This Blog has moved to a new home …sharepointgeorge.com

Hi everyone!

A goal of mine earlier this year was to begin blogging and sharing with the IT Pro community my experiences, implementations and designs as an IT Infrastructure Manager who has a distinct passion for Microsoft Technologies.  So my first blog came about with the name of Everything IT and Everything Not which was soon changed to George Khalil’s everything IT.   During the last 6 months of blogging I have definitely learnt a lot about using various web blogging platforms, social media and a lot about the content that I was providing my readers with.

As you are already aware my passion is working with Microsoft Technologies with a very keen interest in Microsoft SharePoint, Exchange and of course Windows.  In order to serve you better and provide a greater range of coverage I have moved to a new blogging home http://sharepointgeorge.com

So to all my readers :), please ensure you update your RSS feed links to http://feeds.feedburner.com/sharepointgeorge

So this is my last post here so please look to my new site for all content moving forward. You can reach it here at: http://sharepointgeorge.com

See you there!!

P.S

In addition to moving from http://www.gk.id.au to http://sharepointgeorge.com I have created a second blog which delivers general ramblings on social media, social networking, home users of PC and Mac and everything in between which you can access via http://socialtechgeek.com   Target audience is EVERYONE :) Social Tech Geek came about from all the advice I have provided friends and family along the way and though what better way to share the love other than through the world wide web.

Slipstream Office 2007 Service Packs & working with the Office Customization Tool

I am currently in the process of creating my first Windows 7 Enterprise Image for Light Touch Deployment via Windows Automated Installation Kit (WAIK) and Windows Deployment Services (more on this at a later date) and am currently at the stage of organising my client applications for deployment.  Office 2007 is on the top of my list and in today’s post I will show you how you can incorporate Service Pack 2 for Office 2007 in the single installation also referred to as slipstreaming and in the second part of this post discuss how you can further customize an installation of Office 2007 via the Office Customization Tool (OCT).

In Office 2007, Microsoft has provided you with the ability to slip stream service packs and updates via the “Updates” folder located in the installation media or the distribution point that you create.  That means that the installation will always look in the updates folder and automatically install these automatically as part of the initial installation process.  This is useful in situations like the one above where you are creating a new Windows Image for deployment and you want to expedite the installation process removing the need to rely on Microsoft Updates for service pack installations. 

So let’s begin by creating a folder in a shared location (your distribution point) and copy the contents of the Office 2007 media to this location.  In my case I will create a folder called Office2007.

\\SERVER\SHARE\Office2007 In my case I have mapped this file share to the letter M for later reference.

We now need to download the latest service pack available for Office.  At the time of this post, Service Pack 2 for Office 2007 is the latest and can be downloaded from the  Microsoft Download Centre via the following link.  http://www.microsoft.com/downloads/details.aspx?FamilyID=b444bf18-79ea-46c6-8a81-9db49b4ab6e5&displaylang=en

You will notice that the file downloaded is an exe file “office2007sp2-kb953195-fullfile-en-us.exe” which we will need to extract in order to retrieve the msp files that are needed for the “Updates” folder that is located in our distribution point.

In order to extract the files, run the following command from command prompt;  In my example I have saved the executable to the root of M.

M:\office2007sp2-kb953195-fullfile-en-us.exe /extract:”M:\Office2007\Updates”

The following screen will appear.  Accept the Microsoft Software License Terms and then click on Continue.

File extraction will now proceed.

Once the file have been extracted, you will receive the below completion notice.  Click OK to acknowledge.

Upon completion the msp files will be listed below as follows.

Now that our distribution share contains the latest updates, let’s now shift our focus to the Office Customization Tool which is available to IT Professionals and Volume Licensing customers providing you with the ability to further customize the installation of Office 2007 by creating a custom msp file that can be deployed as part of the initial deployment, or at a later date if making minor modifications to an existing installation.

The OCT is invoked by typing the following command from the Office 2007 media;

setup.exe /admin

The following window will be displayed as follows;

We will create a new setup customization file so select the first option and then click OK.

You will now proceed and make any modifications that are necessary for your deployment.  Such modifications may include but are not limited to;

Entering your Organization name under “Install location and organization name”

Entering your Volume License Key under “Licensing and user Interface”


Creating a default Outlook profile for your user under “Outlook  profile”

e.g. Modifying the “Install location and organization name” parameter

Once you have entered your modifications, you will need to save the MSP file that you will then copy across to include in the updates folder which also includes the service pack 2 msp’s that we extracted earlier.

