Kevin Remde's IT Pro Weblog

  • Best of Questions and Answers from TechNet Webcast: Recipient Management, Policies, and Permissions in Exchange 2007

    Some guy happily running Exchange 2007Hi all!

    Below are the questions I pulled out of the Q&A log from the TechNet Webcast: "Recipient Management, Policies, and Permissions in Exchange 2007", along with the answers.

    Hope you find them useful!

    Kevin

    ---

    Questions and Answers:

    “What is the command to give a user mailbox permissions to a mailbox?”

    In one of the last demos I did in the webcast, I used the add-mailboxpermission command to give add full-access permissions to Andy to another users Mailbox. That would be a good way to, say, grant someone rights on the mailbox for a resource that the user will be responsible for.

    The command I entered was

    add-mailboxpermission –identity “andy teal” –user “Anton Kirilov” –accessrights fullaccess

    “If I convert a security group to universal group, all permissions will be gone? Or they will be inherited?”

    They will remain. There are caveats on what can be converted, based on membership restrictions… but if there are none of those, then the conversion should work fine.

    Here is a page that describes all the ways conversions can happen:
    http://technet2.microsoft.com/windowsserver/en/library/79d93e46-ecab-4165-8001-7adc3c9f804e1033.mspx?mfr=true

    “I have heard that spaces are no longer allowed in aliases. Is that correct, and why? What are "aliases" actually used for?”

    Aliases are also what is (by default) used as the part of your e-mail address to the left of the "@" sign - so it makes sense that they do not have a space. They are also really the main unique way of identifying a mail-enabled entity in your Exchange org.

    “Is there a migration toolkit/Document for moving from 2003 to 2007 available?”

    Here is a good starting point for your migration planning:
    http://technet.microsoft.com/en-us/library/a313c016-0e51-466e-a3de-953e1e0d347d.aspx

  • Great! We have a date! (for the LAUNCH)

    The Date: February 27, 2008

    The Place: Los Angeles

    The Launch: Windows Server 2008, Visual Studio 2008, and SQL Server 2008

    Announced at the WWPC yesterday, and released in this press release as well, the February 27 date is the official kick-off of hundreds of launch events that will go on around the world.

    And if you're really keen on counting the days - here's a gadget for your Windows Vista sidebar:

    CountdownGadget

    Add this Gadget to your Vista desktop

  • Best of Questions and Answers from TechNet Webcast: Next Generation Networking with Windows Vista and Windows Server 2008

    Here are the "Best Of" the questions and answers from today's TechNet Webcast: Next-Generation Networking with Windows Vista and Windows Server 2008.

    Big thanks to Chris Avis for assisting on the webcast by answering questions.  It's his efforts that this represents.

    And especially - thank you to all who attended! 

    -Kevin

    ---

    Questions and Answers:

    “Can you explain the Connection Security Rules?”

    A connection security rule determines the type of authentication that is required between machines.  Client to Client, Client to Server, Server to Server.  It can be used to request or require a specific type and level of authentication before any further communications takes places. This provides protection against man-in-the-middle attacks, and secures communications end to end to prevent modification of the payload (data integrity).

     

    “What is the hot fix that has been referenced in a number of blogs that is needed to address problems transfering large files in VISTA where the transfer slows or even stops?”

    Yes, there have been reports that there is a bug in how Windows Vista Auto Tuning works… and the temporary solution is that you could turn off that functionality using netsh at a command prompt:

    netsh int tcp set global autotuninglevel=disabled

    And when the fix has been made available in the windows update sources, and you’re ready to turn it back on again:

    netsh int tcp set global autotuninglevel=normal

    Both of these will require the machine to be restarted.

    You could also call Microsoft support and get the hotfix. Here’s the KB (931770) about the bug, and how to contact support.

    (Props to Alpesh for this answer.)

     

    “The features of NAP look great, however is it still possible for an employee to come in the office with their own laptop (running vista or xp home) and access files and emails (same with VPN connection) - you dont HAVE to be a member of the domain do you???”

    Check out the Introduction section of this document -- http://www.microsoft.com/technet/network/nap/napoverview.mspx -- NAP can work again managed and unmanaged client machines. This makes NAP very flexible.

     

    “If I do a network bridge between two network cards on the same server, then am I bypassing any security?”

    Not if you are configuring IPSec Policies correctly. You can also use Group or Local Polices to deny the creation of bridges, and of course, remove network adapters from machines that might open up security issues.

     

    “What was the name of that TCP fairness algorithm?”

    “Fair Queue Model” technology.

     

    “Does Longhorn beta3 fully support IPV6 (DHCP,DNS)?”

    Yes

     

    “Where can we find more information about DNS6 implementation in Longhorn server?”

    http://www.microsoft.com/windowsserver2008/default.mspx

     

    “Is anyone really deploying IPV6 ???”

    Yes

     

    “How do you determine routers on the WAN use (ECN?).”

    Check with your vendor. They should be able to tell you if it supported, and if you need to upgrade or update the firmware or software to support it.

     

    “If deploying only Windows 2008 Server OR Vista for workstations, which would you suggest be done first?”

    I don’t know of any reason to install one or the other first. Windows Vista can be first – not only because it’s already available, but because you can take full advantage of the new native functionality, and even use Group Policy to manage it (yes, even on older Domain environments). So.. I would do Vista now, and Windows Server 2008 when it’s available early next year.

    Most importantly, though… start evaluating NOW. Download the trials / betas / release candidates when they’re available, and try out scenarios that match what you’re doing in your business. Use virtualization (Virtual PC 2007 or Virtual Server 2005 R2 SP1) to build virtual machine environments rather than dedicating physical machines to this process.

     

    “Could you supply me a link for that download for vista please? Thanks”

    I have to apologize.  I was wrong about the availability of just anybody to download Windows Vista.  It is available for evaluation download for TechNet Plus subscribers, but you have to buy it to download it otherwise.

    The good news is (and thanks for this link, Chris) that you can download a virtual machine .VHD file that is an installation of Windows Vista that you can use.  It’s a 30-day evaluation.

    You’ll find that virtual machine here: http://www.microsoft.com/downloads/details.aspx?familyid=c2c27337-d4d1-4b9b-926d-86493c7da1aa&displaylang=en&tm

    If you simply want information on evaluating Windows Vista (great links on “things to try”, etc), check it out here: http://technet.microsoft.com/en-us/windowsvista/aa905059.aspx

    And if you’re ready to buy it, I would recommend you start here and navigate into the "Ready to buy?" Windows Marketplace Links. http://www.microsoft.com/windows/products/windowsvista/editions/default.mspx?wt_svl=20211a&mg_id=20211b

     

    “What was that link that Kevin added to the summary slide?”
    http://www.microsoft.com/technet/itsolutions/network/tcpip/default.mspx

     

    “Thanks for the info, very useful :)”
    You're quite welcome. Use it well!