Store in Exchange 2000, the ADSI Edit utility replaces using Exchange Administrator in raw mode as a means for interacting with directory data at a low level. — Tony Redmond Introduction to ADO Learn about the primary ADO objects--Connection, Command, Parameter, Recordset, and Field--and follow example scripts that demonstrate how to use ADO within VBScript. — Robert Sheldon Introduction to DNS Configuration for Exchange Admins Every Exchange administrator should know some DNS basics. This includes understanding how DNS should be configured for Exchange and how to verify that DNS has been configured properly for your domains. — Michael B. Smith Keep Track of BlackBerry PINs the Easy Way BlackBerry PIN maintenance is a complex and arduous task. Here’s a script that automates the process of initially obtaining PIN information, then keeps that information up-to-date. — Joseph Neubauer List Locally Logged-on Users Query locally logged-on users with this handy JScript script. — Bill Stewart Making PowerShell's Out-Printer Cmdlet Easier to Use The names that Out-Printer uses to identify printers aren’t obvious and aren't directly available to you in PowerShell. Here are several ways you can obtain and make printer names available to your code with no copying and pasting and minimal typing. — Alex K. Angelopoulos Managing IP Routes Through WMI You can use WMI to remotely view and manage IP routing tables on your Windows Server 2003 and Windows XP systems. — Alain Lissoir Managing Mailboxes with Exchange Management Shell You can easily accomplish mailbox management tasks with Exchange Management Shell. You can create new mailboxes; view, set, and change mailbox properties; and control permissions, all either in bulk or on individual mailboxes. — Paul Robichaux Managing Secure Database Connections with SQL Server Learn how to use SQL Server to protect your valuable data and create and manage secure database connections. — William Sheldon Microsoft CRM for the .NET Environment Microsoft enters the customer relationship management (CRM) market with a product that leverages the Microsoft .NET platform. — John D. Ruley Microsoft Lowers Its Standard, To Enterprise’s Gain Is Microsoft quietly raising the price of the Windows Server OS? In fact, is the company, in effect, quadrupling the price? — Mark Minasi Microsoft's Antispyware Gambit Mark thinks Windows AntiSpyware might fail if Microsoft doesn't keep in mind three considerations: assurance of no surprise fees in the future, ease of deployment, and Group Policy integration. — Mark Minasi Modernizing Exchange Server Backup and Recovery Traditional tape-based backups have problems with performance and recovery options, but disk-to-disk-to-tape and Microsoft VSS–based solutions can help you modernize your backup system. — Brien Posey Moving Away from PSTs Getting users to stop using PSTs won't be easy, but with planning—and the right tools—you'll be able to manage this difficult transition. — Brien Posey Moving to Windows 2003? Be Prepared to Dig Deep Mark Minasi tells you what you need to know about Windows Server 2003 and licensing. — Mark Minasi New Features Freshen OWA in Exchange Server 2007 SP1 A slew of improvements to Outlook Web Access, such as a more robust OWA Light, personal DLs, and new or improved support for WebReady Document Viewing, S/MIME, public folders, and monthly calendars, give your end users a better Outlook webmail client. — Brien Posey Nowhere Left to Grow No more COMDEX; Microsoft giving away cash ... what's going on? — Mark Minasi Palmed Off Mark laments Palm's decline in usability. — Mark Minasi Parsing Error Codes Errors happen but sometimes displayed error messages aren't the easiest format to read. ErrorParser.hta solves this problem by converting decimal, hexadecimal, and negative-number system and network error codes into standard error messages. — Bill Stewart PowerShell One-Liners for Accessing WMI Windows PowerShell can help you efficiently manage WMI objects. You can get started by learning just a few basic commands. — Robert Sheldon PowerShell One-Liners for Managing Events Quick commands let you easily work with the event logs on a local or remote system. — Robert Sheldon PowerShell One-Liners for Managing the File System Windows PowerShell offers all the commands you need to manipulate files and folders on your file system. Here are some of the common functions you might need to perform. — Robert Sheldon PowerShell Script Lists Group Hierarchies in Any LDAP Directory You can extend PowerShell's capabilities by taking advantage of the Microsoft .NET Framework. If you work with non-Microsoft LDAP directories, one particularly useful .NET tool is the System.DirectoryServices.Protocols namespace. — Ethan Wilansky , et al. Preparing for Office Communications Server 2007 OCS can be a bear to install, so make sure you're ready before you start. — Brien Posey Produce Pivot Tables Programmatically Creating pivot tables in Excel just got easier. — Jim Turner Reading Delimited Files Using ADO Find out how to set up ADO and Microsoft's Jet OLE DB text driver so that you can use them to read delimited files. — Bill Stewart Refining Your Exchange Management in the Shell Exchange administrators can benefit from using server-side filters and running PowerShell scripts in batch mode to manage Exchange Server 2007. — Tony Redmond Reflections on the PC's 25th Birthday Sure, the PC has been successful, but has it lived up to its potential? — Mark Minasi Repair Network Connections from the Command Line This RepairNetwork script offers a quick, quiet command-line alternative to a laborious GUI process. — Alex K. Angelopoulos Requiem for WinFS Learn about three enticing—but dropped—features that WinFS would have brought to the Longhorn feature list. — Mark Minasi Rest in Peace, ACS What's the hang-up with ACS? As far as Mark can see, it's an indispensable tool. Unfortunately, Microsoft has changed its release plans. — Mark Minasi Running the Small Mobile Office…Almost Keeping in sync with your small office isn't as easy as it sounds. — Mark Minasi Saving the Internet If the Internet really was a highway, maybe traveling it would be safer ... — Mark Minasi Script Inventories Remote Computers and Writes the Information to a Database If you often need inventory information about the remote computers you manage, check out Computer_Inventory.vbs. With this script, all you need to do is create an input file, run the script, then query the database that the script creates. — Readers Scripting Data Flow in SQL Server Integration Services Use the Script component to create a custom script that extends your SSIS package. — Robert Sheldon Secure Email with S/MIME S/MIME and Outlook make it easy to provide persistent, end-to-end encryption for email messages once you've designed and deployed an underlying certificate-handling mechanism. — Jan De Clercq Security and the "Booga-Booga" Factor Are security professionals providing a service or just securing their own jobs when they claim that no company can be sure its data is secure? — Mark Minasi Security-Obsessed Vista Makes Your Computer Top Secret Even the most casual observer of Windows Vista walks away with the impression that Microsoft is really attempting to secure this OS. — Mark Minasi Setting Up Exchange Management Shell Here are a few tips on getting Exchange Server 2007's Exchange Management Shell to look and perform the way you want it to, including making sure your AD searches have the right scope. — Tony Redmond Simplify Security Reporting Using Audit Collection Services Follow the steps to set up Audit Collection Services, a Microsoft System Center Operations Manager 2007 reporting feature, then start using it to streamline security event-log auditing on your servers. — John Howie Simplify Your Exchange 2007 Transition Transitioning to Exchange Server 2007 need not be daunting, if you do so in an orderly way. Set a comfortable coexistence period, use ExBPA to flag potential issues, and install server roles and move mailboxes in an optimum sequence. — J. Peter Bruzzese Sometimes, Convergence Works — Mark Minasi Stomp Out Dragware? Sick of hidden autostart programs? — Mark Minasi Strategies for Migrating Public Folders to SharePoint Your public folder migration to SharePoint requires a strategy, careful planning, and the right tools. And that's just the beginning. The process for getting rid of public folders is straightforward, but it pays to work through the steps carefully. — Paul Robichaux Testing Exchange Server 2007 Use PowerShell commands to manage and test Exchange 2007 objects such as mailboxes, servers, and distribution groups. — Tony Redmond The (Timely) Fall of Static IP — Mark Minasi The Business Process Engine How can IT keep up with all the revolutions in computing? There are two developments in software that will meet the challenge: SOA and BMP. — Barry Briggs The Day the Cell Phones Stood Still Could this year's Cabir worm be a sign of things to come? — Mark Minasi The Event Log Query Utility This HTML Application lets you query a variety of machines for a variety of event types. — Jim Turner The Great Question of Vista SP1’s Ship Date Let's not pressure Microsoft into releasing Vista SP1 as quickly as possible. Haven't we learned our lesson? — Mark Minasi The Group Policy Management Console Run—don't walk—to the Microsoft site to download the GPMC. Its many neat features include a folder-free view of GPOs and a GPO backup and restore capability. — Mark Minasi The Importance of Expert Systems When Buying Systems Mark laments the impossibility of buying a system that's expertly configured to his needs. — Mark Minasi The Magnificent Six Take a few minutes to get these 6 Microsoft downloads. — Mark Minasi The Microsoft Remedy Mark Smith plays judge for a day and proposes remedies that would have increased competition and fairness while protecting Microsoft’s right to innovate. — Mark Smith The Soul of Windows, Revisited Readers and Microsoft executives alike had plenty to say about Mark Smith's recent article regarding Microsoft's abandonment of Windows administrators. — Mark Smith The Year of the Database Worm? Don't be afraid of running a database server, even if it's MSDE. Just stay on top of the patches and be aware of where your servers are. — Mark Minasi Time for a Fourth Type of Event Log Entry Mark finds it troubling that a small AD environment's DCs are prone to worrisome and time-consuming--and ultimately innocuous--error messages. — Mark Minasi Time for a New Year’s Upgrade! Mark's New Year’s resolution is to fend off an old adversary: disk space. — Mark Minasi Top 10 Exchange Server 2007 Troubleshooting Tools Hundreds of utilities are available to troubleshoot Exchange Server problems, including database, mail flow, and performance issues. Here are my top 10 utilities to identify and solve network problems. — Brien Posey Top 12 Features of Exchange Server 2007 SP1 Take a tour through one Exchange administrator’s top 12 favorite features in Exchange Server 2007 SP1. In this unusually feature-rich service pack, the number one pick is the ability to install Exchange 2007 SP1 on Windows Server 2008. — Damir Dizdarevic Tracking Messages in Exchange 2007 Use PowerShell commands to interrogate message tracking log data directly. — Tony Redmond Troubleshooting Exchange ActiveSync Solve mobile device synchronization problems in Exchange Server 2003 with these tips and a free Microsoft tool that you can use for problems related to Exchange ActiveSync (EAS), Always Up to Date (AUTD), and mobile messaging in general. — Brien Posey Understanding IIS 7.0 Authentication Microsoft IIS 7.0 provides more methods for limiting access to your web server, and its componentization feature lets you select only those authentication types you want to enable. — Jan De Clercq Unify UPNs! — Mark Minasi UNIX Migration Trends A recent ChangeWave Research survey reports that more and more IT managers are migrating their systems from UNIX to Windows. — Mark Smith UPHClean Provides Faster Logoffs For All Microsoft has quietly released the User Profile Hive Cleanup service. — Mark Minasi Use Group Policy to Distribute JRE With Its Automatic Update Feature Disabled JRE's automatic update feature can cause a lot of headaches for network administrators. Instead of taking aspirin after the fact, administrators can be proactive and prevent problems by following five simple steps. — Bill Stewart Use Scripts to Automate Windows Utilities Use scripts to automate and improve your control over Windows utilities, such as NTBackup and Dfscmd. — Alistair G. Lowe-Norris Using Exchange and Outlook's New Message-Classification Feature In Microsoft Exchange Server 2007 and Microsoft Office Outlook 2007, you can classify email messages and use transport rules to ensure that sensitive communications reach only their intended recipients. — William Lefkovics Using MRM to Manage Mailboxes Use managed folders to help users in your Exchange organization clean up and organize their mailboxes and retain messages that should be saved to comply with legal and security regulations. — J. Peter Bruzzese Using Saved Queries for Active Directory Management Saved queries let you create, save, and organize queries that you'll use repeatedly for administering AD objects. Learn how to create basic queries with the wizardlike interface and custom queries using LDAP strings for more advanced searches. — Jim Turner Using the Shell to Manage Exchange 2007 With many administrative tasks gone from the GUI, Exchange administrators will need to get familiar with doing things through Exchange Management Shell. Find out how to use scripts to manipulate mailbox statistics into useful output. — Tony Redmond Using WMI to Monitor AD Learn how to use WMI to monitor AD group modifications. — Alain Lissoir Virtualization Delivers Exchange Disaster Recovery Virtualization technology can play a key role in an Exchange disaster recovery plan, as an IT administrator discovered when he restored an Exchange cluster using VMware Server. — Eric B. Rux Vista Migration: Things I Wish I’d Known This candid account of a Windows Vista migration can help you figure out what to expect in your own environment and how to deal with—or avoid—common mistakes. — LJ Zacker Vista RC1 Pleasantly Surprises Mark has a change of heart regarding Vista, thanks to the latest build. — Mark Minasi Vote with Computers? I’d Sooner Let Them Do My Driving — Mark Minasi We’re Not High-Tech, We’re High-Connect Mark wonders, “Why does everyone still think that computers are ‘high tech,’ particularly given how little really new stuff arrives?” — Mark Minasi What Applications Are Installed on the Computers in Your Network? If you often need to identify the software that's installed on the computers in your network, here's a PowerShell script you can use to easily audit one or more computers. — Bill Stewart What's So Great About Longhorn? In case you haven't been following the Longhorn buzz, here's what three of its most promising features will do. — Mark Minasi What’s So Great About R2? FRS! Kind of ... Mark rethinks his criticism of R2 and the value of FRS. — Mark Minasi What’s So Hard About a Service Pack? Mark laments Microsoft's refusal to release Win2K Service Pack 5 (SP5). — Mark Minasi What’s Your Computer Name? Create custom attributes in Active Directory to search for computer names, as well as the name of the user who last logged on, to improve security, inventory tracking, and Help desk support. — Aaron Goldrick Where's the Response to "Get a Mac"? Mark is starting to get fed up with those Mac vs. PC commercials. Why has Microsoft been so slow to respond? — Mark Minasi Whip Script Data Into Shape Two simple functions let WSH scripts export dictionary data to an XML file and read it back with no extra work. — Alex K. Angelopoulos Who Is R2’s Audience? — Mark Minasi Why Don't All Developers Sign Their Apps? Mark Minasi muses on why so many software vendors don't use digital certificates on their applications. — Mark Minasi Widescreen Wishes Widescreen displays are full of potential. Here's an idea that would make them much more attractive to networkers. Are you listening, Microsoft? — Mark Minasi Windows 2003 Gems Should you bother upgrading to Windows Server 2003? Mark points to stub zones and conditional forwarding as two reasons why you should. — Mark Minasi Windows Administrators’ Top Three Wishes Microsoft addresses long-standing requests from Windows administrators with each release of its server product--but Mark Minasi claims the company still has work to do. — Mark Minasi Windows PowerShell Transforms Exchange Server 2007 Management PowerShell lets you customize your Exchange 2007 management environment—but first you need to learn to speak the language. A consistent, logical syntax and extensive, accessible Help let you ease gracefully into the scripting world. — Tony Redmond Windows Rights Management Services Microsoft's new Windows Rights Management Services (RMS) lets users lock down documents, email messages, and Web content like never before. — John Howie Windows Server 2008, the Ultimate Desktop OS John Savill shares a step-by-step process for making Windows Server 2008 a functional OS. — John Savill [Reader to Reader] Copy Group Memberships from One AD User to Another CopyMembership.vbs is a real time-saver if you need to copy group memberships. Even if you don't, you'll likely find its dn function a handy piece of code for your scripting toolbox. This function converts usernames into distinguished names (DNs). — James Lim [Editorial] Software Assurance Isn't Reassuring Although SA is marketed as a two-way street, its benefits are heavily weighted in Microsoft's favor. — Michael Otey WinFS’s Intelligent File System Makes Sense Mark looks at the change-the-world part of WinFS: non-file items. — Mark Minasi [Feature] 10 Tips for a Painless Exchange 2000 Migration Migrating from Exchange 5.5 to Exchange 2000 doesn’t have to be a painful process. Just follow these 10 tips. — Jim McBee 10 Tips for Taking Exchange on the Road If you work remotely, you can configure server-based folders for offline use, and then either work remotely or synchronize your offline folders with the folders on the server. Here's how to work offline most effectively. — Tony Redmond 5 Things They Never Told You About the ADC Learn how to work around the Active Directory Connector's quirks as you use the ADC to synchronize the Exchange Server 5.5 Directory with Active Directory. — Kieran McCorry 5 Things You Should Know About Exchange 2007 These five points will help you design and deploy your Exchange 2007 architecture. — Paul Robichaux 6 Common Backup and Restore Mistakes Avoid these common errors to keep on top of your Exchange backup and restore operations. — Paul Robichaux 6 Reasons to Try Exchange 2000 Now Exchange 2000 Server is different from its predecessors. Here's why you need to start working with