More details on the OCT for Office 2007 can be found in the following Microsoft TechNet Link; http://technet.microsoft.com/en-us/library/cc179097.aspx

We are almost done.  We are now ready to deploy Office 2007 to all our computers from our single distribution point that includes the latest service packs, updates and modifications.

My preferred method in deploying Office 2007 is through Group Policy computer start-up scripts which is explained in quite a bit of detail in the following Microsoft TechNet Link; http://technet.microsoft.com/en-us/library/cc179134.aspx  There are notable advantages in deploying Office 2007 via start-up scripts as opposed to the tradition Group Policy Software Installation method with the main advantage in being able to utilise the updates folder that we created and slip stream all updates and modifications in the single installation.  This cannot be done via Group Policy Software Installation as noted in the following Microsoft TechNet Link; http://technet.microsoft.com/en-us/library/cc179214.aspx

Microsoft provides you with the following example script for deploying Office 2007 which you will then assign to Group Policy start-up scripts within your specific Group Policy Object.

setlocal

REM *********************************************************************
REM Environment customization begins here. Modify variables below.
REM *********************************************************************

REM Get ProductName from the Office product's core Setup.xml file.
set ProductName=Enterprise

REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer=\\server\share\Office12

REM Set ConfigFile to the configuration file to be used for deployment REM (required)
set ConfigFile=\\server\share\Office12\Enterprise.WW\config.xml

REM Set LogLocation to a central directory to collect log files.
set LogLocation=\\server\share\Office12Logs

REM *********************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM *********************************************************************

IF NOT "%ProgramFiles(x86)%"=="" SET WOW6432NODE=WOW6432NODE\

reg query HKEY_LOCAL_MACHINE\SOFTWARE\%WOW6432NODE%Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
if %errorlevel%==1 (goto DeployOffice) else (goto End)

REM If 1 returned, the product was not found. Run setup here.
:DeployOffice
start /wait %DeployServer%\setup.exe /config %ConfigFile%
echo %date% %time% Setup ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt

REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End

Endlocal

I am now ready to deploy Microsoft Office 2007 to my Windows 7 Image.

Introducing your first Windows 2008 R2 Domain Controller

Windows 2008 R2 has only been out for over a week however I have decided to introduce my first Windows 2008 R2 domain controller (DC) almost immediately into an existing Windows 2008 Active Directory (AD) Domain to eventually have a complete R2 forest functional level to benefit from some of the new R2 features.  For a seasoned IT Pro, introducing new domain controllers is fairly straightforward, however I have decided to provide you with a step by step guide on doing so and the pre-work that is required, so let’s begin!

Now before we delve into the step by step guide I thought I would begin by listing the notable enhancements that come with R2 when it comes to Active Directory.  These are;

AD Recycle Bin – For me this is a long awaited feature providing you with the ability to recover deleted objects.  (Note there are already 3rd party products that have been providing this capability for many years).   In order to activate the AD Recycle Bin, you will require the AD functional level raised to R2, i.e all your domain controllers will need to be R2 providing you with the ability to raise the functional level.

AD Administrative Center – Ease of management for domain(s) providing you with task oriented user interface.  Screen capture located at the end of this post.

Powershell Cmdlets – There are approximately 85 Active Directory related PowerShell cmdlets that replace current Active Directory command line tools.  Whether we like it or not, Microsoft is really pushing Powershell and is a skill that is now required by system administrators.

Service Account Management – Forget about managing service account passwords as these are now automatically updated for all services when an administrator changes the password.  This is also a welcome enhancement for most administrators.

Active Directory Best Practices Analyser – Know the health of AD based on best practices.  This is similar to “other notable” best practices Analysers that we have come accustomed to from other Microsoft products notably Exchange.  Screen capture located at the end of this post.

So let's begin by analysing the pre-work that is required before we introduce a Windows 2008 R2 DC.  Because this is the first Windows 2008 R2 DC that is being introduced into an existing domain you will need to run adprep /forestprep command on the server that is holding the schema master operations master.  Note that you will need to do this regardless of whether you are running a Windows 2003 or Windows 2008 domain as the schema database version has changed in R2.  The following KB article from Microsoft http://support.microsoft.com/kb/324801 outlines how to view the Flexible Single Master Operations (FSMO) roles to determine which of your AD servers is holding the schema master operations master.

You will need to run adprep command line utility from the Windows 2008 R2 media which is located under the support\adprep folder.  The below message is what you will receive when trying to run adprep from a DC that is not a schema master operations master.

