Unable to Grant Domain Local Groups Full Access Permission to a Exchange 2010 Mailbox using the GUI

Posted on January 26, 2012 by

John Doe is a user in your Active Directory environment (Windows Server 2008 R2 Forest Function Level) with a mailbox on the email server (Exchange Server 2010 with SP2):

You want to grant a domain local group named “Test Group” the full access permission to John Doe’s mailbox:

You attempt to grant this permission by selecting “Manage Full Access Permission” from the Exchange 2010 Management Console:

When you click add and search for the group, it doesn’t appear:

PowerShell to the Rescue! The only way I’ve figured out how to accomplish this (work-around for this issue) is to use the  ”Exchange Management Shell” (PowerShell). In this scenario, use the following PowerShell script:

Add-MailboxPermission -Identity "John Doe" -User "Test Group" -AccessRights "FullAccess"

Even though the syntax uses the parameter name “-User”, you can specify a group name.

The full access permission for John Doe’s mailbox is now assigned to the “Test Group”:

µ

Posted in Active Directory, Exchange Server 2010, PowerShell | Leave a comment

Initial Thoughts of the Apple iPad 2

Posted on January 12, 2012 by

Santa Claus brought me an iPad 2 for Christmas a few weeks ago. I must have been really good this past year for him to leave me something so cool (or he left it at the wrong house).

This is the first Apple product that I’ve owned and I have to say that I’m very impressed with it. The delivery of the product is spectacular. There’s a layer of protective film over the screen with a tab on the bottom of it. Here’s what it looks like when you open the box:

Once you remove the actual iPad, you’ll find the power adapter and a small box containing the documentation:

Here’s the small documentation box along with the items that it contains:

I honestly didn’t even know how to turn it on. Luckily the documentation is minimal and super easy to find out where the power button is located. It’s in the top right corner. The iPad 2 is actually a little bit smaller than what I expected. I expected it to be more of a notebook size (8.5×11 inches), but it just the right size. Here are the detailed specs.

I’ve been working with computers professionally since 1994 when I took a job with IBM and I can tell you from experience that you can’t compare the iPad 2 or its hardware specs to a PC. Even though according to the reviews I’ve read, it only has 512Mb of RAM, it has awesome graphics performance and all the power you’ll need. I’ve played Real Racing 2 HD for hours on end without needing to recharge the battery. All of this for less than $500 for the 16GB WiFi model. There’s no way you could buy a portable PC for that amount of money with that kind of performance and battery life.

I haven’t played games much in years since I can find a lot of better things to do with my money than upgrading my computer every six months and spending $50 or more for games. I’ve actually paid as much for a single computer component (Video Card) as the entire iPad 2 costs just to play the latest games. In my opinion, the iPad 2 is the new ultimate gaming device. It’s even better and probably cheaper than the Nintendo 3DS by the time you factor in the cost of games. I bought tons of games over the Holidays on sale for one to two dollars each. Many games (and apps) are free and a lot of them that do cost money are a dollar each without being on sale. The iPad 2 itself reminds me of a Wii controller. I’m not really a fan of racing games except for maybe Mario Kart Wii, but on the iPad 2 you turn the iPad like you would the Wii controller (the iPad is the steering wheel). One of my daughters was sitting with me watching me play the iPad holding her 3DS and said “Daddy, you know you can play my DS any time you want”. I think what she was getting at is that she wanted my iPad. I’ve finally given them a change to play on it some.

I read several reviews and decided to go for the cheaper 16GB model since most of the reviews said it would have plenty of space unless you planned to store music and videos on it. That’s not really true. If you start buying games that are 1 GB+ each, you’ll fill that amount of space up in no time. I’ve started just keeping the games I’m actively playing on it so space is less of an issue.

I don’t see the iPad 2 as being a replacement for my desktop PC or laptop computer, but something that compliments them. I do see it as a replacement for my netbook which is dog slow compared to the iPad 2 and the netbook has 2GB of RAM along with a 120GB SSD hard drive. If I had to define the iPad 2 in a few words, it would be “An Awesome Personal Entertainment Device”.

µ

Posted in iPad 2 | Leave a comment

Oh Where, Oh Where Have My Group Policy Options Gone?

Posted on December 22, 2011 by

You are unable to find specific GPO options such as “Compatibility View” settings for Internet Explorer. One of the first things to look at is: Where are the policy definitions being retrieved from? The default for an Active Directory environment is from the local machine as shown in the image below:

If you’re editing the GPO on a domain controller and have multiple domain controllers that are running different operating system versions, the available options will vary from machine to machine. Setting a GPO option on a machine with newer ADMX files:

And then viewing the report for the same setting on a machine with older ADMX files that are unaware of that particular option will result in it showing as “Extra Registry Settings”:

To have the same options available from any machine you’re editing the GPO from, you’ll need to create a central store for the group policy administrative templates. To create a central store, copy the “c:\windows\policy definitions” folder from one of the domain controllers (preferably the one with the newest operating system version on it out of all of your domain controllers) to “\\domain.name\sysvol\domain.name\policies”:

The problem this creates is these policy definitions are not updated automatically as they would be if the local machine ones were being used. You can see the ADMX file for Internet Explorer (inetres.admx) is much newer than the other files in the local machine folder:

This is because it was updated automatically when Internet Explorer 9 was installed.