it right away. — Tony Redmond 6 Steps to Prepare Win2K for Exchange 2000 Exchange 2000 is closely integrated with Windows 2000. What do you need to do to make the integration proceed smoothly? — Dung Hoang Khac 7 Daily Checks to Keep Exchange 2000 Running Smoothly Monitor your Exchange 2000 system daily so that your workdays don’t deteriorate into an endless cycle of reacting to problems. — Joseph Neubauer 7 Things You Need to Know About SharePoint Services Are you the go-to person for all things SharePoint? If so, you would do well to heed these seven essential nuggets of SharePoint wisdom. — Randy Franklin Smith 8 Tips for the Solo Exchange Administrator Are you the sole Exchange administrator in your company? These eight tips will help you cut to the heart of the matter and maintain an effective system. — Paul Robichaux 8 Ways to Improve Your Exchange Cluster, Part 1 This is the first of two articles that describe the steps to a better Exchange cluster. — Daragh Morrissey 8 Ways to Improve Your Exchange Cluster, Part 2 In the second of two articles, learn four more areas--configuration, security, failovers, and service packs--that can influence the effectiveness of your Exchange cluster. — Daragh Morrissey A Closer Look at Exchange Best Practices Analyzer Exchange Best Practices Analyzer (ExBPA) performs its seemingly magical analysis of an Exchange organization by using a detailed, Microsoft-supplied configuration file. Learn more about this file and the latest version of ExBPA. — Kieran McCorry A Novel Approach to Synchronizing Exchange Organizations When you need only to establish mail flow and exchange address lists between Exchange Server 5.5 servers with different organization names, you can leverage Exchange Server's functionality to act like a Microsoft Mail post office. — Frank Plawetzki A Public Folder Checklist Streamline your public folder deployment with these tips for setting up the hierarchy, granting top-level permissions, assigning user permissions, and sharing folder content. — Drew McDermott A Tricky Migration to Exchange Server Migrating users from a foreign email system to Exchange requires keeping track of user information and understanding the relationship between domain SIDs, machine accounts and names, and the information in the Exchange Directory Store. — Drew McDermott A Viral Survival Checklist Email computer viruses are proliferating. Here are 13 actions you can take to protect your organization. — Evan Morris Accountable Email Add accountability and tracking to your company's email system. — Joseph Neubauer Active Directory Connector Redux Take a close look at a few ill-documented or barely publicized aspects of the ADC that nevertheless have significant importance for Exchange administrators. — Kieran McCorry ADC Filtering and Object-Matching Learn two techniques for selective directory synchronization with the ADC. — Kieran McCorry Address Rewriting in Exchange Server 2003 New address-rewriting functionality in Exchange 2003 lets you easily map your users' addresses to other addresses. — Donald Livengood Administering Exchange Server in a Cross-Platform Environment Learn basic strategies for administering cross-platform mail systems with as little trouble as possible. — Brien Posey An Exchange 2000 Disaster Recovery Learn from the author's experience as he troubleshoots a corrupt mailbox store caused by a hardware failure, then restores the database. — Daragh Morrissey An Exchange 2003 Journaling Primer If storing all your users email indefinitely is the bane of your existence, especially in these days of heavy regulatory compliance, read this article to find out more about Exchange 2003 message journaling. — Kieran McCorry Are You Listening, Lotus? Tony Redmond believes that Lotus has misinterpreted some of his comments about Exchange. Tony sets the facts straight. — Tony Redmond Automatically Create User Accounts and Mailboxes in Exchange 5.5 You can use ADSI, WSH, and the AcctMgmt class to automate the process of creating Exchange 5.5 mailboxes and user accounts in either an AD or NT domain. — Ethan Wilansky Automatically Delete User Accounts and Mailboxes in Exchange 5.5 Use ADSI and VBScript to automate the process of deleting Exchange 5.5 mailboxes and user accounts in either an AD or NT domain. — Ethan Wilansky Automatically Generate Mail Profiles As Benjamin Franklin said, "Time is money." Here's a solution that saves money by automating the time-intensive task of configuring Outlook 2003 mail profiles to reference users' mailboxes. — Joseph Neubauer Background Maintenance for Exchange Servers Exchange Server performs multiple maintenance tasks, typically at night, to keep the mail server performing well with limited downtime. — Tony Redmond Backing Up an Exchange Server Learn how a backup works, review several backup methods, and think about a strategy, and look at some helpful Exchange utilities. — Mark Ott Beef Up Security for Your Mobile-Device Fleet Now you can lock down your fleet of mobile computing devices and perform remote wipes. Get the lowdown on installing Exchange Server 2003 SP2 and configuring MSFP for Windows Mobile 5.0, and ensure better security for your mobile devices. — Randy Franklin Smith Better OWA Attachment Security OWA is a handy tool for remote users, but its attachment handling leaves networks vulnerable to malicious code and intruders. Here are some tips to reduce the risks. — Paul Robichaux BlackBerry 4.0 Tips and Tricks Dig into some tips and tricks that you can use to get a handle on your BlackBerry-related tasks. — Joseph Neubauer BlackBerry Enterprise Server 4.0 Should you upgrade to the new version of BES? The short answer is yes. — Joseph Neubauer BlackBerry Enterprise Server Day to Day If you have users who rely on BlackBerry devices, you should understand how these handheld devices work and how to monitor them and troubleshoot their problems. — Joseph Neubauer BlackBerry Enterprise Server's New Features, Part 1 New features in BES 3.6 and BES 3.5, including policies that let you secure BlackBerry devices, make upgrading to these software versions worthwhile. — Joseph Neubauer BlackBerry Enterprise Server's New Features, Part 2 BES 3.6 and BES 3.5 offer enhancements that your BlackBerry users have probably been asking for: the ability to read attachments, look up names in the GAL, synchronize more easily, surf the Web, and access corporate data. — Joseph Neubauer Blocking Client Access to Exchange Servers Discover how you can prevent your users from accessing an Exchange server while the system is running. — Tony Redmond Build an Email-Discovery Plan More than likely, your company will have to produce saved email messages in a court case or compliance investigation. Use these ideas to develop your own email-discovery plan and learn about tools that can facilitate e-discovery for Exchange admins. — David Sengupta Build an Exchange 2003 Cluster: Install Exchange on the Cluster Have you wanted to run Exchange on a cluster but haven't had the nerve to try? Here's help: Use these easy-to-understand instructions as your guide in installing Exchange Server 2003 on a Windows Server 2003 cluster. — Daragh Morrissey Build an Offline Exchange 2000 Server in 9 Steps An offline copy of your production Exchange server can be invaluable. Find out how you can use it and how to build one. — Joseph Neubauer Build Quality into an Exchange 2000 Environment By using provisioning tools and services, you can repeatedly produce the same result—properly built and configured servers and applications—throughout an Exchange 2000 environment. — Evan Morris Bulk Object-Manipulation in Exchange 2000 With Exchange 2000’s switch from the DS to AD, you need a new method for manipulating user objects in bulk. A few Win2K tools provide the answer. — Barb McDonald Calendaring: Understanding the Client Side Do you wonder why you can't always share calendar information within your group? Find out how Outlook handles appointments and what you can do to improve calendaring performance. — Siegfried Jagott Canning Spam You need to know how the new federal antispam law affects your messaging operations. To help you stay on the right side of the feds, we present the law's finer points and explain some provisions that your users should understand. — Paul Robichaux Cleaning Up Public Folders Microsoft plans to replace public folders with another repository in a future release of Exchange. Using PFDAVAdmin now will help you prepare for the transition. — Tony Redmond Closing Out Exchange Mailboxes These nine configurations and options can help you deal effectively with former employees' mailboxes. — Joseph Neubauer Command-Line Mailbox Creation Learn how you can use a script to create mailboxes in Exchange Server 5.5. — Paul Niser Comparing Windows Mobile 2003's IMAP with ActiveSync With Windows Mobile 2003, you can use IMAP or ActiveSync to access Exchange over a wireless connection. Here are some factors to consider when you’re deciding which protocol to use. — Joseph Neubauer Configuring Outlook Express Outlook Express's support of POP3 and IMAP4 gives the email client some advantages over other Exchange 2000 Server email clients. This article describes how to configure Outlook Express to work with these protocols. — Ronald Stewart Connect Exchange Servers Over a VPN A virtual private network provides a secure, inexpensive way to connect LANs via the Internet. — Frank Plawetzki Connecting Mobile Users to Exchange You can broadly classify the wireless devices that offer email access by the type of interface they provide. Here’s a look at those classifications. — John Rhoton Control Client Network Traffic To control client-generated messaging traffic, you need to estimate your bandwidth needs, connect clients efficiently, and modify some bad user habits. — Tony Redmond Control Mailbox Size with Mailbox Manager Exchange Server 5.5 SP3 includes a new mail-management utility. Find out how you can use Mailbox Manager to control ever-growing mailboxes. — Tony Redmond Coping with Unsolicited Email Learn how you can ensure that outsiders don't mistake your Exchange installation for a UCE mailer and how you can configure Exchange to follow current Internet standards for preventing UCE. — Mark Howard Create a URL for Outlook Web Access Simplify your users access to email through a Web browser by creating a simple URL they can use to get to OWA. — Barb McDonald Creating a Group Policy for Outlook 2002 Learn how to use Group Policy to disable menu and toolbar commands. — Sue Mosher Creating Exchange 2000 Mailboxes The interaction between AD and Exchange and the need to populate multiple attributes have made mailbox creation more complex in Exchange 2000 than it is in Exchange 5.5. Learn the process so that you can find, then resolve problems. — Tony Redmond Customize Exchange Details Templates Use Exchange Server details templates to display information about recipients that is typically available only at the server. — Mark Ott Customize Your Exchange Display Templates Customizing Exchange templates makes them even more valuable for displaying directory information such as attributes about users, contacts, distribution groups, and public folder objects. — Tony Redmond Customizing OWA 2000 Here's how to take advantage of Outlook Web Access's URL addressability to customize the user's OWA experience and reuse OWA components in your applications. — Kevin Laahs Customizing OWA 2000 Access Segmentation is a handy tool for administrators who want to prevent users from accessing certain OWA 2000 features but don’t want to spend a lot of time learning how the WSS forms engine works. — Paul Robichaux Customizing Your Exchange 2000 Server Installation Although Exchange 2000 doesn’t include Performance Optimizer, you can use ADSI Edit and modify the registry to move Exchange components where you want them. — Daragh Morrissey Dealing with Databases Do you dread having to manage your Exchange databases? Follow these recommendations and leave the worry behind. — Kieran McCorry Deleting User Accounts and Exchange 2000 Mailboxes This useful script performs email-enabled user-account deletion tasks. — Ethan Wilansky Demystifying Exchange 2003 Custom Recipients, DLs, and Profiles Learn how to deal with Microsoft Office Outlook 2003 Messaging API (MAPI) profiles and how Exchange 2003 handles custom recipients and DLs during cross-administrative group mailbox moves. — Kieran McCorry Demystifying Exchange 2003 Mailbox Moves The Exchange 2003 SP1 Move Mailbox Wizard takes the pain out of cross-administrative group mailbox migrations. — Kieran McCorry Deploying Exchange Intelligent Message Filter IMF on an Internet-facing bridgehead server is a valuable adjunct to other spam-reduction measures. — Paul Robichaux Develop an Exchange Compliance Strategy Exchange provides key compliance features such as journaling and messaging security—but you'll likely have to add capabilities such as archiving and PST management via third-party products. — Devin L. Ganger Diagnosing Exchange Server 2003 Problems Discover the tools and techniques that will help you troubleshoot Exchange stability and performance problems. — Daragh Morrissey Distribution Lists in Exchange 2000 As a subset of the Exchange directory, Exchange 2000 DLs are also part of AD. Here’s what this change means for your migration to Exchange 2000. — Jason Seim Do-It-Yourself Test RBLs Create an inhouse RBL to test Exchange 2003's block list–integration feature. — Donald Livengood Documenting Your Exchange Server 5.5 Systems Proper documentation is invaluable during disaster recovery. — Drew Nicholson Does Single-Instance Storage Matter Anymore? Single-instance storage was an important feature in early versions of Exchange. Have new systems and Exchange 2000 changed its value? — Tony Redmond Eliminate Unnecessary System Messages When your network connection is slow or unreliable, system messages can impede message delivery. You can reduce the volume of system messages without affecting the messaging function. — Richard Riley Emulating UNIX Aliases' Functionality in Exchange If an Exchange server is your primary Internet mail hub in your organization, use this technique to relay mail for non-Exchange users to the appropriate mail server. — John Frandsen Enabling Message Journaling on Exchange Server If government or corporate policies require you to save all messages, message journaling is the tool you need. Find out how message journaling works, how to plan for and configure it, and what it can't do. — Mark Ott , et al. Entourage 2004 for Mac Entourage 2004 for Mac is well integrated with the rest of the Office 2004 suite, is stable, and provides Mac users the most-often-requested Exchange features. — Paul Robichaux Exchange Server 2003 OWA Overview Take a look at the new OWA functionality that Exchange 2003 brings to the mobile user. — Kevin Laahs Exchange 2000 and Exchange Server 5.5 Public-Folder Interoperability Mixed environments present special challenges for public folders. Learn how to smooth your transition. — Kieran McCorry Exchange 2000 Backup and Restore Exchange 2000 has enhanced backup and restore functionality. Get to the know the basics. — Tony Redmond Exchange 2000 for Developers and Users The Web Store, server-based events, CDO 3.0, and item- and column-level security in Exchange 2000 will help developers and users do their job better. But what's missing? — Sue Mosher Exchange 2000 Hosting: The ASP Model, Part 1 Use the same infrastructure ASPs use to host Exchange for multiple customers, and learn how to set up customized user logon names in AD. — Evan Morris Exchange 2000 Hosting: The ASP Model, Part 2 Configure different address lists and addresses with different suffixes for different groups in the same AD forest. — Evan Morris Exchange 2000 Instant Messaging Tony Redmond answers some Exchange Instant Messaging FAQ to smooth your way in adopting this new subsystem. — Tony Redmond Exchange 2000 Interforest Synchronization In this age of company mergers, how do you synchronize two or more Exchange 2000 servers? Microsoft Metadirectory Services might be the tool you need. — Greg Dodge Exchange 2000 SMTP Logging and Archiving Exchange 2000's SMTP logging and archival tools help you diagnose communication problems with other systems. — Joseph Neubauer Exchange 2000 SP2 CDOEXM Updates Learn about a small but extremely useful CDOEXM enhancement in Exchange 2000 SP2 that will help you manage mailbox security. — Alain Lissoir Exchange 2000 SP2 WMI Updates Microsoft has added two new WMI providers to manage the Message Tracking Logs and the DSAccess components. Here's how to use these providers in WSH 5.6. — Alain Lissoir Exchange 2000's Mailbox Manager The popular Mailbox Manager utility is back in SP1. Find out how it works and how to use it to clean up your users' mailboxes. — Henrik Damslund Exchange 2003 Advanced Journaling Exchange 2003's envelope journaling is a sophisticated journaling method for organizations that are serious about journaling. Learn how to enable it and how to make it work in a multiserver environment. — Kieran McCorry Exchange 2003 and the Windows Storage Server Feature Pack Learn about Windows Storage Server, how it works with Exchange 2003, and when using it as an Exchange storage mechanism does (and doesn't) make sense. — Paul Robichaux Exchange 2003 ArchiveSink You can use the free ArchiveSink tool to get some granular control over message archiving. — Kieran McCorry Exchange 2003 Clusters: Rolling Upgrades Take a look at some of the changes in implementing rolling upgrades to an Exchange 2003 cluster — Daragh Morrissey Exchange 2003 Deployment Fundamentals Exchange 2003 deployment doesn't differ much from Exchange 2000 deployment, but little changes add up to big improvements. — Kieran McCorry Exchange 2003 SP1 RPC over HTTP Exchange 2003 SP1's new managed RPC over HTTP topology provides enhances deployment and administration of RPC over HTTP access. — Kieran McCorry Exchange 2003 SP2 On the Road Check out the new Exchange 2003 SP2 mobility features and think about how you can best use them in your environment. — Paul Robichaux Exchange 2003 SP2: Migrate or Wait? Deciding whether to move to Exchange Server 2003 SP2? Paul Robichaux, helps you examine your options. — Paul Robichaux Exchange 2003’s Recovery Storage Group Here's a strategy for using the RSG, a specially tailored version of a regular storage group to which you can restore a backup copy of a mailbox store. — Tony Redmond Exchange Disaster Recovery Tips Incorporate these ideas in your Exchange-specific disaster recovery plan. — Menko den Ouden Exchange Ideas Get tips, news, and community resources for messaging admins. — Lisa Pere Exchange Ideas Get tips, news, and community resources for messaging admins. — Lisa Pere Exchange Ideas Get tips, news, and community resources for messaging admins — Lisa Pere Exchange Ideas Get tips, news, and community