Once you have located the schema master operations master domain controller, open a command prompt, navigate to the Windows 2008 R2 media support\adprep folder and run the following command;

adprep /forestprep (Word of note, you will notice adprep32.exe is also available to you under the adprep folder if your current schema master operations master DC is a 32 Bit server)

Type C and then press ENTER to continue.

You will notice below that the schema version number for Windows 2008 R2 is 47.

After running forestprep you will need to run the adprep /domainprep /gpprep command on the server that holds the infrastructure operations master.

Once these two commands have been issued you will be ready to deploy your first Windows 2008 R2 domain controller.

We can now invoke the Active Directory Domain Services Installation Wizard by running dcpromo from either command line or Start / Run.

Click Next. The below Operating system compatibility warning is displayed.

Click Next.  We are introducing an additional domain controller into an existing domain as per the below screen capture.

Click Next. It will detect the current forest and current logged on credentials.

A list of domains in the forest will be listed as per the below screen shot.  Select the domain that you will introduce the new DC into and then click next.

You will receive the below warning “You will not be able to install a read-only domain controller in this domain…”.

You must first run "adprep /rodcprep" from a command window on any computer in this forest. The Adprep utility is available on the Windows Server 2008 R2 installation media in the \support\adprep folder.

Click Yes to acknowledge the warning as we are not installing a read-only domain controller at this time.

Select your site for the new domain controller.

Click Next.  The wizard will begin to examine your current DNS configuration.

You will be presented with additional Domain Controller Options that you can select or deselect.  Again we are notified that a domain controller running Windows Server 2008 or Windows Server 2008 R2 could not be located in this domain. To install a read-only domain controller, the domain must have a domain controller running Windows Server 2008 or Windows Server 2008 R2.  I admire Microsoft’s thoroughness and rigorous checks and warnings but they can sometimes be annoying.

Select a location for your database, log files and SYSVOL. It is best practice here to specify a separate disk for your logs and database.

Now specify your Directory Services Restore Mode Administrator Password.

Click Next.  The installation and configuration process now begins.

The below screen appears upon completion.  That’s it!  Reboot your machine and your new Windows 2008 R2 server will have transformed into a domain controller.

At the beginning of this post, I outlined some of the features and enhancements provided by R2 and as promised, below are screen captures of the Best Practices Analyser in action for Windows Active Directory and the new Active Directory Administrative Center.

I will leave you with a link to the TechNet Webcast: Active Directory Domain Services in Windows Server 2008 R2 Technical Overview (Level 300) which is worth watching.

My goal now will be to update the remaining two Active Domain controllers and raise the forest functional level opening the door to the new R2 Active Directory features that I will blog about in future posts.

So what is your favourite or sought after R2 feature when it comes to Active Directory?  I would be more than happy to hear your thoughts.

Forefront Server Security engines retiring soon

If you aren’t already aware, or haven’t been notified for that matter through Forefront’s diagnostic notification system, Microsoft’s Forefront Server Security for Exchange and SharePoint is retiring 3 of it’s 9 engines on 1 December 2009.  Forefront server security products has been renowned for its multiple scanning engine technology that allows you to scan items using up to 5 of its 9 engines at any one time, but that is about to change.  So which engines are being deprecated and why?

If you are running any of the Forefront Server security products such as Forefront Security for Exchange Server or Forefront Security for SharePoint and you have diagnostics email alerts setup you should have received 3 emails in your mailbox recently notifying you of the deprecation similar to the below;

Sophos Virus Detection Engine has been deprecated as of 1/07/2009 and will be available only until 1/12/2009. Updates for this engine will stop after 1/12/2009. For more information, see http://go.microsoft.com/fwlink/?LinkId=152864

The other engines that are also retiring are CA and AhnLab.  Microsoft makes the following statement in their Forefront Server Security Engines Revisions FAQ document.

“The set of five engines available in Forefront server security products as of Dec. 1, 2009 includes Microsoft AV, Kaspersky, Norman, VirusBuster and Authentium. However, these engines may change over time as we seek to improve overall protection metrics and to maintain our detection advantage relative to our competition and in support of our customer needs”

It is noted that Forefront Server Security customers should update to the latest service packs before the 1 December 2009 in order to take advantage of the five engines that Microsoft are retaining.

More details and the full “Engine Revision Overview and FAQ” document can be found on the Microsoft TechNet Site.

Let’s first begin to ensure that Forefront Diagnostics has been setup.  The Forefront Server Security Administrator console is similar for both Exchange 2007 and SharePoint so let’s begin by launching the console and navigating to Settings and General Options.  Under the Diagnostics heading, ensure that the following options are ticked as follows.

