Wednesday, December 19, 2007

Microsoft Hotfixes can now be downloaded directly from the KB article!

Got the info from Under the Stairs, but decided to echo it here as it is so useful to know. Not all KBs are ready though. In the end, this is the link you want to have: https://support.microsoft.com/contactus2/emailcontact.aspx?scid=sw;[LN];1414&from=KBHotfix&WS=hotfix

 

And may I add: It was about time...

Monday, December 17, 2007

PowerShell Character Ranges

PowerShell has a range operator. I you want to express the numbers from 1 to 5, you can specify that as 1..5. 1..5 actually build an array (object[]). One question I had during training was: Can the range operator be used on characters? The simple answer is no, but you can achieve the same with a small work around. Say you want to check the drive letters between F and M -

[char]"f"..[char]"m" | Foreach-Object { "Checking " + [char]$_ }

 

if the numbers are not in a sequence, you can use on of these -

"fgmr".toCharArray() | Foreach-Object { "Checking " + [char]$_ }

"fgmr".getEnumerator() | Foreach-Object { "Checking " + [char]$_ }

"f","g","m","r" | Foreach-Object { "Checking " + [char]$_ }

 

BTW: The range operator is limited to 50,000 elements - try 1..60000 and see the error message. If you need to go from 1 to 100,000, you can either do a for statement -

for($i=1;$i -le 100000;$i++) { blah }

or

1..50000+50001..100000 | { blah }

 

 

 

 

Got inspired by Oisin / Nivot Ink.

Posters

In line with the Windows Server 2008 posters, there is also an Exchange Server 2007 Component Architecture poster available on MS Downloads.

Friday, December 14, 2007

OCS/Asterisk integration work in progress

FYI - if you are interested in creating a test environment with Asterisk PBX, then you should take a look at Ryan Newington post on this or better yet subcribe to his RSS feed to get the updates.

Thursday, December 13, 2007

Office 2007 SP1 fixes for Office Communicator/presence

These are from the Office SP1 Whitepaper

  • Microsoft Office Communicator 2007 now presents more accurate presence information and does so with consistent visual cues.
  • The icons used to display presence are modified so that users who are red-green colorblind can determine people’s presence status.
  • Office Communicator 2007 no longer causes presence icons to flicker when multiple people appear simultaneously.
  • Presence information in Office Communicator 2007 and other Microsoft Office applications is consistent in all scenarios (So this applies to SharePoint to).
  • Microsoft Office Outlook® 2007 no longer starts in the background along with Office Communicator 2007.
  • Office Outlook 2007 no longer allows users to send instant messages to entire distribution lists when deployed in conjunction with Microsoft Office Communicator 2007.

Following are the KB articles referenced in the SP1 xls file

  • KB936871 When you sign-in to Communicator, Outlook is started in the background. For example, when you check Task Manager, the Outlook.exe process is running. Additionally, Outlook-related items, such as meeting reminders, may appear.
  • KB936871 To check for a missed conversation, you click the "Voice Mail" search folder in Outlook 2007. Or, you click the "Missed Conversation" notification in Microsoft Office Communicator. If you then check for a missed conversation in the same session of Communicator, you receive a notification that states that Outlook could not be started.
  • KB937212 When a message is saved as a missed conversation in the Microsoft Office Communicator folder in Outlook 2007, the message indicator for the folder does not indicate a new, unread message.

Find SP1 on Microsoft Update or at the download site.

Wednesday, December 12, 2007

Select NULL from Addresses?

Well, sometime I feel like nothing, null, zip, empty - but do they have to remind me???

image

On the other hand: A null may need some eLearning...

Monday, December 10, 2007

Set-NotepadFontSize.ps1

Small, but useful if you like I do change the font size all the time (e.g. for presentations/training/old eyes) -

param($fontSize=14)
Set-ItemProperty HKCU:\software\microsoft\notepad iPointSize ($FontSize*10)
 
If only Notepad supported Ctrl + Scroll Wheel for zooming...

Wednesday, December 05, 2007

Disabling (bypassing) Group Policy

Group Policy settings - including Software Restriction Policies - can easily be disabled - even by a standard user. Terrible! Read the full story in Security UPDATE from WindowsITPro magazine this week. The article sums up the story so far and contain links to other relevant articles.

Some of those articles require an account to read, so if you want to get to the hard facts right away, see the GPCul8r tool. I exteacted this from the readme.txt -

============
How it works
============

In order to do its thing, GPCul8r.dll needs to be loaded into the process space of whatever program needs to bypass group policy.  Once loaded, GPCul8r works by detouring calls to the ZwQueryValueKey function to see if the program is querying one of the keys related to a group policy setting we want to bypass.  If so, GPCul8r returns STATUS_OBJECT_NOT_FOUND, thereby tricking the caller into thinking the key doesn't exist.

GPCul8r being a quick & dirty little tool is not configurable.  The targeted key names are hard-coded in the source.  They are:

- TransparentEnabled (controls software restriction policy settings)
- ProxySettingsPerUser (controls access to the IE proxy settings dialog)
- DisableRegistryTools (duh)
- DisableTaskMgr (duh)

For more on the technique that GPCul8r uses, see Mark Russinovich's original article on the subject:
http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventing-group-policy-as-a-limited-user.aspx

The consequence: Everything below User Settings\Administrative Templates - e.q. every policy user level (as compared to kernel level or system level) code pulls out of the registry can be bypassed! If you want to counter this - read Mark's comment -

The bottom lines is that full control of an end-user environment is possible only with strict lock-down of the programs users run, something that you can accomplish by using SRP in white-list mode, for example. It's also important to note that the ability of limited users to override these settings is not due to a bug in Windows, but rather enabled by design decisions made by the Microsoft Group Policy team.

I do not know, whether Vista improves this - but I certainly hope!

Exchange 2007 SP1 and OCS UM notes and gotchas !

So you've download Exchange 2007 SP1 and want to install it on your UM server that is integrated with OCS!?

If this is your first OCS integration then you should start is by downloading the documentation and if you've earlier downloaded the Office Communications Server and Client Documentation Rollup then you should go to the Office Communications Server 2007 Technical Library and find the documents updated to version 1.1 (Quite a few of the planning and deployment guides are updated to version 1.1 - not the Enterprise Voice Planning and deployment guide though)

Then the next place you should start reading is the SP1 Release Notes and especially the part covering Unified Messaging and "Issues related to the Unified Messaging server role"

In short the important general issues are -

  • The Unified Messaging Server role must be installed on a dedicated role (Like in the Beta's)
  • Configuration data is overwritten during installation !
  • You must remove any language packs installed before installation of SP1

And most importantly when integrating with OCS the following issue apply -

  • The Exchange UM server itself cannot request the MRAS credentials required to initiate an outbound call to a remote user (A user on the Internet External to the Edge), so for Play on Phone to work in this scenario the UM Server role needs to have cached credentials from a previous incoming call and reuse these !! (Read the full evasive explanation in the Release Notes)

There are a few other smaller issues applying to OCS/UM but the above is by far the most important one (And I guess hours could be spent troubleshooting if you are not aware of this issue)