resources for messaging admins — Sue Mosher , et al. Exchange Ideas Get tips, news, and community resources for messaging admins. — Brien Posey Exchange Ideas A compilation of tips, news, and community resources for messaging administrators. — Various Authors Exchange Ideas A compilation of tips, news, and community resources for messaging administrators. — Various Authors Exchange Ideas, December 2006 A compilation of tips, news, and community resources for messaging administrators. — Various Authors Exchange Ideas, January 2007 A compilation of tips, news, and community resources for messaging administrators. — Various Authors Exchange Ideas, July 2006 A compilation of tips, news, and community resources for messaging administrators. — Various Authors Exchange Ideas, May 2006 Get tips, news, and community resources for messaging admins — Anne Grubb Exchange Ideas, November 2006 A compilation of tips, news, and community resources for messaging administrators. — Various Authors Exchange Ideas, October 2006 A compilation of tips, news, and community resources for messaging administrators. — Various Authors Exchange Ideas, September 2006 A compilation of tips, news, and community resources for messaging administrators. — Various Authors Exchange Relay Review Learn how to ensure that every Exchange server capable of hosting SMTP connections can't be overtaken by others who want to use the server to relay malicious email. — Joseph Neubauer Exchange Relay Testing In his follow-up to December's "Exchange Relay Review," Joe shows you how to make sure your relay configuration is working the way you want. — Joseph Neubauer Exchange Server 2003 OWA End-User Features The latest version of OWA offers new end user functionality that makes the email client look and function much like Outlook. — Kevin Laahs Exchange Server 5.5 Interorganizational Solutions Find out about two tools that can help you merge two or more Exchange organizations: The InterOrg Synchronization Tool and the Active Directory Connector. — Greg Dodge Exchange Server 5.5 SP3 Hits the Streets Unlike most service packs, SP3 introduces new features: Mailbox Manager, an antivirus hook, and an MTA mixer. — Tony Redmond Exchange Server and Virus Checkers Pick up some tips for choosing and using a virus checker. — Tony Redmond Exchange Server's Perplexing Permissions Exchange permissions aren't intuitive and are often inconsistent with Windows NT permissions. Find out about Exchange role and rights and how permissions flow. — Mark Ott Exchange Survey Tell us about the kind of content you'd like to see in Exchange & Outlook Administrator. — Lisa Pere Exchange, Outlook & SharePoint FAQs A compilation of FAQs about Exchange 2007 and Exchange 2003, Outlook 2007 and Outlook 2003, and Microsoft SharePoint technologies. — Various Authors Filling Administrative Gaps with ADSI and LDAP The Lightweight Directory Access Protocol fills the administrative void in Exchange 2000 Server and simplifies Exchange Server 5.5's tedious tasks. Find out how LDAP works and how you can make it work for you. — Joseph Neubauer Filtering Messages in Exchange 2003 Exchange 2003's recipient filtering, sender filtering, restricted groups, and restricted recipients features help you protect your messaging environment against unwanted email. — Donald Livengood Fine-Tune Active Directory Connector Synchronization The author explains how to fine-tune the ADC to improve synchronization in your environment. — Kieran McCorry Fine-Tune Exchange Connections In Exchange Server 5.5, Microsoft introduced address-space restrictions to give systems administrators more control over users' access to connectors. You can use this restrictions to configures your organization the way you want it. — Steve Schwartz Forms-Based Authentication in OWA 2003 Learn how to enable forms-based authentication to help secure your OWA implementation. — Kevin Laahs Fortify Your Email Transport, Part 1 You can use several of Exchange 2000’s configuration and routing options to provide high availability for your Internet email transport systems. — Joseph Neubauer Fortify Your Email Transport, Part 2 Configure your Exchange 2000 systems to prevent and fight use as open relays, mail loops, and DoS attacks. — Joseph Neubauer Get a Load of Log Parser Dreaming of a way to round up Exchange data from a variety of sources? Log Parser is your dream come true. — Tony Redmond Get Inside Active Directory Connector Synchronization Learn about the ADC's hidden mechanisms so that you'll be better able to properly implement an ADC-based synchronization environment. — Kieran McCorry Get the Most from Exchange Antispam Tools Exchange has a surprisingly good set of built-in spam reduction tools that can contribute to the solid protection your messaging system needs. Learn how connection, content, and sender and recipient filtering work and the configuration options you have. — Paul Robichaux Getting Started with ExMon Monitor the performance of individual Outlook client connections with the Exchange server in near real time and possibly identify heavy resource usage. — Kieran McCorry Good Migrations Check out these techniques for assessing permissions and building a good migration schedule, including using a VBScript that groups mailboxes by permissions relationships. — Joseph Neubauer Guidelines for Deploying Independent Autonomous Sites Implementing a large Exchange Server Organization in independent autonomous (or franchised) sites can be difficult. Guidelines can help companies set up naming conventions, connectors, directory replication, public folders, and address book views. — Steve Schwartz Head Off Public Folder Replication Storms Exchange 2003 SP2 offers a useful feature for stopping public folder replication storms. — Tony Redmond Hello Exchange & Outlook Pro VIP! The new Exchange & Outlook Pro VIP will deliver the same great Exchange and Outlook content that you've come to expect in Exchange & Outlook Administrator in a more timely online format. — Anne Grubb Hosting Email Services You can use Exchange 2000 and OWA to provide small-scale hosted email services to partners, customers, or associates. — Paul Robichaux Hosting Email Services, Part 2 This second part of a two-part article about hosting email services describes creating a recipient policy and building and securing an address list for each hosted organization. — Paul Robichaux How ACLs Magically Affect Your GAL Denying a user access to an object means that the user can't access the object from any application, right? Not necessarily! Learn why ACLs can have different effects on searching and browsing from Outlook, OWA, OMA, and Outlook Express. — Kevin Laahs How Message Tracking Works Find out how to enable message tracking in Exchange and how to use log files to see where a message went. — Tony Redmond How to Customize DS-to-AD Attribute Synchronization As you synchronize objects from the Exchange Directory to Active Directory, find out how you can modify attribute defaults to address your circumstances. — Kieran McCorry How to Remove the Last Exchange 5.5 Server Careful planning and a systematic approach are essential when you delete the last Exchange 5.5 server from an Exchange 2000 administrative group. Here’s what to do. — Daragh Morrissey How to Use WinRoute and MailQ These two tools can help you monitor the health and performance of your Exchange 2000 routing service. — Donald Livengood Implementing a Group Mailbox or Public Folder You, too, can have a group mailbox--or maybe a public folder--for your customer support department. Here's how you set them up. — Sue Mosher Implementing IPSec for Front-End/Back-End Communication Front-end/back-end server configurations can improve Exchange 2000’s performance and scalability, but you need to secure communication between those servers. Here’s what you need to do. — Martin Tuip Improve Your Custom Outlook Forms Mismatches between a form’s item and folder fields can cause problems, including inoperative code. Follow these best practices for creating custom fields in Outlook. — Sue Mosher In the Know: Message Tracking Why enable this feature on your Exchange servers? — Tony Redmond In the Know: Exchange 2003 SP2 Database Increases Exchange 2003 SP2 increases the database size limit to 75GB. What do you need to know about these changes? — Tony Redmond In the Know: Exchange Connections Catch up on the news from the most recent conference and get ready for 2006. — Lisa Pere Increasing Outlook User Acceptance These 10 simple configuration changes to Outlook settings can dramatically improve user acceptance. — Joseph Neubauer Information Store—More Pfadmin Commands Pfadmin is a handy tool that can help you manage your Exchange Server 5.5. public folders. The second part of this two-part series describes the tool's Rehome, Setreplicas, Listacl, Listreplicas, and Messageclasses commands. — Drew Nicholson Inside MAPI Profiles Understanding the MAPI profile structure can help in troubleshooting situations and can lead to innovative solutions to migration problems that might at first seem difficult to solve. — Kevin Laahs Integrate SharePoint into Your Exchange Environment Integrating Exchange and SharePoint features can help your Exchange users become more comfortable working with SharePoint. — Matt Ranlett , et al. Intelligent Email Routing Learn how to route incoming email to free up network resources and improve delivery. — Kieran McCorry Intrasite and Intersite Directory Replication Exchange maintains the directory by copying changes from one server to others. Review how the directory works and how to configure Exchange components across your enterprise for optimal performance. — Mark Ott Introducing CDO for Exchange Management Objects Learn how this new server-side tool can help you simplify many Exchange 2000 Server management task. — Kevin Laahs Is Your Exchange Server Relay-Secure? If you want to prevent a malicious user from using your Exchange server for relaying messages, the obvious approach might not be the best one. Find out what you need to do. — Joseph Neubauer Is Your IT Infrastructure Compliance-Ready? Learn about the most significant sets of regulations that are likely to affect your company and see which core business processes those regulations touch on. — Elliot King IT Books: Caveats and Kudos IT books assemble information to make sense of complex subjects, but find out what you need to look for and obtain Tony Redmond's latest recommendations. — Tony Redmond Keep Tabs on Exchange Server You can use Performance Monitor to obtain realtime feedback on Exchange Server's performance and set alerts to head off disastrous events. Large Mailboxes Are Here to Stay Exchange 2007 provides more storage capacity for larger mailboxes. But are supersized mailboxes the answer? Here are some compelling arguments for maintaining mailboxes at a reasonable size. — Tony Redmond Lessons from the Melissa Virus Melissa warned the email world to be vigilant about incoming messages. Here's what to look for and what to do. — Tony Redmond Life with Exchange Server Clusters Review the pros and cons of clustering now and in the future. — Tony Redmond Making Exchange ActiveSync Work EAS provides wireless access to calendar, contact, and message data without requiring the addition of any server-side software—all you need is Exchange 2003 and a compatible device. — Paul Robichaux Making Sense of SharePoint Search Learning about Windows SharePoint Services and SharePoint Portal Server search architectures will help you determine which product is right for your users' collaboration needs. — Kevin Laahs Making the Move to a New BES Considering a move to BlackBerry Enterprise Server 4.0? Read this first. — Joseph Neubauer Manage Saved Messages with the Exchange Archive Agent If you must journal all your email messages, you need a method for storing and retrieving the messages. The Microsoft Exchange Archiving Agent is a tool for low-budget, high-volumn message archiving. — Mark Ott , et al. Managing Exchange 2003 with WMI, Part 1 Exchange 2003 offers several new WMI providers. This first installment of a three-part series looks at how to use the providers to manage Exchange servers, logons, and mailboxes. — Alain Lissoir Managing Exchange 2003 with WMI, Part 2 This second installment of a three-part series looks at how to use Exchange 2003’s new WMI providers and their classes to manage Exchange public folders. — Alain Lissoir Managing Exchange 2003 with WMI, Part 3 This final installment of a three-part series looks at how to use Exchange 2003’s new WMI providers and their classes to manage Exchange queues and links. — Alain Lissoir Managing Mailbox Quotas Read how to calculate the size of the private Information Store, allocate and dminister quotas, control message storage, analyze storage patterns, and help users stay within their quota. — Tony Redmond Managing User Accounts, Part 1 Learn how to use DHTML and ADSI to create a powerful, lightweight tool for updating AD user accounts. — Ethan Wilansky Managing User Accounts, Part 2 In the conclusion of this series about 3U-a powerful, lightweight tool for updating AD user accounts—learn about the tool's scripting details. — Ethan Wilansky Managing Your Email Content, Part 1 Content management goes beyond filtering for malicious code. It lets you control the flow of email content coming into or circulating withing your organization. Here's how you can protect your organization. — Evan Morris Managing Your Email Content, Part 2 Find out how to use Exchange 2000 and Microsoft's Virus Scanning API and Internet Security and Acceleration Server to protect your organization. — Evan Morris MAPI Client Directory Access in Exchange 2000 Find out how MAPI clients use Active Directory in Exchange 2000 and what it means for placing Global Catalog Servers. — Kieran McCorry Migrating from Exchange 5.5 to Exchange 2003 Here's a look at the basic approaches you can take to move from Exchange 5.5 to Exchange 2003. They're not all that different from those of an Exchange 2000 migration. — Kieran McCorry Migrating GroupWise Mail and Calendars The Exchange Server Migration Wizard is a free tool that can help to ease your migration from GroupWise. — Mark England Migrating Microsoft Mail Gateways to Exchange Server This article describes how to replace a third-party SMTP gateway with the Exchange Server Internet Mail Service and how to reconfigure MS Mail post offices to use Exchange services. — Robert O'Connell Migrating Microsoft Mail Users and Groups to Exchange Follow the author step by step through migrating users and shared folders from MS Mail to Exchange. — Steve Jones Migrating Public Folders from Exchange to SharePoint — Jeffrey Rosen Migrating Special Mailboxes to Exchange 2000 Understanding how Exchange 5.5 mailboxes use NT 4.0 accounts and cleaning up your Exchange 5.5 DS is crucial to a successful migration to Win2K and Exchange 2000. — Kieran McCorry Migrating to Exchange 2003 Migrating from Exchange 2000 to Exchange 2003 is a straightforward process if you use these upgrade approaches. — Kieran McCorry Mining the Depths of Exchange Tracking Logs Exchange tracking logs are a gold mine of performance and usage data. And you can use scripting to easily turn raw data into usable statistics. — Joseph Neubauer Monitoring Exchange 2000 Learn how to use built-in monitoring tools to perform basic monitoring in your Exchange environment. — Daragh Morrissey More BlackBerry 4.0 Tips and Tricks Here are further tips and tricks that your BlackBerry guru can use. — Joseph Neubauer More Exchange Design Considerations This article rounds out the top 10 steps in building a solid Exchange organization. — Mark England Move Server Wizard War Stories Microsoft's utility for moving servers has some shortcomings. Two cumbersome inadequacies are the wizard's inability to work with clusters and its clunky way of dealing with custom recipients. — Tony Redmond Moving Made Simple Put the Exchange 2003 Move Mailbox wizard and a few mailbox-transfer tips to work, and you'll enjoy a smooth move. — Tony Redmond Moving to 64-Bit Exchange Learn how Microsoft's decision to develop Exchange 12 for 64-bit systems poses challenges for administrators. — Tony Redmond Moving Users to Exchange 2000, Part 1 You’ve completed the preparations, and now you’re ready to move mailboxes from Exchange 5.5 to Exchange 2000. Here’s what you do. — Kieran McCorry Moving Users to Exchange 2000, Part 2 Make your life easier by scripting intraorganizational migrations and using the Exchange Server Migration Wizard for interorganizational migrations — Kieran McCorry Network News Transfer Protocol Learn how to configure NNTP to bring newsgroups to your users. — Joseph Neubauer Not Ready for an Antispam Solution? If your organization is reluctant to implement an antispam solution, be prepared to present the facts about spam and antispam solutions to the decision makers. — Joseph Neubauer Office 2003 and SharePoint: Better Together By integrating Office 2003 and the SharePoint platform, you can make collaboration a far more productive and enjoyable experience for users. — Kevin Laahs Outlook 10 and Office Designer Read about the great new features--especially the Local Web Storage System and Office Designer--that Microsoft had slated for its next version of Outlook. Unfortunately, the company decided the features aren't ready for prime time. — Sue Mosher Outlook 2000 Custom Installation Wizard You can use the tools in the Microsoft Office 2000 Resource Kit to create an installation package for Outlook 2000. Follow these steps to learn how to do it. — Marie Davis Outlook 2001 for Macintosh At last, Microsoft offers an Outlook version that's a true Macintosh application as well as fully compatible with Outlook for Windows. — Paul Robichaux Outlook Messaging Profiles with Mandatory Profiles on WinDD Find out how to control the look and feel of the desktop to reduce performance overhead in a thin-client environment. — Martin McClean , et al. Outlook Support for cc:Mail Transcend's Microsoft Outlook support for Lotus cc:Mail service (or ConnectorWare) can help ease users' transition to Outlook. Find out how to install the service and what it can--and can't--do. — Olivier D'Hose OWA 2000 Features and Limitations Take a look at what Outlook 2000 can do--and what it can't do. — Jim McBee OWA 2000 Security and Scalability OWA 2000 offers better scalability than its predecessor, but security problems still exist if you configure it improperly. Here’s how to implement an OWA 2000 system that’s not only scalable but also secure. — Jim McBee OWA in Exchange 2000 Outlook Web Access 2000 offers improved performance and a better user experience. See what you can do with it. — Jim McBee OWA Spell Checking Outlook Web Access doesn't yet include built-in spell-checking functionality, but third-party options are available. Find out how such products work with Exchange 2000 