Let’s now de-select the engines that are being retired and select alternatives as replacements.  This is achieved by navigating to Settings / Antivirus and deselecting the File Scanners for each of your listed Jobs.

After ensuring that none of the retiring scanners are selected, we can proceed to disable the automatic signature downloads for those scanners.  We do this by navigating to Settings / Scanner Updates and clicking on Disable against each respective retiring engine.

 

That’s it for now!  So what’s next?  We will just have to wait and see but hopefully Microsoft’s next generation of Forefront products codename “Stirling” which is now in beta 2 is just around the corner.  You can read more about Stirling on the  Microsoft TechNet Site.

Integrating Exchange 2007 Messaging Records Management with SharePoint Document Libraries – Part 2

Welcome back to the final post in this 2 part series, Integrating Exchange 2007 MRM with SharePoint Document Libraries.  Today’s post will wrap things up by going through the process of mail enabling an existing SharePoint document library and creating a new managed content setting in Exchange 2007 providing us with the ability to journal a copy of all messages moved into our “Project XYZ” managed folder located in Outlook, into our Shared collaborative Document Library under our Project Team Site.

Recall from part 1, that the objective of integrating Exchange MRM with SharePoint is to provide us with the ability to store and centralise all emails pertaining to a specific project from multiple users into a single SharePoint document library, that can be easily accessed by the Project Team.  If you missed the initial setup of Exchange MRM, you can access part 1 of this series here.

We finished off our last post by having our Project XYZ Managed Folder automatically pre-created for our specified Exchange users as per the below screen shot.

This has provided all users from the Project XYZ Team site the capability of moving all email records in relation to Project XYZ into this so called “dumping ground”.  At the moment, it’s fairly static and the information “dumped” into this folder isn’t going anywhere any time soon.  But this will now change by creating a new “Managed Content Settings” policy in Exchange 2007.  But just before we go ahead, we need to ensure we have our SharePoint Document Library ready to receive incoming emails.

To mail enable a SharePoint Document Library, navigate to the Project XYZ Document Library in question and click Settings / Document Library Settings / and click on Incoming e-mail settings under Communications.

We will then fill out the details as per the below screen shot.

This will go ahead and create the corresponding Contact address in Exchange 2007.  Please note this article is assuming that your SharePoint farm has been correctly setup to receive Incoming mail.  Click on the following TechNet article for further instructions on how this can be achieved; http://technet.microsoft.com/en-us/library/cc262947.aspx

We can now proceed with the creation of the Exchange Managed Content Setting for our Managed Folder. 

To so, navigate to Mailbox / Managed Custom Folders / click on the newly created custom folder, in our case Project XYZ and then click on New Managed Content Settings.

The below wizard is invoked and we will specify the following details as per the below screen shot.

Your goal here should be defined to meet the business requirements and in this example we will want to keep items that are moved into the Project XYZ managed folder for 30 days. After the 30 day period ,the items are permanently deleted to empty the user’s Project XYZ custom folder.

Do not fear however!!  In the next screen we will specify our Journaling options providing us with the capability to auto forward a copy to our SharePoint Email Enabled Document Library that we had created earlier. One of the advantages of using Managed Content Settings and Journaling with SharePoint enabled Libraries, is that you can specify the format of the email message and hence I have selected Outlook Message Format to ensure greatest compatibility.

Click New to Finish.

You will now notice that our Managed Content Settings has been applied against our Managed Custom Folder as per the below screen shot.

That’s it!  Based on your Managed Folder Assistant Schedule that we configured in part 1, all email records that are moved into the Project XYZ Managed Folder in Outlook will be copied to the Project XYZ Document Library as well.  In order to expedite the process and to ensure that it is all working, you can run the following Exchange Management Shell command;

Start-ManagedFolderAssistant

Once the Managed Folder Assistant has been initiated, it should only be a matter of a couple of minutes until you see your SharePoint Document Library populated as follows.

The Folder Assistant is intelligent enough to only copy the emails that are stored under the Managed Folder in Outlook once, avoiding any duplication.  It there are emails with the exact same subject line, SharePoint is also intelligent enough to follow our settings that we configured earlier for our email enabled SharePoint Library. In my setup we set it to not overwrite and hence will append the subject with a unique number as per the below screen shot.

In summary, Exchange 2007 MRM and SharePoint Document Libraries has enabled us to control the lifespan of items that are moved into our Project XYZ Managed Folder that we have created in Exchange and the capability to journal a copy of all records that are moved into this folder to our SharePoint document library for collaborative and archival reasons.

Hope you enjoyed this two part series and am sure you will find use with integrating these two technologies together to meet your business requirements.