If you’re missing settings, compare the ADMX files in the central store to the local machine ones in “c:\windows\policy definitions”:

You can also download updated ADMX files from Microsoft for newer products such as IE9 that you may not already have an updated ADMX file for. The IE9 ones are part of the Internet Explorer Administration Kit (IEAK). Place them in the central store to make IE9 specific options available when modifying the GPO’s.

Once you have a central store, the GPO will retrieve the policy definitions from it:

You’ll notice that I no longer have a “Compatibility View” folder under “Internet Explorer” in the image above even though this is on the same domain controller as before. That’s because the ADMX files for IE (inetres.admx and .adml) in the Central Store are older and don’t have those particular settings.

There’s a good article on MSDN: “Managing Group Policy ADMX Files Step-by-Step Guide” and another good article from Microsoft Support: “How to create a Central Store for Group Policy Administrative Templates in Windows Vista” on this topic.

µ

Posted in Active Directory, Group Policy | Leave a comment

Open a SharePoint Document Library with Windows Explorer

Posted on December 15, 2011 by

When attempting to open a SharePoint document library from a machine running Windows Server 2008 or 2008 R2 by using the “Open with Explorer” button as shown in the image to the right, you receive:  “Message from webpage > Your client does not support opening this list with Windows Explorer.”:

To resolve this problem, enable the “Desktop Experience” feature on the machine you are attempting to open the document library from (the client machine):

You can also enable the “Desktop Experience” feature using PowerShell:

Import-Module ServerManager
Add-WindowsFeature Desktop-Experience

A restart is required once this feature is enabled.

µ

Posted in PowerShell, SharePoint, Windows Server 2008, Windows Server 2008 R2 | Leave a comment

Add an Additional Web Front-end Server to an Existing SharePoint 2010 Farm using PowerShell

Posted on December 8, 2011 by

You’ve followed the instructions in my other three blogs and built a SharePoint 2010 farm (not a stand-alone installation) with one or more web front-end servers.

Per one of the notes in a TechNet article I found:  “As a best practice, we recommend the operating system on the new server should be at the same service pack level and have the same security updates and other hotfixes as the existing farm servers.”  This article also shows the steps that I’ll be demonstrating in this blog.

All of the normal tasks per your organization’s standards should be performed on this server before attempting to install SharePoint. This includes assigning a static IP address, adding it to the domain, running Windows Updates until no further updates are available, installing Antivirus, Backup Client, setting up a Backup Job, Monitoring, etc.

While not a requirement for SharePoint 2010, I’m installing the PowerShell ISE and enabling scripts on my SharePoint server since it’s one of the main tools I’ll be using:

Import-Module ServerManager
Add-WindowsFeature PowerShell-ISE
Set-ExecutionPolicy RemoteSigned

Add the spNameFarm and spNameInstall accounts to the local administrators group on the SharePoint server:

$User = [ADSI]("WinNT://mikefrobbins/spExtranetFarm")
$Group = [ADSI]("WinNT://sharepoint/Administrators")
$Group.PSBase.Invoke("Add",$User.PSBase.Path)
$User = [ADSI]("WinNT://mikefrobbins/spExtranetInstall")
$Group = [ADSI]("WinNT://sharepoint/Administrators")
$Group.PSBase.Invoke("Add",$User.PSBase.Path)

Follow my entire blog on “Microsoft SharePoint Foundation 2010 Installation – Part 2”.

Verify you are logged into the server that you want to install SharePoint on as the spNameInstall account. Right click the PowerShell ISE and select “Run as administrator”:

Load the SharePoint PowerShell Snap-in:

Add-PSSnapin Microsoft.SharePoint.PowerShell

Run the following Powershell script to add this new server as an additional web front-end server in the existing SharePoint 2010 farm. Enter the passphrase that was specified when the farm was initially created when prompted. If you’ve forgotten the passphrase, it can be reset by following my blog on resetting it.

$DbName = "SP_Extranet_Config"
$DbServer = "sql01.mikefrobbins.com"
$Passphrase = Read-Host -assecurestring "SP PassPhrase"
Connect-SPConfigurationDatabase -DatabaseServer $DbServer -DatabaseName $DbName -Passphrase $Passphrase
Install-SPHelpCollection -All
Initialize-SPResourceSecurity
Install-SPService
Install-SPFeature -AllExistingFeatures
Install-SPApplicationContent

If the command completes successfully, this server is now a web front-end server. You’ll need to setup load balancing or use round-robin DNS to distribute traffic between the web front-end servers.

µ

Posted in PowerShell, SharePoint 2010 | Leave a comment