OWA. — Kieran McCorry PAE and Exchange 2003 Exchange administrators have always had to find ways to use Exchange’s limited physical memory efficiently. Learn about recent advances in hardware and the Windows OS that help you make the most of the memory you have. — Tony Redmond Partial Exchange 2000 Migration Here's how to upgrade your Exchange 5.5 sites to Exchange 2000 in isolation from the rest of your environment. — Kieran McCorry Personal Distribution List Considerations Administrators don't hear about users' personal distribution lists until problems occur. Here are some situations to watch for. — Tony Redmond Plan a Smooth Migration Before you move any mailboxes, here's how to check for associations between them so that you can keep these mailboxes on the same server throughout migration and not inadvertently split them up. — Joseph Neubauer Plan Your Exchange Server Deployment Walk through the steps of creating and fine-tuning your Exchange organization simulation by using Microsoft System Center Capacity Planner 2006. — Brien Posey Planning an Exchange 2000 Migration Strategy When you move to Exchange 2000, don't take the flaws of your current infrastructure with you. Here's what you need to clean up. — Tony Redmond Planning for and Configuring the Active Directory Connector The Active Directory Connector (ADC) is an essential tool for migrating Exchange directory information to the Windows 2000 Active Directory. Find out how to plan for the ADC and put it to use in your installation. — Bill English Prevent MAPI Clients from Hanging The explanation of why MAPI clients apparently hang over slow links illustrates that you need to watch all your resources, not just Exchange. — Tony Redmond Preventing Directory Harvest Attacks Learn how directory harvest attacks consume your system resources and find out the techniques you can use to foil the spammers. — Brien Posey Pursuing Pesky Mail Messages Meet the resources you need for troubleshooting message queues and tracking messages: message queue management, Performance Monitor workspaces, and a message tracking search engine. — Mark Ott Recovering Exchange 2000 Planning for Exchange 2000 Server recovery? Be sure you understand some of the basics of AD recovery as well. — Evan Morris Reduce Exchange Server's Bandwidth You can improve performance by limiting message size from the client and the server, by optimizing network traffic, and carefully managing distribution lists. — Mark Ott Regulatory Compliance Companies large and small are seeking ways to make their messaging systems comply with recent legislation. Kieran reviews the primary messaging-related provisions and translates them into practical advice. — Kieran McCorry Removing Orphaned Objects from the Exchange Directory Why do objects you think you've deleted from a site remain in the directory of remote sites? Find out about orphaned objects and what you can do about them. — Matt Inman Restoring a Broken Exchange Cluster When your Exchange Server/Microsoft Cluster Server configuration is irretrievably broken, here are two procedures you can use to restore the cluster. — Fabio Longo Restoring a Deleted Exchange Object Learn how to manually restore single items (e.g., mailboxes, public folders, messages) and entire Exchange servers that you've permanently deleted. — Fabio Longo Restoring an Exchange 5.5 IS Database Use this alternative method to restore deleted items to an Exchange 5.5 IS database. — Bill Stewart Restoring an Exchange Server Computer Walk through recovery of an Exchange server when a crash hasn't affected Windows NT and log files are intact but disk drive failure has destroyed database files. — Mark Ott Restoring the Exchange 2000 Store Step by Step Restoring the Information Store in Exchange 2000 is different from the process in Exchange Server 5.5. Here are the steps to follow. — Joseph Neubauer Restricting SMTP Connectors To restrict SMTP-based connectors, you must use ESM to set the limitations, then add two registry values to enforce them. — Tony Redmond Risky Business Don’t put your company and users’ personal information at risk. Here are four types of automated responses that you should block. — Steve Bryant Run Exchange 2007 Under Virtual Server 2005 Follow along with a veteran Exchange admin as he explains how he set up VMs to test beta versions of Exchange 2007, Outlook 2007, and Outlook Web Access using Virtual Server 2005 R2. — Michael Dragone Running Exchange Server 5.5 on Windows 2000 Exchange Server 5.5 on Win2K offers some interesting benefits. Find out the advantages and how to set up your system. — Fabio Longo Running Exchange Services from LocalSystem In Exchange 2000, Microsoft runs Exchange Services from the Windows 2000 LocalSystem account instead of the service account. Find out what this change means to you. — Tony Redmond Safeguard Exchange for Mobile-Device Access EAS and OMA, new components in Exchange Server 2003, help meet users’ demand to receive email on their handheld devices while keeping access secure. — Paul Robichaux Sail Through Public Folder Migration Learn about the new features in Microsoft Exchange Server 2003 that make public folders more efficient and streamline migration of user and system public folders. — Kieran McCorry Scaling Out OWA Get some tips for implementing Outlook Web Access (OWA) in a large environment. — Kieran McCorry Scaling Out OWA Storage Configurations This follow-up to the June 2003 article "Scaling Out OWA" describes storage-configuration details and subtle server-tuning aspects of building a large messaging data-center platform. — Kieran McCorry Script User Account and Mailbox Creation Use ADSI, CDOEXM, and VBScript to automate the process of creating AD user accounts and mailboxes. — Ethan Wilansky Secure Client Communications with SSL Use SSL support to protect your company’s email communications. — Joseph Neubauer Secure OWA Architectures, Part 1 Learn how to set up your network for offsite users who use OWA to access their Exchange mailboxes. — Kieran McCorry Secure OWA Architectures, Part 2 Discover the most secure architecture for accessing Web mail from outside the corporate firewall. — Kieran McCorry Securing the Exchange Server 5.5 Internet Mail Service Using the Internet as a network backbone exposes the network to security risks. Find out how Exchange Server 5.5 protects the IMS by preventing unauthorized access and using encryption to secure message traffic. — Steve Schwartz Send Individual Messages to Distribution List Members You can use an Exchange Event Service script to manage a large mailing list and send individually addressed messages to hundreds of people. — Sue Mosher , et al. Set Up Multiple Email Identities for a Single Account Setting up multiple addresses for one email account lets you keep mailboxes to a minimum while providing email identities you can use for different business functions. — Randy Franklin Smith Setting OWA Mail and Calendar Notifications Discover how the WebDAV protocol’s Subscribe and Poll methods combine to support OWA email notifications and calendar reminders. — Kevin Laahs SharePoint Offers a Different Outlook WSS raises the bar for Outlook 2003 from an application for personal use to an application for personal use and team collaboration. — Kevin Laahs SharePoint Portal Server Visual Elements SharePoint Portal Server's Grouped Listing Web Part gives you flexibility in displaying portal listings, so that you can streamline your SharePoint Portal's navigation structure. — Bob Mixon SharePoint Solutions Microsoft and others have done a great job of touting the strengths of SharePoint Portal Server and Windows SharePoint Services. Our goal is to inform you of these products' weaknesses. — Ethan Wilansky , et al. SharePoint Tips & Techniques If you're getting started with Windows SharePoint Services, you'll find these FAQs helpful. — John Savill Simple Customer-Satisfaction Surveys Create custom Outlook survey forms that make collecting valuable user feedback a snap. — Jason Joy Simple Database Scripting With CDOEXM Learn to create and delete storage groups and mailbox databases and mount and dismount databases. — Paul Robichaux Simple Exchange Monitoring You might be surprised at the monitoring and control functionality built right into your Exchange and Windows servers. — Paul Robichaux Simplify Performance Analysis with ExPTA ExPTA, a free Microsoft tool, lets you instantly compare your Exchange server's performance with Microsoft’s best practices and spot potential performance problems. — Kieran McCorry Sizing an Exchange 2003 System Before you use a sizing calculator or load-testing tool to design an Exchange 2003 system, you must know how people use the current mail system. — Joseph Neubauer Spam Beacons Set up a demo to show the side effects of opening spam messages. — Joseph Neubauer Storing Exchange Server Messages Find out the advantages of storing messages on the server over storing messages in personal folders. — Tony Redmond Subtle Changes in Exchange 2003 SP2 Do you have a problem with Exchange? It's possible that Microsoft has already fixed the bug. Check out this hotfix for Exchange 2003 Service Pack 2. — Tony Redmond TCP/IP and Exchange Server TCP/IP is a commonly used network protocol. Read how you can keep TCP/IP from slowing client connections. — Tony Redmond test file upload — Ramon Ali Testing Outlook in a Corporate Environment How do you know Outlook won't cause problems with your organization's mission-critical applications? Before you migrate to Outlook, here's a plan to test how it will affect your desktop environment. — Samantha Guthrie The Active Directory Connector Account Cleanup Wizard Smooth out the migration of directory information from Windows NT 4.0 and Exchange Server 5.5 to Active Directory by using the Active Directory Connector Account Cleanup Wizard to eliminate duplicate objects. — Kieran McCorry The BlackBerry Connection Speed, size, and simplicity have made this mobile email device many users' top pick. — Tony Redmond The Care and Feeding of Public Folders Learn how the email client interacts with public folders and how the mail administrator can configure public folder options within the organization for optimal performance. — Mark Ott The Exchange 2000 Offline Address Book Exchange 2000’s OAB is a valuable tool for road warriors yet is surprisingly easy to set up and use. — Tony Redmond The Exchange 2003 Move Mailbox Wizard The Exchange 2003 Move Mailbox Wizard is a much improved tool for moving mailboxes from legacy Exchange servers to Exchange 2003. — Kieran McCorry The Exchange 5.5 Reality Check Many Exchange administrators continue to support Exchange 5.x installations. Here’s how to minimize downtime in existing Exchange 5.5 systems. — Jim McBee The Exchange 5.5 Security Check Review several practical steps for securing Exchange 5.5 in a Windows NT 4.0 environment. — Jim McBee The Exchange Best Practices Analyzer A new free tool from Microsoft performs an automated check of your Exchange servers to determine their compliance with recommended practices. — Paul Robichaux The Exchange Intelligent Message Filter Exchange 2003 is about to wise up when it comes to stopping spam. Find out how the forthcoming Microsoft Exchange Intelligent Message Filter (IMF) can help your antispam efforts. — Tony Redmond The Exchange Mailbox Manager, Part 1 Mailbox Manager lets you clean up users' mailboxes by deleting and moving items. In this first article of a two-part series, learn how to create Exchange recipient policies to manage how Mailbox Manager works within an organization. — Tony Redmond The Exchange Mailbox Manager, Part 2 In this second article in a two-part series, learn how the Exchange Server Mailbox Manager utility processes user mailboxes and helps you comply with your organization's data-retention policies. — Tony Redmond The Exchange Recipient Update Service Understanding this important Exchange Server service can help you keep things running smoothly. — Tony Redmond The Free/Busy Map Outlook’s free/busy map facilitates scheduling in calendars. — Joseph Neubauer The Importance of the Global Catalog Global Catalogs are crucial to a smoothly functioning messaging system. Find out how you can use GCs effectively. — Tony Redmond The Infamous DS/IS Consistency Adjuster The DS/IS Consistency Adjuster verifies that every object in the IS has a matching entry in the DS and fixes inconsistencies that arise in the Exchange database. Review this feature and how to avoid some common pitfalls in using it. — Tony Redmond The Mystery of MTA Malfunctions Two MTA problems might have baffled you: NDRs for messages to a DL that included a deleted object and stuck messages. But don't worry--SP2 fixes both problems. — Tony Redmond The Pros and Cons of SP4 Service Pack 4 consolidates fixes big and small bugs in Exchange Server 5.5. Is upgrading worth the pain? — Tony Redmond The Sender ID Standard Want help stopping spam and other troublesome email? Consider implementing Sender ID. — Paul Robichaux The Server Side of Calendaring Find out how an Exchange server handles free/busy information, how to conduct backups and restores, and how to modify the contents of the system's FREE BUSY folder. — Siegfried Jagott The Site Replication Service Are you running a mixed Exchange Server 5.5/Exchange 2000 environment? Find out how the Site Replication Service works with the Active Directory Connector to make Directory Service to Active Directory synchronization easier. — Kieran McCorry The Wonderful Wizard of ORK The Microsoft Office 2003 Resource Kit’s Office Profile Wizard does a lot more than you might expect. — Sue Mosher Tips for Clustering Exchange Successfully Here's what you need to know to achieve a successful and highly available Exchange cluster. — Dennis Lundtoft Thomsen Tips for Interpreting Messaging Benchmarks To promote their messaging and collaboration applications, companies publish benchmarks proclaiming their product's performance. What do benchmarks tell you--and what else do you need to know? — Jerry Cochran Tips from an Email Road Warrior Efficient offline working habits, an understanding of OST files, and trading some Outlook functionality for shorter online sessions can make using email on the road quicker and less expensive. — Tony Redmond To Virtualize or Not to Virtualize? Consider these helpful hints before you jump headfirst into running your Exchange 2003 mailbox servers on virtual machines (VMs). — Tony Redmond Tools and Techniques to Troubleshoot MAPI Client Connections Here are some troubleshooting tools and techniques that you can use when you have problems connecting to Exchange 2003 from Outlook 2003 in classic online mode. — Kieran McCorry Top Exchange Design Considerations Designing (or redesigning) an Exchange organization? Read these top 10 tips before you begin. — Mark England Tricks and Tweaks for Maintaining Exchange Databases Learn how to modify Exchange's automated maintenance processes to keep it running at peak performance. — Brien Posey Troubleshooter: Blocking MSN Messenger Find out how to prevent Exchange Instant Messenger users from accessing MSN Messenger. — Paul Robichaux Troubleshooter: Enabling Message Journaling Learn about the performance impact and concerns of enabling message journaling. — Paul Robichaux Troubleshooting Message Transport Problems Learn where to search for clues about the cause of your email delivery problems. — Joseph Neubauer Troubleshooting RPC over HTTP Connections Here’s a handy checklist you can use to help you determine why an RPC over HTTP connection has failed. — Kieran McCorry Tuning the X.400 Connector and the Message Transfer Agent When you're operating Exchange Server over slow or unreliable WAN links, you can tune the MTA to minimize message retransfers and get the most efficient message delivery. — Bill English Understanding Exchange 2000 Global Messaging Defaults Set message formats and message delivery properties for your entire organization. — Tony Redmond Understanding Exchange 2003 Global Settings and Message Limits Learn more about two Exchange 2003 components—global size limit settings and public folder replication—and how each component affects the other. — Donald Livengood Understanding Front-End Servers Learn the pros and cons of front-end Exchange servers, and discover an alternative approach that combines security and ease of use. — Kieran McCorry Unified Messaging and Exchange Thinking about UM? Be sure you understand the pros and cons. — Kieran McCorry Update to "A Viral Survival Checklist" You can protect your system from attacks like the VBS/LoveLetter by beefing up your Outlook attachment security settings and default Windows file association settings. Here's what to do. — Evan Morris Updated Exchange 2003 SP2 Algorithm Aids Write Access to Objects Microsoft has updated the Global Catalog selection algorithm in Exchange 2003 Service Pack 2 (SP2), and Tony Redmond takes you on a quick tour of this seemingly simple yet important change. — Tony Redmond Upgrading to Outlook 2003 Outlook 2003 offers many enhancements that might make upgrading an easy choice. — Tony Redmond Use a Recovery Server with Exchange 2000 Follow the procedure outlined here to successfully restore a mailbox Store. — Tony Redmond Use DNS and UNIX Relay Hosts to Route Messages to Exchange Server Learn how to transparently integrate mail servers by configuring DNS to route messages from a UNIX relay host to an Exchange server. — Todd McGrath Use Exchange Tracking Logs to Classify Users Tracking logs in Exchange Server 2003, Exchange 2000 Server, and Exchange Server 5.5 can be a gold mine of useful information that can help you pinpoint email usage in your organization. — Joseph Neubauer Using Address Book Views in Exchange Server ABVs let you group mailboxes into a set of logical containers independent of the container in which they physically reside, and you can hide these views from other groups in the GAL. — Mark Ott Using an Exchange 5.5 Server as a Mail Switch You can take advantage of Exchange Server 5.5 Internet Mail Service's (IMS's) address-rewriting capabilities to create an effective mail switch for multi-mail system environments. — Kieran McCorry Using and Configuring Outlook Direct Booking Learn how to configure and use Outlook direct booking. — Joseph Neubauer Using ETRN in Exchange Server When you don't need 24x7 connectivity, the SMTP command ETRN lets your Exchange server periodically connect to an ISP to send and retrieve your mail. Find out how ETRN works and how to configure it. — Mark Ott Using Exchange Public Folders A look at the key questions surrounding public folder deployment and management will help you lay out a public folder design. — Tony Redmond Using Exchange Server as a List Server With a combination of a public folder, and distribution list, and the Network News Transfer Protocol, you can add basic list server functionality to Exchange Server. — Tony