Integrating Exchange 2007 Messaging Records Management with SharePoint Document Libraries – Part 1/2

There are two technologies in my IT Pro life that I am very passionate about, SharePoint and Exchange, so why not incorporate both passions in a single blog post. In this two part series I will be discussing how we can manage email records from our Exchange mailboxes and archive them in SharePoint Document Libraries for compliance or collaboration reasons.  Exchange 2007 introduced a great new feature set in the name of “Messaging Records Management” or commonly referred to as MRM.  Managed Default Folders is a key component of MRM which will assist us in achieving our archiving strategy.  Exchange 2007’s MRM functionality provides organisations with the ability to set email-retention policies, the ability to manage content residing in mailboxes and to establish an archiving strategy to SharePoint Document Libraries.

This is a great feature when you want to combine email records from various users working on a particular project and have them reside under the Team SharePoint Site Document Library. In this 2 part post I will provide step by step instructions on how this can be achieved with today’s post focusing on Exchange and the creation of our managed “project” folder .

So let’s begin by firing up the Exchange Management Console and navigating to Organization Configuration / Mailbox and then click on the Managed Default Folders Tab. You will notice the system default folders listed as per the below screen shot.

In our case we will create a new Managed Custom Folder for a specific project that we will later integrate with a specific document library located under our project team site.

In order to create our Managed Custom Folder, navigate to Actions and select New Managed Custom Folder..to invoke the wizard.

Enter the Name, Display Name and Description similar to the below screen shot.

Please take note of the Exchange Enterprise CAL requirement.

After filling the details click New. Your managed folder has now been created and listed under the Managed Custom Folders Tab per the below screenshot.

If you are an Exchange Management Shell person and would like to create a managed custom folder that way, all you need to do is simply type in the below command.

New-ManagedFolder -Name Project XYZ -FolderName "Project XYZ"

Now that our Managed Custom Folder has been created, we need to create a Managed Folder Mailbox policy.   Also located under Actions, Select New Managed Folder Mailbox Policy …

Creating a managed folder mailbox policy setting is great when grouping together a set of managed folders that you can then assign to a user mailbox in the one step.

Type in your managed folder mailbox policy name and then select Add to select the Managed Custom folder that we had just created earlier.

Your newly created policy will now be listed under the Managed Folder Mailbox Policies Tab as per the below screen shot.

We now have the capability to assign this policy to our users. So let’s now do so by navigating to Recipient Configuration / Mailbox. Right click on your user and select Properties / Mailbox Settings.

Select Messaging Records Management and then click on properties. From here, click on browse and select the Policy that we have just created.

When applying the settings you will receive a warning regarding compatibility with different Outlook versions, but we can ignore this warning as we are all running Outlook 2007/10 right?

Now that we have created our custom managed folder and policy we need to ensure that our Managed Folder Assistant Schedule has been setup. To so, navigate to Server Configuration / Mailbox and right click on the top pane on your server name and select properties. Then click on the Messaging Records Management tab.

By default it will be set to “Never Run”. We will click on Customize and set a schedule for it to run during non business office hours.

Now rather than waiting for the next scheduled time we can force the process via the Exchange Management Shell by running the following command.

Start-ManagedFolderAssistant

The below entry should appear in your Windows Application Event Log when the Managed Folder Assistant routine is run.

Event Type: Information

Event Source: MSExchange Assistants

Event Category: Assistants

Event ID: 9022

Date: 16/07/2009

Time: 11:01:18 AM

User: N/A

Computer: EXCHANGESERVER

Description:

Service MSExchangeMailboxAssistants. Managed Folder Mailbox Assistant for database Users Mailbox Database/Users Mailbox Database (ed6raqeq29db3-7301-4443-8917-a3b6e7857dd1) has finished an on-demand request. 1002 out of 1002 mailboxes were successfully processed. 0 mailboxes were skipped due to errors.

I can now open up Outlook for the user we applied the policy to and see that the Project XYZ managed folder has been created and listed under Managed Folders.  Remember, this is the folder that our user can now drag emails into for compliance or archive reasons.

Now that we have successfully created and deployed our Managed Folder Project XYZ we will continue our journey in Part 2 where we will mail enable a SharePoint Document Library providing it with an SMTP address and creating a Managed Content Setting that will be applied to our manage custom folder “Project XYZ”.  This will enable us to control the lifespan of items that are moved into our Project  XYZ Managed Folder that we have created and to also enable journaling on that folder to forward a copy to an alternative address, in our case the SharePoint Document Library SMTP address for archive.

If you would like to notified of future articles via email click here or subscribe via RSS.