I made some updates to the automated firewall rule generation script. This includes some updates to the firewall rule spreadsheet to give information on setting setic ports and port ranges for RPC based services. This csv file may be a good general reference even without the script.
« Posts under Microsoft
Exchange 2010: Automated Firewall Rule Generation 1.2
I made a few changes to this script to make it more modular and to allow for more exceptions in regards to DAGs and sites. Enjoy!
Exchange 2010: Certificate Install Script
Many of the cert providers require that you install both an intermediary and a root trusted cert on the servers which you are configuring your newly requested Unified Communications certificate on. If you are doing an Exchange migration including several ISA/TMG/Exchange (2003 and 2010) servers this can be a tedious process. Here is the quick way to install all three certificates once they are on the server
Exchange 2010: Automated Firewall Rule Generation
A single, or even a dual site Exchange 2010 deployment does not usually require too much internal firewall manipulation. But if you have to setup a Exchange 2010 environment where there are many global sites or a heavily segmented network, the number of firewall requests required to get a fully functioning configuration working can be daunting. Wouldn’t it be nice to have some of those firewall rules automatically generated for you?
Exchange 2010: Protect VIP Mailboxes with Exclusive Scopes
Prior to starting my new job I wanted to ensure that my previous employer was able to protect VIP mailboxes in their Exchange 2010 SP1 organization. I had to do this with exclusive scopes and these are the steps I had to follow. A general knowledge of role based security is assumed in this post.
OCS 2007 R2: CRL Issue Causing Address Book Download Error
I ran into this issue recently. End users experienced a red splat in communicator exhibiting that there was an issue syncing the corporate address book. I found this excellent article explaining how an invalid Certificate Revocation List error may be causing this issue. My issue was slightly similar in nature but with some caveats.
Windows: 2003 to 2008 R2 RADIUS Migration
I found myself doing yet another Windows 2003 IAS Radius server migration to 2008 R2 NPS. I found that I had my prior notes and was able to do this quickly but, hell, if I’m looking this up in my own notes I may as well just post this succinct little procedure.
Active Directory: Role Based Access Modeling
Much of my time is spend delving into the minutia of a particular technology to resolve issues or improve department processes. But sometimes understanding and implementing a technology is not the best “fix” for an issue. Sometimes it is a mindset or a model that needs to change. I came up with this security grouping model to address some of the pains of managing permissions across large groups of systems in our environment. Ok, I modified a long standing Microsoft recommendation of AGDLP (an abbreviation of “account, global, domain local, permission”) to meet our needs. Regardless here is a quick rundown of this security group model I devised if anyone is interested.
Funny: Microsoft Goes Chick-Flick
My wife saw this on my laptop screen while we were on a plane trip. She pointed to it, and said “Awwwww!!” as if I were reading a book on relationships rather than a technical pdf going over general SCOM 2007 concepts.
Microsoft gets a bit soft...
Outlook 2010: Photo Sizing Tool
We are about to get into full swing with our Exchange 2010 mailbox migrations and, soon afterwards, Office 2007 to 2010 upgrades as well. Unfortunately, we don’t have our Sharepoint farm upgraded to 2010 yet so there will be no automatic syncing of user photos into the GAL for those nice vanity pics which you can view in Outlook 2010. I know people like to be seen so I found a nice powershell based GUI for our (awesome) service desk team to use to upload these photos for users as requested. But you still have to get these photos thumbnailed to approximately 96×96 before uploading. Repeated manual labor is the anathema of any self respecting sysadmin who knows how to hack other people’s code to suit their needs. So I whipped up a very dirty (as in, “wow, get the bar of soap” dirty) hack which combines this person’s clever photo-sizing hack with the prior mentioned gui.
»Read More