Redmond Using Exchange Server Link and Server Monitors Learn how to use these built-in monitors to keep tabs on Exchange and Windows NT services, synchronize clocks, and check messaging links. — Mark Ott Using IPsec with Exchange Learn how to use IPSec to secure communications between your front-end and back-end servers. — Paul Robichaux Using MIXER for SMTP Internet Connectivity MIME Internet X.400 Enhanced Relay (MIXER) lets SMTP users communicate with users on X.400 systems. Find out MIXER’s ins and outs and some interesting ways to use this feature. — Fabio Longo Using Outlook 2003 as a Windows RMS Client Learn how you can use RMS to protect the content of email messages and documents. — Sue Mosher Using Palm III to Connect to Exchange Server You can use conventional SMTP/POP3 and Palm III's HotSync features to connect to Exchange Server and retrieve and send email remotely. — Martin McClean , et al. Using SharePoint Portal Server 2001 to Approve and Publish Documents Microsoft's new information management server offers a way to collaborate on documents. Read what you can do. — Bill English Using the IMS Extension DLL Here's the tool you need to add disclaimers to messages and journal some or all of your outbound and inbound SMTP mail. — Joseph Neubauer Using Thread Compressor Evan Morris explains how to clean up and consolidate sets of email messages that relate to a common topic. — Evan Morris Using Web Storage System Forms Although you can develop applications for the WSS platform without using the forms registry, WSS offers a powerful technology that can make your applications more adaptable and manageable. — Kevin Laahs Using Windows Mobile 2003 to Access Exchange Pocket PC 2002's successor provides valuable security enhancements. — Joseph Neubauer Virtualizing Exchange 2003 Before you virtualize any part of Exchange 2003 in a production environment, you should be aware of Microsoft's support limitations, virtual machine (VM) performance considerations, and deployment issues. — Tony Redmond Want to Tick Off Spammers? Try Sender ID Exchange 2003 SP2 introduces Sender ID, another brick in the wall to block spam. — Kevin Laahs What to Do When Your IMS Fails To deal with IMS malfunctions, learn how the IMS works with the IS to move and store messages, why problems occur, and how to troubleshoot problems. — Tony Redmond Windows Server 2003 Domain Renaming with Exchange Server 2003 With Windows Server 2003 and Exchange Server 2003 SP1, Microsoft has provided two tools—Rendom and XDR-Fixup—that let you rename a Windows 2003 domain and make the necessary changes to AD to support Exchange 2003 after the rename. — Tony Redmond Wireless PDA Access to Exchange Before you choose a method to let users access Exchange Server email from their PDAs, you need to pin down which solution you want to use, how your users plan to use it, and which devices and software offer the best fit. — Joseph Neubauer Zero Downtime Exchange 2000 Recovery If you can't afford for your Exchange 2000 email system to be unavailable to your users while you restore the databases, here's what you can do. — Evan Morris [Information Store] Information Store: Event Log Tools Two Event Log tools provide easy—-and free—-monitoring capabilities for keeping tabs on your Exchange services. — Drew Nicholson Information Store—Pfadmin’s Setacl Command The first article in this new column explains how to use Pfadmin‘s Setacl command to set ACLs on public folders--and alerts you to some of the tool’s gotchas. — Drew Nicholson Rem: Scripting the Creation of Datasources To automate the creation of datasources, you can use a script to create the required registry entries. — Michael Otey [TOP 10] Exchange Server 2007 New Features The newest features of Exchange Server 2007 offer prefab modular server roles, messaging protection, quick and easy resource booking, a host of security options, and more. — Michael Otey SBS 2003 Features The new SBS 2003 Standard Edition and SBS 2003 Premium Edition provide a host of worthwhile features. Here are the best of them. — Michael Otey [Writing Secure Code] Avoiding Buffer Overruns with String Safety — David LeBlanc Bind Basics — David LeBlanc Controlling Socket Connections When you're dealing with sockets and other network connections, you want to be selective about which hosts you accept connections from. — David LeBlanc Defeating Denial of Service – CPU Starvation Attacks This week, David tells you how to protect yourself from CPU starvation attacks, where an attacker leverages your mistakes to cause your system to consume all available processing resources. — David LeBlanc Defeating Denial of Service Attacks Learn how attackers attempt to starve the resources associated with your application and how to protect yourself from these types of Denial of Service attacks. — David LeBlanc Detecting Alternate Data Streams Alternate data streams occasionally crop up as security concerns because an attacker might use these streams to hide files. Find out how you can track down these data streams so that you can protect your systems. — David LeBlanc Good Programming and the Rules for Writing Secure Code — David LeBlanc Overflowing Buffers — David LeBlanc Parsing POP — David LeBlanc Restricting Processes David LeBlanc shares some code to help you control the access levels that a process uses in Windows 2000. — David LeBlanc Secure Services Securing services is important to overall network security. Programmers need to be aware of the user context that a service will use and be careful when deciding which choice is right for each service. — David LeBlanc Setting Security If your information is the least bit sensitive, inherited security permissions typically won’t be appropriate for your needs. Learn how to create and apply an ACL to protect your sensitive data. — David LeBlanc Setting Security, Part 2 In Part 2 of his series on Setting Security, David LeBlanc presents an application you can use to initialize the discretionary access control list on a Registry key to give Administrators full control, making your applications more secure. — David LeBlanc Structured Exception Handling and Security Learn how to use the structured exception handling (SEH) function that comes with the Win32 API to let C code handle errors in your application in much the same way that C++ handles exceptions. — David LeBlanc Understanding Process Tokens Learn how process tokens work, and find out about a piece of code that can expose the information within these tokens to help you debug your code. — David LeBlanc Writing a Secure POP3 Server — David LeBlanc [Ultimate Security Toolkit ] A Bootable Network Security Toolkit Add to your arsenal of security tools with this handy, all-in-one security toolkit. — Mark Joseph Edwards CyberCop 5.5 — Steve Manzuik HackerShield 2.0 — Steve Manzuik Intact Enterprise 3.0 Check out this software tool for automatic detection and correction of changes that intruders make to your system. — Shawn Porter Internet Scanner 6.1 — Steve Manzuik LT Auditor +, 7.0 Check out this Windows-based intrusion detection and audit trail security software. LT Auditor +, 7.0, provides 24x7 monitoring of network activity across the enterprise, protecting organizational assets accessible through NT and Novel networks. — Shawn Porter MailRecall 1.1 Does your company require ultimate control over its email and file attachments? Learn how you can use this software to keep your sensitive documents from ending up in the wrong hands. — Shawn Porter NetRecon 3.0 — Steve Manzuik Praesidium WebEnforcer for Windows NT 1.1 Learn about HP's entry into the burgeoning server security scanning software market. — Shawn Porter Raptor Firewall 6.5 Axent Technologies improves on its Raptor enterprise-level firewall product and gives the user an all-new management interface, malicious traffic filters, and definable custom proxies. — Mark Joseph Edwards Retina 3.0 Find out about the Common Hacking Attack Methods (CHAM) and Fix-It features in the latest version of eEye Digital Security's Retina 3.0 security scanner for Win2K and NT networks. — Shawn Porter SecurePC — Steve Manzuik Specter 5.01 Learn how you can use this honeypot-deception software to trick would-be intruders into thinking they are accessing your systems and to respond to them. — Shawn Porter WebTrends 3.0 — Steve Manzuik [Windows 2000 Security ] Analyzing Security Fixes in Win2K Service Pack 1 Microsoft's release of Windows 2000 Service Pack 1 (SP1) fixes 17 security problems, but do you need to install this latest fix? Randy Smith walks you through the service pack and to help you find some answers. — Randy Franklin Smith Auditing Windows 2000 In addition to NT’s seven categories of audit events, Win2K provides two new categories to track additional areas of activity. Find out where Microsoft has added enhancements to this important feature. — Randy Franklin Smith Checking Your Current Configuration in Group Policy As I discussed in a previous column, the way you configure Windows 2000 is very different from the way you configure Windows NT. In general, you no longer directly touch a system’s settings in Win2K. — Randy Franklin Smith Code Red and Proactive Security If you always read Microsoft security bulletins and load hotfixes on your Windows 2000 IIS servers, you're probably already protected from the Code Red worm. However, Randy Smith shows you an even more important way to practice proactive security. — Randy Franklin Smith Cracking User Passwords in Windows 2000 For years, Windows NT administrators have used L0phtCrack 2.5 to obtain users' passwords in their domain. But, if you’ve tried to use this tool on your Windows 2000 domain controller, you know that it doesn’t work. — Randy Franklin Smith Creating a Custom Password-Reset MMC Last time, I showed you how to give your Help desk staff the authority to handle forgotten passwords without giving them sweeping administrative privileges. — Randy Franklin Smith Dangerous Services, Part 1 Windows 2000 comes with some unnecessary services enabled by default. Attackers use these services to access confidential information or impersonate a high-level user. Consider disabling these vulnerable services on workstations and servers. — Randy Franklin Smith Dangerous Services, Part 2 Randy Smith continues his look into Windows 2000 services that can pose unnecessary security risks. Find out which services you will want to consider disabling to keep attackers from accessing your systems. — Randy Franklin Smith Dangerous Services, Part 3 Randy Smith concludes his look into Windows 2000 services that can present security risks. Learn how to use Group Policy to control services on all computers in your domain and to change security settings to keep your systems secure from network attacks. — Randy Franklin Smith Delegating Password Reset Control in Windows 2000 — Randy Franklin Smith Don't Shoot Yourself in the Foot with Group Policy Security Settings, Part 1 If you aren't careful with your Group Policy Security Settings, you can easily shoot your security in the foot. Randy Smith shows you how to implement some fail-safe measures to protect your systems. — Randy Franklin Smith Don't Shoot Yourself in the Foot with Group Policy Security Settings, Part 2 In Part 2, Randy Smith shows you how to use change control techniques and least privilege to protect the rest of your domain from administrator mistakes. — Randy Franklin Smith Group Policy — Randy Franklin Smith Internet Explorer Security Options, Part 1 You take the serious risk of suffering from a security attack each time you browse the Web. Randy Smith shows you how to reduce this risk by properly configuring the security options available in Internet Explorer (IE) 5.0. — Randy Franklin Smith Internet Explorer Security Options, Part 2 Randy Smith continues his look into security options available when you use Internet Explorer (IE) 5.0 to browse the Web. Learn how to configure the Custom Level settings for the security zones. — Randy Franklin Smith Internet Explorer Security Options, Part 3 Web browsing leaves cookies and downloads that might be security risks to your systems. Randy Smith shows you how to how to control cookies and file downloads by properly configuring the security options available in Internet Explorer (IE) 5.0. — Randy Franklin Smith Internet Explorer Security Options, Part 4 Randy Smith continues his look into security options available when you use Internet Explorer (IE) 5.0 to browse the Web. Learn how to control permissions for Java applets you encounter on Web sites and how to configure the settings under Miscellaneous. — Randy Franklin Smith Internet Explorer Security Options, Part 5 Web browsing exposes your systems to dangers associated with active scripts. Randy Smith shows you how to properly configure the security options for scripting that are available in Internet Explorer (IE) 5.0. — Randy Franklin Smith Internet Explorer Security Options, Part 6 Randy Smith completes his look at the security options that are available in Internet Explorer (IE) 5.0. Learn how to use Group Policy to configure the security options centrally for all your users. — Randy Franklin Smith IP Security Filtering Attackers are always scanning the Internet for unsecured PCs. Randy Smith shows you how to use Windows 2000 IP Security (IPSec) Filtering to protect onsite and offsite computers exposed to the Internet. — Randy Franklin Smith New Rights in Windows 2000 — Randy Franklin Smith Protect Confidential Information Using IPSec and Group Policy Learn how to use Group Policy to implement a limited rollout of IPSec and protect your classified information as it traverses your Windows 2000 network. — Randy Franklin Smith Protect Confidential Information Using IPSec and Group Policy – Part 2 In part 2 of this series, Randy shows you how to use a GPO's ACL permissions to assign the Server (Require Security) IPSec policy for your secure servers. — Randy Franklin Smith Protecting Data Recovery Certificates in EFS Learn the importance of exporting and deleting the recovery agent certificate when you are using Win2K-based systems that aren't members of an Active Directory (AD) domain. — Randy Franklin Smith Protecting the Administrator Account Find out why Windows 2000's built-in Administrator account needs special protection against attacks because of several idiosyncrasies that Win2K inherited from Windows NT. — Randy Franklin Smith Reducing the Risks Associated with Windows 2000's Group Policy — Randy Franklin Smith Securing Win2K Laptops with EFS Learn how to securely implement EFS on Win2K Professional laptops and protect your mobile users. — Randy Franklin Smith Setting Active Directory Property Permissions By the time a user calls the Help desk to ask for assistance with a forgotten password, Windows 2000 will likely have locked out that user's account as a result of several failed logons. — Randy Franklin Smith Terminal Services, Part 1 Terminal Services lets you fully administer a remote server. With the graphical, interactive environment of a PC and the manageability and simplicity of a mainframe, Terminal Services offers the best of two worlds. — Randy Franklin Smith Terminal Services, Part 2 Randy Smith continues his look at some of the features available in the Microsoft Management Console (MMC) Terminal Services snap-in. Learn how to use Terminal Services features to keep your server secure during remote administration. — Randy Franklin Smith Terminal Services, Part 3 Randy Smith continues his look at features in the Microsoft Management Console (MMC) Terminal Services snap-in. Learn how to use some of the properties for Terminal Services connection objects to keep your server secure during remote administration. — Randy Franklin Smith Terminal Services, Part 4 Randy Smith completes his look at features in the Microsoft Management Console (MMC) Terminal Services snap-in. Learn how to use IP Security (IPSec) protocol to wrap a final layer of security around your server. — Randy Franklin Smith Updating Service Packs and Hotfixes with Boot Scripts Learn how to use a few simple scripts and Group Policy to keep your Win2K systems up-to-date and secure and still get home at a decent hour. — Randy Franklin Smith Win2K SP1 Security Improvements Find out what improvements Microsoft has made in Win2K SP1 to help you keep your systems up to date and secure. — Randy Franklin Smith Windows 2000 Installer Package for Service Pack 1 Using service packs to keep servers and workstations up-to-date is crucial to your entire OS and Internet Explorer. Now you can use Windows 2000 Installer to deploy service packs throughout your network with little effort. — Randy Franklin Smith Windows 2000's Advances in Administrative Authority — Randy Franklin Smith [Hot Tips] Cause Microsoft ISA to Automatically Dial Out Some of you use Microsoft's new Internet Security and Acceleration (ISA) Server in conjunction with a modem-based connection. — Mark Joseph Edwards Convert to NTFS During an Unattended Installation As you know FAT file systems offer very little in the way of security. Therefore its always wise to format your drives to use the NTFS file system, where you gain the ability to control access to files and directories on a per user basis. While In the right Microsoft article Start the Registry Outlook users (and possibly users of other As I tell As I tell If you run [Product Reviews] Baseline +Plus 2.2.1 Administrators and Help desk support personnel often struggle with inconsistent file versions on computers throughout an organization. Computing Edge's Baseline +Plus 2.2.1 eases this struggle by analyzing the difference between a baseline — Mark Joseph Edwards CyberwallPLUS-SV 5.1.1 CyberwallPLUS-SV is a software-based embedded firewall that resides at the kernel level on an NT server, between the host's Ethernet NICs and the network protocol stacks. During installation, the program bonds its proprietary virtual network device — Mark Joseph Edwards Enterprise Backup Software Data that you store on enterprise networks represents money, and for most organizations, irrecoverable loss of such data would be a financial catastrophe. Thus, choosing the correct backup software is like picking the right vehicle to take your — Mark Joseph Edwards SecureNT 1.2 A growing reliance on computers for the processing and storage of critical data means that securing system integrity is crucial. A lot of public hype exists about the external threats that system crackers pose, yet internal threats are more likely to — Mark Joseph Edwards SFProtect 2.0 Scanning your systems for security vulnerabilities is a paramount task, so selecting a security scanner that is right for your network is important. If you're looking for an agent-based system security scanner, SFProtect 2.0 might be the solution for — Mark Joseph Edwards UltraBac 5.5 Stand Alone Disaster Recovery for Windows NT UltraBac.com's UltraBac 5.5 Stand Alone Disaster Recovery (SADR) for Windows NT streamlines partition-image backup and restoration. You can write the backup images to any local device on the NT 4.0 Hardware Compatibility List (HCL), and SADR includes — Mark Joseph Edwards [How To] Advanced Security in Exchange 2000, Part 1 Microsoft Exchange Server has always provided the Advanced Security subsystem to let users secure their mail messages. Advanced Security guarantees confidentiality and message content integrity and verifies the sender’s authenticity. Advanced Security — Mark Joseph Edwards Encrypting Files for Added Security If you're running NTFS on your Win2K system, you can give yourself extra security by encrypting files. To do so, open My Computer, drill down to the file or folder you want to encrypt, and right-click it to bring up a menu. Select Properties and — Mark Joseph Edwards Internet Explorer's Upcoming Cookie Management Update Microsoft will soon release a public beta of its upcoming cookie management update for Internet Explorer (IE) 5.5. — Mark Joseph Edwards Microsoft Releases IIS 5.0 Security Checklist Microsoft recently released a new security-related document that helps administrators better secure their Internet Information Server 5.0 systems. — Mark Joseph Edwards Multibooting Windows 2000 Systems You're probably just taking the shrink-wrap off your new copy of Windows 2000 (Win2K) and wondering how Win2K will integrate into your existing system configuration. If you've configured multiboot systems with Windows NT 4.0 in the past, you — Mark Joseph Edwards Quickly Disable Network Access to Your System Here's a handy tip for disabling access to NT 4.0 systems while you perform maintenance or upgrade tasks, or if you suspect your system is being attacked via NetBIOS. Unless you have modified the default settings, the Everyone group has the right — Paula Sharick Secure E-Commerce with Smart Cards Your company might still consider smart cards to be a futuristic technology. To help make them a present reality, Windows 2000 (Win2K) will offer highly integrated support for smart cards. In this article, I introduce you to smart cards, show you why — Mark Joseph Edwards Tougher Computer Crime Laws Sought White House Chief of Staff John Podesta made a proposal for updates to existing computer crime laws. — Mark Joseph Edwards White House Eases Encryption Export Policy The White House announced a new policy on Monday designed to ease restrictions on export of strong encryption. — Mark Joseph Edwards Windows 2000's Network Address Translation In Windows 2000 Server (Win2K Server), Microsoft offers you two ways to connect SOHO networks to the Internet: You can use a routed connection or a translated connection. With routed connections, Win2K Server acts as an IP router and forwards packets — Mark Joseph Edwards Your Web Browser is Bugged Cookies have been the nemesis of privacy advocates for quite some time now, but cookies are relatively tame compared to their sneakier siblings, Web bugs, which stealthly track you as you view content from around the Internet. — Mark Joseph Edwards [Access Denied] Access Denied Randy answers your Windows 2000 security questions about restoring local logon privileges, correctly configuring auditing in the Default Domain Policy OU, changing the Administrator account name on every computer in your domain, and more. — Randy Franklin Smith Access Denied Randy answers your Windows 2000 security questions about restricting concurrent logons, monitoring who is logged on to a domain’s servers, changing the number of days in a password-expiration notification, and more. — Randy Franklin Smith Access Denied — Randy Franklin Smith Access Denied — Randy Franklin Smith Access Denied — Randy Franklin Smith Access Denied Get answers to your security-related Windows 2003, XP, and Win2K questions — Randy Franklin Smith Access Denied Get answers to your Windows security questions. — Randy Franklin Smith Access Denied Get answers to your Windows security questions. — Randy Franklin Smith Access Denied Get answers to your Windows security questions. — Randy Franklin Smith Access Denied Get answers to your Windows security questions. — Randy Franklin Smith Access Denied — Randy Franklin Smith Access Denied Get answers to your Windows security questions — Randy Franklin Smith Access Denied — Randy Franklin Smith Access Denied — Randy Franklin Smith Access Denied Every month, Randy Franklin Smith answers your questions about security. Click the links above to see individual Q&As from this month's column. Send your questions to Randy at rsmith@ultimatewindowssecurity.com. — Randy Franklin Smith Access Denied — Randy Franklin Smith Access Denied Every month, Randy Franklin Smith answers your questions about security. — Randy Franklin Smith Access Denied Every month, Randy Franklin Smith answers your questions about security. Click the links above to see individual Q&As from this month's column. — Randy Franklin Smith Access Denied Randy answers your Windows 2000 security questions about using GPOs to enforce password-protected screen savers, forcing Win2K to apply group policy immediately, and more. — Randy Franklin Smith Access Denied Randy answers your Windows 2000 security questions about migrating to Win2K before deploying Active Directory, using L0phtCrack on Win2K, finding and using the Win2K replacement for the NT User Manager utility, and more. — Randy Franklin Smith Access Denied, April 2006 Get answers to your Windows security questions. — Randy Franklin Smith Access Denied, August 2006 Get answers to your Windows security questions. — Randy Franklin Smith Access Denied, July 2006 Get answers to your Windows security questions. — Randy Franklin Smith Access Denied, June 2006 Get answers to your Windows security questions. — Randy Franklin Smith Access Denied, May 2006 — Randy Franklin Smith Access Denied, October 2006 — Randy Franklin Smith Access Denied, September 2006 — Randy Franklin Smith Access Denied--Addressing Group Policy Conflicts Discover which Group Policy settings affect other settings. — Randy Franklin Smith Access Denied--Auditing User Account Lockouts Learn how to audit user account lockouts. — Randy Franklin Smith Access Denied--Configuring Group Policy’s Effective Settings Discover how to configure Group Policy’s Effective Settings. — Randy Franklin Smith Access Denied--Controlling Read and Write Access to AD Objects Learn to use AD to publish employee information but still control read and write access to AD objects. — Randy Franklin Smith Access Denied--Evaluating Anonymous Events in the Security Log Discover the risks associated with anonymous logons and logoffs. — Randy Franklin Smith Access Denied--Handling Console Unlocks in Win2K Learn how Win2K handles password changes and console unlocks. — Randy Franklin Smith Access Denied--Implementing NTLMv2 on Win2K, NT, and Win9x machines Learn how to upgrade NT LAN Manager (NTLM) to NTLMv2 on your Win2K, NT, and Win9x machines. — Randy Franklin Smith Access Denied--Keeping Users from Running Unauthorized Commands Find out how you can keep users from running unauthorized commands. — Randy Franklin Smith Access Denied--Knowing FTP from a Network Perspective Learn how FTP works from a network perspective. — Randy Franklin Smith Access Denied--Logging Off Users Automatically Discover how to log off users automatically when their logon time has expired. — Randy Franklin Smith Access Denied--Restoring Access for Recreated User Accounts Learn how to restore access for a recreated user account. — Randy Franklin Smith Access Denied--Understanding the User Privileges that Event ID 578 Logs Learn how event ID 578 (privileged object operation) can help you manage access to object properties. — Randy Franklin Smith Access Denied--Win2K Server–Reboot Security Events Discover the significance of security events logged when you reboot a Win2K server. — Randy Franklin Smith Access Denied: .vbs Virus Protection Learn how to protect users agains VBScript viruses. — Randy Franklin Smith Access Denied: A Basic File Encryption Tool Windows provides no built-in utility for encrypting files, but two scripts in the Platform SDK use CryptoAPI to let you encrypt and decrypt text files from the command line. — Randy Franklin Smith Access Denied: Activating the IAS Log Learn about a Windows 2003 tool for scanning the IAS log and where to find documentation of the log's columns and codes. — Randy Franklin Smith Access Denied: Administering All Domains in a Forest Learn what group to use when your responsibilities include managing an entire forest. — Randy Franklin Smith Access Denied: Allowing Guest-Client Access to the Internet Over a WLAN How can you give visiting clients and business partners access to the Internet via your WLAN while maintaining security? Here are two approaches. — Randy Franklin Smith Access Denied: Alternatives for Safeguarding Your WLAN Use a trick with your DHCP addresses to prevent an intruder from capturing information sent between wireless clients or connecting to your network and attacking your computers. — Randy Franklin Smith Access Denied: Applying a Domain Lockout Policy to Win2K's Built-In Administrator Account Set the domain's PwdProperties property to protect the Administrator account. — Randy Franklin Smith Access Denied: Applying a Registry Value Across All a Domain's Computers Don't want to go from computer to computer to modify a registry value? Here's an alternative. — Randy Franklin Smith Access Denied: Assign Rights with Group Policy Randy explains how to use group policy to assign user rights to local users and groups. — Randy Franklin Smith Access Denied: Audit Account Logon Events Randy explains how to use GPOs to control the audit policy on computers in your domain. — Randy Franklin Smith Access Denied: Audit Control List Editing Rights for a Win2K Object Learn whether you can delegate access to editing rights for the audit control list of a Windows 2000 object. — Randy Franklin Smith Access Denied: Auditing Account Logon Events Centrally Learn how Windows 2000’s new audit category Audit account logon events lets you track logon activity centrally. — Randy Franklin Smith Access Denied: Auditing Users Who Might Be Starting and Stopping Services Discover how to audit users who might be starting and stopping services. — Randy Franklin Smith Access Denied: Automatically Log Off Inactive Users Randy tells how you can automatically log off inactive Win2K users and close their open files. — Randy Franklin Smith Access Denied: Automating Service Pack Installation Group Policy can install a service pack on multiple computers the next time they reboot. — Randy Franklin Smith Access Denied: Automating User Account Creation in AD You can automate AD account creation either interactively or through a script. — Randy Franklin Smith Access Denied: Avoiding Unnecessary Work with IPSec Learn how to ensure that when you edit an IP Security (IPSec) policy in a Group Policy Object (GPO), the changes take effect. — Randy Franklin Smith Access Denied: Backing Up GPOs The Group Policy Management Console (GPMC) lets you document and back up GPO settings. — Randy Franklin Smith Access Denied: Blocking Inheritance and Overrides of Group Policies Learn how the Group Policy "Block Policy inheritance" and No Override options work and how they affect each other. — Randy Franklin Smith Access Denied: Changing an Account's UPN Suffix To create a user account with a unique name, you sometimes need to change the account's UPN suffix. — Randy Franklin Smith Access Denied: Clearing Logs on Win2K and NT Servers Learn how to clear the Application, Security, and System logs on Windows 2000 and Windows NT servers. — Randy Franklin Smith Access Denied: Comparing Anonymous-Connection Policies in Win2K and Later Here's a look at the anonymous-connection policies in Win2K as compared with those in Windows 2003 and XP. — Randy Franklin Smith Access Denied: Comparing Code Access Security with User Access Permissions Which one takes precedence? The answer is neither; they are equal. — Randy Franklin Smith Access Denied: Configuring a Different Lockout Policy for Dial-Up or VPN Users Learn how to set up a separate lockout policy for your dial-up or VPN users. — Randy Franklin Smith Access Denied: Configuring a Separate Lockout Policy for Remote Access You can use the registry to configure a remote access lockout policy that's different from your domain account lockout policy. — Randy Franklin Smith Access Denied: Configuring a Win2K System to Log On Automatically A reader has trouble getting a Win2K system to log on automatically. — Randy Franklin Smith Access Denied: Configuring Anonymous Access on Win2K Win2K lets you configure NT-style anonymous connections—if that's what you really want to do. — Randy Franklin Smith Access Denied: Configuring Certificates with IIS 5.0 When you follow best practice and keep your root CA offline, make sure to configure your CA so that it can find the CRL. — Randy Franklin Smith Access Denied: Configuring DHCP Server Logs If your logs are too small, you'll have holes in your logging coverage. — Randy Franklin Smith Access Denied: Configuring Office Macro Security for Multiple Users Use Group Policy to lock down Office for multiple users without separately configuring each workstation. — Randy Franklin Smith Access Denied: Configuring XP File Sharing A new XP setting controls file sharing of local XP accounts. — Randy Franklin Smith Access Denied: Configuring XP to Require Ctrl+Alt+Del for Logon You can modify the registry to configure standalone XP computers to use the classic logon window, but you need to use the MMC Local Security Policy snap-in to require users to press Ctrl+Alt+Del. — Randy Franklin Smith Access Denied: Connecting to a DC to Edit a GPO Because the MMC Active Directory Users and Computers snap-in doesn't necessarily connect to the local DC, you might think that only some DCs will log GPO change events. — Randy Franklin Smith Access Denied: Controlling Enterprise Administrators Access to a Child Domain Learn how to prevent Enterprise Administrator group access to a child domain. — Randy Franklin Smith Access Denied: Controlling SAM Accounts and Shares New settings in XP cause it to behave differently from Win2K with regard to allowing enumeration of SAM accounts and shares. — Randy Franklin Smith Access Denied: Controlling the Right to Add New Computers to a Domain Learn several methods you can use to control the right to add new computers to a domain. — Randy Franklin Smith Access Denied: Controlling Which CAs Windows Can Trust Decide for yourself which Certification Authorities (CAs) are trustworthy. Use Group Policy to mandate which CAs Windows can trust. — Randy Franklin Smith Access Denied: Convincing Management About Security Risks Discover how to convince your company's managers that security risks from internal users are real. — Randy Franklin Smith Access Denied: Cracking Kerberos Packets Although Kerberos is stronger than NTLM, Kerberos packets can still be cracked. Learn about the available options for protecting Kerberos packets from attack. — Randy Franklin Smith Access Denied: Creating Multiple Event Viewer Views Learn to use Event Viewer to view multiple event types without having to change filters. — Randy Franklin Smith Access Denied: Creating New UPN Suffixes Creating and using new UPN suffixes can make your user account names less transparent but doesn't take the place of strong security. — Randy Franklin Smith Access Denied: Delegating the Right to Unlock User Accounts Learn how to delegate the right to unlock user accounts. — Randy Franklin Smith Access Denied: Deleting a File on an NTFS Volume and Erasing the Data Learn how to erase the data after you delete a file on an NTFS volume. — Randy Franklin Smith Access Denied: Detect When Someone Views or Dumps the Security Log Randy gives ideas for determining whether local administrators are conscientiously checking their logs. — Randy Franklin Smith Access Denied: Detecting NetBus on Company Computers Learn how to detect and remove NetBus from all your company’s computers. — Randy Franklin Smith Access Denied: Detecting PPTP Attacks on Remote Access Servers Learn how to determine if an attacker is trying to access your RAS server by guessing usernames and passwords. — Randy Franklin Smith Access Denied: Determining from Which Computer a User Logged On On Win2K and later DCs, you need to use event ID 672 to discover the computer from which a user logged on. — Randy Franklin Smith Access Denied: Determining the Risks of Using Group Policy to Distribute a Preshared Key Is it safe to use Group Policy to deploy IPSec's preshared key authentication? — Randy Franklin Smith Access Denied: Determining When a Server’s Time and Date Were Changed The Windows Security log provides information about when a system's time and date were changed. — Randy Franklin Smith Access Denied: Determining Which Programs Access Files A Win2K bug makes determining which application accessed a given file on a remote computer difficult, but you can compile a list of possibilities. — Randy Franklin Smith Access Denied: Disabling Group Policy A registry setting in the Win2K beta that let users disable Group Policy doesn't threaten security in the final release of Win2K or XP. — Randy Franklin Smith Access Denied: Disabling IE's Enhanced Security Configuration Feature Disabling this Windows 2003 feature isn't recommended, but it's possible. — Randy Franklin Smith Access Denied: Disabling Schema Changes in AD Disable Active Directory (AD) schema changes to prevent malicious or accidental tampering. — Randy Franklin Smith Access Denied: Disabling the Administrator Account under Windows XP You can disable the Administrator account under XP to prevent attackers from using the account to access users' machines. — Randy Franklin Smith Access Denied: Disabling Windows Messenger on XP Workstations Disable Windows Messenger to protect systems from potential exploits. — Randy Franklin Smith Access Denied: Disconnecting All Users from a Server Discover how to set up an automated procedure to disconnect all users from a server at a certain time each day. — Randy Franklin Smith Access Denied: Discouraging Administrators from Unnecessarily Using Their Privileges You can't prevent administrators from using elevated privileges for tasks that don't require them, but you can make doing so inconvenient. — Randy Franklin Smith Access Denied: Displaying a Blank Logon Screen for a Terminal Services Client Learn how to prevent a Terminal Services client from displaying the name of the last user to log on. — Randy Franklin Smith Access Denied: Displaying a Legal Notice When Users Log On You need to configure more than one setting to display a legal notice. — Randy Franklin Smith Access Denied: Doing Security Scans That Comply with NSA Recommendations A free version of Pedestal Software's SecurityExpressions WebScan can do what the Microsoft Baseline Security Analyzer (MBSA) can't. — Randy Franklin Smith Access Denied: Edit Ticket Lifetime Randy explains Win2K's service tickets and user tickets and tells how you can edit ticket lifetime and other Kerberos policies. — Randy Franklin Smith Access Denied: Editing the Dssec.dat File Learn how to delegate to a Help desk the right to unlock user accounts. — Randy Franklin Smith Access Denied: Email Notification About Security Events Learn how to set up daily email to notify you about suspicious security events. — Randy Franklin Smith Access Denied: Enabling Permissions Inheritance Here's how to propagate permissions from a parent object to its child objects. — Randy Franklin Smith Access Denied: Enabling Users to Access Two Domain Accounts In some cases (e.g., during a migration), you might need to let users log on to two domain accounts and access files. A freeware tool makes setting up such a scenario easy. — Randy Franklin Smith Access Denied: Ensuring That GPOs Are Applied When You Move a Computer to a New OU Learn why an OU's GPOs might not be in effect immediately on a computer that you move to that OU. — Randy Franklin Smith Access Denied: Evaluating EFS Consider the effectiveness of Encrypting File System (EFS) on various Windows OSs. — Randy Franklin Smith Access Denied: Forcing All Users to Change Their Password at Next Logon The MMC Active Directory Users and Computers snap-in doesn't provide a multiple select option, but you can use an alternative approach to make all users change their password at the next logon. — Randy Franklin Smith Access Denied: Group Policy and the Administrator Account Learn how to prevent group policies from being applied to the Administrator account. — Randy Franklin Smith Access Denied: Identifying Logon Attempts That Use Disabled Accounts Three event IDs can help you identify logon attempts that use accounts an administrator has disabled. — Randy Franklin Smith Access Denied: Identifying Trust-Relationship Changes You can find information about changes to domain trust relationships by looking in the Security log at event IDs 610, 611, and 620. — Randy Franklin Smith Access Denied: Identifying Unauthorized Logon Attempts Discover the identity of someone trying to use a local account to access your network. — Randy Franklin Smith Access Denied: Installing a New NT 4.0 BDC into a Windows 2003 Domain Here's the reason for the Assign this computer as a backup domain controller option in the New Object - Computer dialog box in Windows 2003. — Randy Franklin Smith Access Denied: Installing SUS on DCs SUS SP1 adds functionality that lets you install SUS on DCs. — Randy Franklin Smith Access Denied: Knowing When Win2K Uses NTLM Rather Than Kerberos Authentication Find out in which situations Win2K still uses NTLM rather than Kerberos authentication. — Randy Franklin Smith Access Denied: Letting Trusted Users Start Windows Messenger Learn to set Windows Messenger policies so that only users who need the application can start it. — Randy Franklin Smith Access Denied: Letting Users View Security Logs Simply editing a GPO will let a group of users view Security logs but will also allow them to clear the logs. A more restrictive solution takes more work. — Randy Franklin Smith Access Denied: Limiting Access to Users at the Forest and Domain Levels The Authenticated Users group includes global users in trusted domains and realms. You need another approach to limit access to users in the forest and domain. — Randy Franklin Smith Access Denied: Limiting User Access from the Desktop Prevent users from using Internet Explorer (IE) to browse restricted drives. — Randy Franklin Smith Access Denied: Locating All the GPOs in Your Domain Discover how to get a list of all GPOs in your domain without accessing the Group Policy tab for each OU. — Randy Franklin Smith Access Denied: Locking Down PCs' Portable-Media Drives Don't forget about portable-media drives when you're securing PCs. — Randy Franklin Smith Access Denied: Logging the Workstation Name on Win2K When Win2K uses Kerberos for a logon, the OS doesn't log the workstation name. But you can determine the workstation's name from its IP address. — Randy Franklin Smith Access Denied: Looking for the MMC Local Security Settings Console Windows Server 2003 DCs don’t have the Local Security Settings console under Administrative Tools. Windows 2003 computers that aren't a domain member do have the console. — Randy Franklin Smith Access Denied: Making MBSA Ignore Patches to Disabled Services Prevent updates for disabled services and features from generating false positives on MBSA reports. — Randy Franklin Smith Access Denied: Managing Office Updates Currently, SUS handles only OS updates. To manage patches to Office applications, you need a third-party solution. — Randy Franklin Smith Access Denied: Mitigating a Problem with Computer-Only Authentication to a WLAN Basing client authentication to your wireless LAN on the computer's certificate instead of the user's certificate could let an intruder access your entire LAN. Learn how to avoid this threat. — Randy Franklin Smith Access Denied: Mixed Mode vs. Native Mode Learn the difference between mixed mode and native mode in AD domains. — Randy Franklin Smith Access Denied: Monitoring for Unauthorized Scheduled Tasks Windows Server 2003 offers an event ID that reveals whether someone has scheduled an unauthorized task. — Randy Franklin Smith Access Denied: Monitoring Security with Custom MMC Consoles Set up custom MMC views to easily and efficiently monitor security events on multiple computers. — Randy Franklin Smith Access Denied: NTFS Permissions Learn the best way to reset NTFS permissions on a partition after converting it from FAT32. — Randy Franklin Smith Access Denied: Obtaining a Server Certificate from Your Own CA Configuring IIS to use HTTPS for a secure Web site requires you to install a server certificate. If you don't have a third-party Certification Authority from which to get a certificate, an alternative is to set up your own CA. — Randy Franklin Smith Access Denied: Operation-Based Auditing Whereas earlier versions of Windows can tell you only whether a file has been accessed, Windows Server 2003 can reveal whether operations were performed on the file. — Randy Franklin Smith Access Denied: Overriding a Trust Relationship Within a Forest You can't disable the trust relationship between domains within a forest, but you can use the deny logon user rights to effectively override it. — Randy Franklin Smith Access Denied: Prevent Administrators from Overriding EFS Randy provides information about securing confidential data in user home directories. — Randy Franklin Smith Access Denied: Preventing Administrators from Using L0phtCrack You can't completely stop administrators from using L0phtCrack to crack passwords, but you can make L0phtCrack less effective. — Randy Franklin Smith Access Denied: Preventing Anonymous Users from Gaining Access to Files and Other Resources Learn how to manage the Everyone group to prevent anonymous users from gaining access to your files and other resources. — Randy Franklin Smith Access Denied: Preventing Attackers from Bypassing IP Security Packet Filtering A sophisticated attacker can spoof the source port to make a packet look like a legitimate Kerberos or IKE packet. Learn how to block such attacks. — Randy Franklin Smith Access Denied: Preventing Users in Trusted Domains from Accessing Servers Through Telnet A registry tweak lets only users in your domain access your servers through Telnet. — Randy Franklin Smith Access Denied: Printing ACLs Find out a way to document who has been delegated authority over an OU without having to keep manual listings. — Randy Franklin Smith Access Denied: Proactive Web Server Security Learn how you can proactively secure your systems against unforeseen vulnerabilities. — Randy Franklin Smith Access Denied: Protecting PCs with XP SP2 Windows Firewall Even if you have a perimeter firewall, XP SP2 Windows Firewall's extra layer of protection is a good idea. — Randy Franklin Smith Access Denied: Protecting Workstations from Remote Access Make sure no one can use Remote Assistance, Remote Desktop, or Terminal Services to remotely access sensitive data. — Randy Franklin Smith Access Denied: Protecting Your Internal Network Against Attacks from Untrusted Networks Know the options for protecting your internal network against attacks from untrusted networks. — Randy Franklin Smith Access Denied: Protection from L0phtCrack Learn how to protect your Windows 2000 and Windows NT servers from LOphtCrack and similar tools. — Randy Franklin Smith Access Denied: Putting MBSA Scan Information into a Database To combine MBSA reports for multiple computers into a single report, use a third-party utility to export the information to a database. — Randy Franklin Smith Access Denied: Recovering Files Encrypted with EFS Learn how to recover files encrypted with Encrypting File System (EFS). — Randy Franklin Smith Access Denied: Recovering Write Permissions to GPOs If a malicious employee has changed GPO permissions to deny administrators write access, you can use the GUI to reset those permissions. — Randy Franklin Smith Access Denied: Reducing the Risk of Viruses from HTML Email Reduce the risk of receiving viruses that spread through HTML-formatted email messages. — Randy Franklin Smith Access Denied: Regaining Administrator Access to an OU Learn how to regain Administrator access to an organizational unit (OU) after the ACL has been edited to remove Administrator access. — Randy Franklin Smith Access Denied: Remove Users from Local Admin Group Randy tells you how to remove users from the local Administrators group on all workstations—without having to visit each computer. — Randy Franklin Smith Access Denied: Requiring VPN Users to Run Certain Software Using Windows 2003's IAS, you can prevent VPN users who aren't running antivirus or other necessary software from logging on to your network. — Randy Franklin Smith Access Denied: Reset the Administrator Password on a Locked-Out Machine Randy explains how to reset the Administrator password on locked-out, non-DC Windows 2000 Server, Windows 2000 Professional, and Windows NT systems. — Randy Franklin Smith Access Denied: Resetting Permissions for a Directory Tree Learn how to reset permissions for a directory tree in one step. — Randy Franklin Smith Access Denied: Restricting Anonymous Connections in Win2K You can set the Additional restrictions for anonymous connections policy to one of three values: None. Rely on default permissions, Do not allow enumeration of SAM accounts and shares, or No access without explicit anonymous permissions — Randy Franklin Smith Access Denied: Restricting Guest Access to Logs Use Group Policy to prevent the Guests group from accessing System and Application event logs. — Randy Franklin Smith Access Denied: Restricting Permissions on Servers Upgraded from Windows NT Use a security template and Group Policy to restrict permissions on registry keys on servers that have been upgraded from NT Server to Windows 2003 or Win2K Server. — Randy Franklin Smith Access Denied: Restricting the Programs Users Can Run Software restriction policies provide more control than APPSEC does. — Randy Franklin Smith Access Denied: Restricting Users' Ability to Install Printer Drivers By default, Win2K Pro users who belong to the local Users group can install printer drivers. You can modify the registry to restrict this ability to Administrators and Power Users. — Randy Franklin Smith Access Denied: Restricting Users' Read Access to AD Objects Restrict Read permissions on AD objects that you don’t want users to be able to read, but be judicious, or you might run into problems. — Randy Franklin Smith Access Denied: Returning to a Domain's Default Permissions The Dsacls command lets you configure AD permissions from the command line. — Randy Franklin Smith Access Denied: Reviewing the No Override Option for GPOs Review the rules that govern the No Override option for GPOs. — Randy Franklin Smith Access Denied: Safeguarding FTP Files Get around FTP's weak authentication by using encryption and implementing proper user permissions. — Randy Franklin Smith Access Denied: Safeguarding Web Users' Confidential Data Use public/private key encryption to protect confidential Web user files that are temporarily stored in a staging file on the Web server. — Randy Franklin Smith Access Denied: Scanning for Office Updates MBSA can't scan for missing Office updates, but you can use one of two other options to do the job. — Randy Franklin Smith Access Denied: Scheduling Jobs on a Remote Server You'll need a third-party product to let users schedule jobs remotely on a server. — Randy Franklin Smith Access Denied: Securely Administering a Remote Server Learn why remotely administering a server through Terminal Services is more secure that using MMC snap-ins. — Randy Franklin Smith Access Denied: Securing a Wireless Network Use 802.1x authentication to help you secure your wireless network by leveraging the Windows and AD infrastructures you've already built. — Randy Franklin Smith Access Denied: Securing Crucial Servers in a WLAN Environment Here are four ways to limit access to servers on a wired network to just employees but let both employees and visitors use a wireless network to access a Web-based collaboration tool. — Randy Franklin Smith Access Denied: Securing DHCP So That It Leases Addresses Only to Clients with Reservations Learn methods for securing your DHCP servers. — Randy Franklin Smith Access Denied: Setting Permissions on Windows Server 2003 Shared Folders Learn how Windows 2003's share-level permissions differ from Windows 2000's permissions. — Randy Franklin Smith Access Denied: Solving Password Problems That Involve Your PDC Learn how to address password problems that involve your PDC. — Randy Franklin Smith Access Denied: Specifying Spooler Permissions on Just One DC Learn how to manually assign permissions for the print spooler service without modifying the Default Domain Controller Policy. — Randy Franklin Smith Access Denied: Terminal Services Alternatives Find out where and how to download Windows 2000 Server Terminal Services. — Randy Franklin Smith Access Denied: The Importance of Windows XP SP2 The soon-to-be-released XP SP2 is so important to the security of your network that you should start testing it now. — Randy Franklin Smith Access Denied: The Microsoft Product Support Life Cycle Want to know how much longer Microsoft will continue to support Windows NT or other products? Microsoft has a consistent and predictable policy for product support. — Randy Franklin Smith Access Denied: Tracking IP Addresses to Specific Machines Learn how to use the DHCP server log to determine which computer had a specific IP address at a certain time. — Randy Franklin Smith Access Denied: Tracking Terminal Services Logons Use process tracking to differentiate Terminal Services from other interactive logons. — Randy Franklin Smith Access Denied: Tracking Users Who Use Telnet to Connect to Your Computers Learn how to track users who use Telnet to connect to your computers. — Randy Franklin Smith Access Denied: Troubleshooting a "Failed to open the Group Policy Object" Error If Windows can't find a GPO, use these tips to find the problem. — Randy Franklin Smith Access Denied: Troubleshooting IPSec Learn how to confirm that IPSec policies are active and working properly. — Randy Franklin Smith Access Denied: Troubleshooting User Rights Problems How do you change permissions and user rights on a file server? — Randy Franklin Smith Access Denied: Understand the Difference Between AD OUs and Groups Randy explains the difference between putting a user in a group and putting a user in an organizational unit (OU). — Randy Franklin Smith Access Denied: Understanding EFS Limitations Because EFS protects only copies of files stored on disk, you need to take extra measures to protect files in the pagefile, temporary files, and files on computers that hibernate. — Randy Franklin Smith Access Denied: Understanding Event ID 560 Learn how to distinguish between password changes and password resets. — Randy Franklin Smith Access Denied: Understanding Event IDs 683 and 682 Learn the significance of disconnecting from and reconnecting to winstation sessions. — Randy Franklin Smith Access Denied: Understanding Logon Type 10 Find out what logon type 10 tells you about an event. — Randy Franklin Smith Access Denied: Understanding the "Increase quotas" User Right Contrary to what you might think, "Increase quotas" applies to processor quotas, not to user disk space quotas. — Randy Franklin Smith Access Denied: Understanding the Access this computer from the network User Right The Access this computer from the network user right applies only to the Server service and the resources it provides, including remote access to files and printers and to the resources you see in the Microsoft Management Console Computer. — Randy Franklin Smith Access Denied: Understanding the Anonymous Enumeration Policies By default, Windows 2003 and XP disable the Network access, which means anonymous connections can enumerate shares but can't list local user accounts. — Randy Franklin Smith Access Denied: Understanding Windows Server 2003's Local Security Settings The MMC Local Security Settings snap-in changed with Windows 2003 and XP but still tells you everything you need to know. — Randy Franklin Smith Access Denied: Understanding Wireless-Security Protocols The pursuit of wireless security has led to a plethora of protocols. Clear up the confusion with this high-level view of the relationship between 802.11, 802.1x, 802.11i, WEP, and WPA. — Randy Franklin Smith Access Denied: Using a DC's Last-Logoff Field Although you can access last-logon and last-logoff information for users on a DC, the data is unreliable. — Randy Franklin Smith Access Denied: Using AD's Send As and Receive As Permissions Use the Send As and Receive As permissions to let users send and receive email from mailboxes without revealing their identify. — Randy Franklin Smith Access Denied: Using EFS with and Without AD Discover the differences between working with Encrypting File System (EFS) with and without Active Directory (AD). — Randy Franklin Smith Access Denied: Using Group Policy to Install Service Packs SUS doesn't support service pack installation, but Group Policy makes applying updates to multiple computers easy. — Randy Franklin Smith Access Denied: Using Group Policy to Log Off Users Learn the difference between two Group Policy Object (GPO) settings and how to use them to log users off automatically. — Randy Franklin Smith Access Denied: Using IPSec with NAT Because of an incompatibility between IPSec and NAT, you can't use L2TP over a firewall that performs NAT. — Randy Franklin Smith Access Denied: Using L2TP to Protect VPNs PPTP VPNs might be open to misuse by savvy end users. To secure your VPN, use Layer Two Tunneling Protocol instead. — Randy Franklin Smith Access Denied: Using Log Parser to Audit Domain Logons The Log Parser tool lets you use SQL-like queries to extract data from log files. — Randy Franklin Smith Access Denied: Using One GPO to Control Both Windows XP and Windows 2000 Settings To manage XP's and Win2K's settings from the same GPO, you first need to update the GPO to include XP's new settings. — Randy Franklin Smith Access Denied: Using Passwords with Kerberos Although more resistant to cracking than NTLM, Kerberos is still vulnerable in the absence of strong passwords. — Randy Franklin Smith Access Denied: Using the "Audit account logon events" Category on Member Servers and Workstations Learn how to use the "Audit account logon events" audit category to gather useful information about member servers and workstations. — Randy Franklin Smith Access Denied: Using the MMC Active Directory Users and Computers Snap-In to List Users in Your Domain Learn how to use the MMC Active Directory Users and Computers snap-in to list users in your domain. — Randy Franklin Smith Access Denied: Using the Windows .NET Framework to Control Mobile Code The Framework can't yet mitigate the risk associated with most code that users download from the Internet, but Windows XP's software restriction policies can provide some help. — Randy Franklin Smith Access Denied: Using Win2K Group Policy to Manage New XP Group Policy Settings Learn how to centrally manage XP's new Group Policy settings. — Randy Franklin Smith Access Denied: Using Windows Server 2003's Certificate Templates Microsoft significantly enhanced certificate templates in Windows 2003 but makes the new functionality available only in Enterprise Edition and Datacenter Edition. — Randy Franklin Smith Access Denied: Using Windows Update with IP Security Policies Using IP packet filtering to lock down your system can prevent you from downloading Microsoft updates. Here's how to work around the problem. — Randy Franklin Smith Access Denied: Viewing Hidden Permissions for Individual Properties Many of the properties AD defines for user objects are hidden from view by default. You can cause some hidden properties to appear in the MMC Active Directory Users and Computers snap-in, but you need to use a script to access others. — Randy Franklin Smith Access Denied: Windows Server 2003's Permissions to Cmd.exe Windows 2003's tighter security might mean that some scripts and batch files don't work after you migrate. Here's how to fix the problem. — Randy Franklin Smith Implementing Least Privilege with AD Learn how to apply the concept of least privilege to AD administration. — Randy Franklin Smith Setting Permissions on Win2K Services Learn how to view and edit the permissions on Win2K services. — Randy Franklin Smith Troubleshooting Problems with the Start, Stop and Pause Permission Learn the trick to solving a problem with the Start, stop and pause permission. — Randy Franklin Smith Using the SELF Subject in Win2K ACLs Learn how to use the SELF subject to assign permissions at the OU level. — Randy Franklin Smith [Feature] 10 Tips for Securing Your Service Accounts Using a service account for application services is much safer than using a System account. However, even with service accounts, you still face some security risks. Here’s how to thwart them. — Jarvis Robinson 11 Port Enumerators Have you found an open port on your computer? Worried you might have a virus? Here's a look at 11 port enumerators that can help you track open ports to their source programs. — Roger A. Grimes 3 Ways to Rein in Your Wireless Signals You can use three basic methods to limit wireless network radio signals. Here's how they work. — Mark Joseph Edwards 5 Techniques for Establishing Highly Secure Systems Paula Sharick describes 5 TCP registry modifications you can implement to protect your systems from Denial of Service (DoS) attacks and other common exploits. — Paula Sharick 9 Ways to Diagnose Windows 2003 IPsec Problems Here's how to ensure that IPsec is running smoothly in your environment and how to use built-in Windows 2003 tools to diagnose problems if they do crop up. — Orin Thomas A Matter of Trust Want to really get a handle on security? Be sure you understand the fundamental concepts that surround Windows security authorities and OS trust. — Jan De Clercq AD Delegation Eases Administration You can assign permissions on selected AD objects to certain users and groups—for example, giving Help desk staff authority to reset user account passwords—to make a large AD infrastructure more manageable. — Jan De Clercq AD Tombstone Objects Windows 2003 lets you restore deleted objects in AD. Find out the basics of AD's tombstoning process and how to bring deleted objects back from the dead. — Robbie Allen Audit Your Organization’s Password Strength with L0phtCrack Use L0phtCrack auditing to improve the quality of passwords in your organization. — Randy Franklin Smith Audit Your Passwords Audit your password security—and whether your users adhere to password policies—with the Cain & Abel password-cracking tool. — Tony Howlett Audit Your Web Applications for Better Security You can prevent some problems when you install and configure Web applications, but you should also audit your system regularly to detect potential vulnerabilities and address them. — Mark Joseph Edwards Auditing IIS Security with Log Parser This free command-line tool draws data from your Web server's logs that you can examine for suspicious activity. — Orin Thomas Authenticate Internet Access with ISA Server Use Microsoft ISA Server to provide clients secure—and authenticated—Internet access. — Leon Braginski Avoiding WinZapper's Sting Learn to protect your NT security log from a new utility that lets intruders erase the log while the OS is running. — Randy Franklin Smith Barricading Terminal Services Windows 2003's new version of Terminal Server gives you a plethora of granular security settings that you can use to lock down your installation. — Jeff Fellinge Bluetooth Security Essentials As Bluetooth becomes more widespread, it's important that you understand its security features and potential risks. — John Howie Build a Bastion Host Protect against Internet attacks by building a server that has a highly secure OS. — Christopher Witter Building a 3-Tier CA Hierarchy Learn about certificate technology and how to set up your own CA. — Joseph Neubauer Building a Secure VPN Keep in mind some major considerations when purchasing a VPN solution and follow a few recommendations about how to securely run it, and you can achieve the Private in a Virtual Private Network. — Tony Howlett Building and Using an Incident Response Toolkit, Part 1 Quickly and appropriately responding to a computer security incident is vital. Learn how to build a toolkit that lets you quickly collect data from the compromised machine. — Matt Lesko Building and Using an Incident Response Toolkit, Part 2 In this second installment of a two-part article, you’ll learn how to use an incident response toolkit to quickly collect data from a compromised machine’s file system. — Matt Lesko CA Trust Relationships in Windows Server 2003 PKI Windows 2003 PKI's enhanced trust features make Windows PKI more powerful and flexible but also more complex. Learn about the different PKI trust models and choose the one that best suits your environment. — Jan De Clercq Change Local Administrator Account Passwords Automatically Good security practices include regularly changing local Administrator account passwords. Here's a script that does the job for you automatically. — Alex K. Angelopoulos Combating Hoax Virus Messages Learn how to identify and defend against hoax virus messages. — Roger A. Grimes Configuring ISA Server Clients ISA Server's Web Proxy Autodiscovery capability and Firewall Client software make setup a breeze for intranet clients that use ISA Server to get to the Internet. — Leon Braginski Configuring ISA Server for SSL/TLS Learn how to configure SSL/TLS protocols for secure Web connections in a typical ISA Server environment. — Jan De Clercq Configuring SSL/TLS This article discusses some hidden traps you might encounter when you use IIS 6.0 to configure SSL/TLS for secure Web communications. — Jan De Clercq Crank Up Security with MBSA 2.0 Does the security state of your network devices meets Microsoft's security recommendations? Are your devices up to date with the patches and security updates that Microsoft has released? Run the Microsoft Baseline Security Analyzer tool to find out. — John Howie Danger: Remote Access Trojans Remote Access Trojans (RATs) can scurry through your PC, causing considerable damage. Learn how to detect and extermination these malicious pests. — Roger A. Grimes Defense In-depth The IP Security (IPSec) protocol can help you defend your system from attack. Learn how to use IPSec to secure your environment. — Michael Howard Deploy Your Network IDS Effectively Where you place your network Intrusion Detection System (IDS) sensors and how you manage the information they provide are crucial factors in how well the IDS protects your network. — Jason Harper DNS Lockdown Many administrators overlook DNS implementing security. Take these 6 steps to ensure that DNS doesn't become a security liability on your network. — Joe Rudich Do You Need to Update YourSecurity Hotfixes? Microsoft recently acknowledged that file-version-number problems affect 24 English-language security updates and two OS hotfixes. Learn how to find out if your hotfixes are affected and how to fix them. — Paula Sharick EFS Enhancements in Windows XP Windows XP improves EFS data recovery but introduces a key flaw in EFS’s new password reset disk feature. — Randy Franklin Smith Enhancing Win2K Logon Security with Smart Cards With the release of Windows 2000, Microsoft has expanded support for smart cards. Here’s a look at how to set up a smart card logon system in your Win2K network. — John Howie Essential Network Monitoring for the SMB, Part 1 In this first part of a two-part series, we identify the various devices and systems that you should monitor in an SMB for both security and operations purposes. We also identify the most common data-monitoring sources. — Randy Franklin Smith Essential Network Monitoring, Part 2: The Tools In this second part of a two-part series, we show you how to build a barebones monitoring solution by using free or inexpensive tools that are Windows event log–centric — Randy Franklin Smith Evaluating ICF Learn how to configure Windows XP's Internet Connection Firewall, which can provide basic, one-way security protection against mischievous probes and malware. — Roger A. Grimes Evaluating Security Certifications Information security–related certifications are becoming more prevalent. Here's how to decide whether one or more might be a good move for you and your career. — Randy Franklin Smith Exposing IE’s Hidden Zone Hidden from view, the My Computer zone goes unnoticed by many people. However, exposing this zone and manipulating its security settings can help tighten security in IE. — Mark Joseph Edwards Extending Windows SSO to Enterprises ENTSSO is a valuable service for enterprises that want to streamline and integrate the Windows-rooted portions of their IT infrastructures and applications with other legacy systems and applications. — Jan De Clercq File-Healing Utilities Help Prevent DLL Hell and Malicious Code To help prevent DLL hell, Microsoft includes SFC, WFP, and SFP in several Windows OSs. Although not their primary intention, these utilities also prevent malicious code. — Roger A. Grimes Filter for Security The third in a series, this article goes farther in depth to show you how to design LogParser queries to find important security information. — Randy Franklin Smith Firewall Appliances, Part 1 Firewalls aren't what they used to be, which is a good thing. As attacks have become increasingly sophisticated, firewall solutions have had to adapt. In this first part of a two-part series, we look at firewall solutions for low-security SMBs. — Thomas W. Shinder Firewall Appliances, Part 2 In this conclusion to our two-part series, we take a look at popular firewall appliances that are well suited to high-security SMBs and enterprise branch offices. — Thomas W. Shinder FOR MORE INFORMATION Understanding how EFS works is the key to securing your environment. Here are a few resources to get you started. — John Howie Get Ready to Bump Up Security with IE 7.0 Microsoft's browser has had lots of bad publicity because of its security vulnerabilities. But Beta 1 of IE 7.0 gives a preview of security enhancements that will make your users and your systems safer. — Jeff Fellinge Getting to Know ADAM ADAM is a truly lightweight solution for environments that require only a simple LDAP directory or that struggle with integrating directory security with Windows security. — John Howie Golden Rules to Group By This introduction to groups in Windows discusses group types, group scopes, and important rules for using groups to set up resource permissions. — Jan De Clercq Group Policy Changes in Windows Server 2003 Through new tools and overall fine-tuning, Windows 2003 beefs up the ROI of implementing Group Policy. — Joe Rudich Guarding Your Certificate Authorities Implement some disaster-prevention and recovery techniques that will help keep your CAs and the certificates they issue secure. — Brien Posey Hands-On NAQC Here's a hands-on tutorial for implementing NAQC for XP VPN clients, using strictly Microsoft-based tools so that you don't have to go out and seek third-party products. — Orin Thomas Hardening Service Applications Harden third-party software and reduce your security risk—create a user account for your software application to run on and grant it only the privileges necessary to do its job. — Mark Burnett Hfnetchk: Microsoft's New Hotfix Tool Microsoft's new tool, Hfnetchk, simplifies the process of auditing and installing security hotfixes on your network system. — Paula Sharick Hidden Risks in Email and Newsgroup Messages Guard against several vulnerabilities that exist in email and newsgroup messages. — Roger A. Grimes Honeyd for Windows Familiar with the benefits of a honeypot solution? Here's a look at how to configure and deploy a new Windows port of the popular UNIX-based Honeyd utility. — Roger A. Grimes Honeypots and Resource-Integrity Tools Learn how to track system intruders with honeypots and resource-integrity tools. Honeypots can lure attackers so that you can study their methods of operation, and resource-integrity tools can alert you to changes in files or other system resources. — Michael Howard How to Build a Snort Server IDSs are an important part of any network. One free, open-source tool for implementing an IDS is Snort. — Morris Lewis How to Choose an Antivirus Scanner Determining the perfect antivirus product for a given environment can be a difficult task. To do so, you need to understand the ingredients of a good antivirus scanner. Here's where to begin your research. — Roger A. Grimes How to Set Up a DMZ with ISA Server Without a DMZ to separate your publicly accessible servers from your internal LAN, you’re exposing your internal network to unnecessary risk. — Randy Franklin Smith IIS Application Isolation Enabling application isolation on an IIS server involves controlling the application's process identity and the user identity, along with expert use of NTFS permissions. — Brett Hill IM Security Primer Learn the basics of Instant Messaging, meet the four big IM networks, come to know the most common attacks, and find out how to protect your network against them. — Roger A. Grimes Improve Security with Windows XP's Command-Line Tools Windows XP provides new command-line tools, as well as new versions of some old favorites, to help you secure your systems. — John Howie Interoperable Windows and UNIX Security Microsoft SFU 3.0 supports secure interoperability between Windows and UNIX. — Jan De Clercq Introducing Credential Manager Microsoft includes a single sign-on solution called Credential Manager in Windows Server 2003 and Windows XP. — Jan De Clercq IPSec and Group Policy: A Stronger Defense Use IP Security and Win2K Group Policy to build a strong internal defense around your mission-critical resources. — Randy Franklin Smith IPSec and Group Policy: The Next Step The second article in this two-part series discusses IPSec's certificate-based authentication. — Randy Franklin Smith IPSec Tunneling with ISA Server If you use ISA Server as a router or firewall, you already have everything you need to create an effective Internet VPN. — Roger A. Grimes ISA Server 2004: Safer Services, Continued Part 2 of this two-part series walks you through the remaining steps in a sample ISA Server 2004 configuration that can increase security for Internet-facing applications. — Thomas W. Shinder ISA Server 2006’s New Publishing Tasks If you've struggled to publish Exchange Web Client Access or SharePoint sites, you'll find the publishing tasks in ISA Server 2006 more to your liking. — Orin Thomas ISA Server's Caching Capabilities, Part 1 This first article in a two-part series explains how to configure and test ISA Server's Web cache. — Leon Braginski ISA Server's Caching Capabilities, Part 2 This second article in a two-part series explains ISA Server's active caching feature, how to prepopulate the cache, advanced cache options, how to monitor the cache, and how to use scripts to work with the cache. — Leon Braginski Keep Out: Spam and Viruses Check out how your small business can benefit from a multilayered security strategy that deploys antispam and antivirus protection across a network. — Paul Robichaux Learn To Be Least Use these simple techniques to put least privilege into practice. — Jan De Clercq Learning from SQL Slammer Learn how to protect your systems from future attacks by SQL Slammer and similar worms. — Shon Harris Leveraging EFS with Your PKI EFS is a powerful technology that lets users protect sensitive data by encrypting it. Find out how to leverage EFS by tying it into your PKI. — John Howie Logon Rights: The Heart of Windows Access Control Learn about the 10 logon rights in Windows Server 2003 and Windows XP and how to use them to control how users can log on to local systems, over a network, or via Terminal Services. — Jan De Clercq LogParser Use Microsoft's LogParser tool to find the vital events buried in your Security logs. — Randy Franklin Smith Map Out Your Wireless-Security Audits Use graphical maps of your wireless network to increase security. — Tony Howlett Messaging CIA Whether main charge is security or Exchange Server, ensuring the confidentiality, integrity, and availability of your messaging systems is in your best interest. — Paul Robichaux Messaging Security Lea | |||||||||||
