skip to main |
skip to sidebar
Two cartoons :-
This explains debugging code which has been written with anti-debugging techniques:
http://hackerschool.org/DefconCTF/17/B300.htmlThis explains how to find a keygen (written in bizarre franglais)http://pagesperso-orange.fr/l0uk0um/site/dora/fichiers/tutorial.html
We have a few managers here whose mail needs are a little complicated. They're available to the whole company via Outlook and Exchange for meeting scheduling, but they prefer to use Thunderbirdand IMAP for managing their mail.
(Of course, one can connect to Exchange via IMAP, but we haven't implemented this, purely for reasons of time resources. Back in the day, we started out with courier IMAP, and brought in Exchange a lot later. Smoothly migrating people to the Exchange server would require a lot of individual support hours, and given that the system is fine at the moment, the bang/buck ratio doesn't pan out.)
Here's how to set up a mixed-mode IMAP/Exchange mail user from complete scratch:
- Mail Transport Agent - on your external IMAP mail server, create an IMAP box for john.doe@myorg.com
- Mail Transport Agent - create an alias for the user, something like jdo -> john.doe@myorg.com
- Exchange Server - in the EMC, create a new Mailbox under \Recipient Configuration\Mailbox for John Doe. This creates an AD object for John Doe, with Exchange Mailbox properties.
- Still on Exchange, right-click \Recipient Configuration\Mail Contact, and choose "New Mail Contact", and radio on "New Contact".
- Choose the correct Organisational Unit (if you forget this step, don't worry - you can move the Mail User in ADUC later).
- In the "First Name" field, use the IMAP alias (in this example, "jdo").
- In the "External e-mail address" field, use the IMAP alias email address (in this example, jdo@myorg.com).
- Finish creating the contact.
Now we have two separate elements - the Mailbox associated with AD user John Doe, and the Mail Contact jdo.The existence of the mailbox will allow the user to manage scheduling with Outlook, and to view Public Folders.However the email must be redirected to the IMAP account. Here's how:- Using the EMC, \Recipient Configuration\Mailbox, open the properties sheet of the Mailbox.
- Choose the Mail Flow Settings tab, and open the Properties of Delivery Options.
- Tick the box "Forward To ...", then click on "Browse".
- Tip! Sort by "Recipient Type" to see the Mail Contacts, and choose your newly-created contact from there.
- Choose Ok, then Ok again to leave the Properties sheet.
Now you have a user who can be scheduled via Outlook, but who can use their preferred IMAP client to manage their email.
Finally, I have the answer to something that's bugged me for a very long time - how to adjust a user's Exchange-based out of office reply.
Normally, the only way to do this is to log in as the user either to their Outlook, or to OWA, then adjust their OOF settings via Tools, Out of Office Assistant. Since this requires that you know the user's password, it is not always a convenient method.
I thought that there might be some way to change things via the server, perhaps via PFDAVAdmin. None that I could find, sadly, existed.
So here's a kludge that gets you the result you want:
- In ESM, use the Manage Full Permissions option on the user's Mailbox to give yourself full permissions on the user's account.
- On your Windows machine, go to Control Panel, Mail, Profiles.
- Add the user's name - when you fill in the New Account form, leave the password section blank and click Next. Because you have full permissions, you don't need a password.
- Radio on "Ask for Profile"
- Open Outlook, and choose the user's profile.
- Fill out their OOF.
- Quit Outlook, remove their profile from the Mail Control Panel applet.
- On the server, remove your full permissions from their account.
A kludge because it's too easy to forget the very final step, leaving a security hole.
But it works!
Probably the best free tool to report and manage on your Public Folder hierarchy is PFDAVAdmin, available from Microsoft. I've mentioned it before.
There are two main commercial tools available that can help - Ark's Admin Report Kit for Exchange Server, and Priasoft's Public Folder Analyzer. A fairly comprehensive list of Exchange Permissions Management tools can also be found on Slipstick.
Ok, down to the real-world scenario. At the moment, I'm creating a new user, and need to give them the same permissions on the Public Folders as a current employee. I can accomplish this in a variety of ways:
- Use the context menu, Folder Permissions to view an individual folder's permissions, and to add a user.
- Use the context menu on the containing folder to add a user, then use context-menu, Propagate Folder ACEs to push the same permissions down to the subfolders, for that user.
- Use powershell for a single folder:
Add-PublicFolderClientPermission -Identity "\Marketing\West Coast" -AccessRights PublishingEditor -User Kim - Use one of the included E2K7 powershell scripts under C:\Program Files\Microsoft\Exchange\Scripts to recursively apply permissions:
AddUsersToPFRecursive.ps1 -TopPublicFolder "\Sales" -User "David" -Permission Reviewer
Which is fine if you know which folders to touch.
But what if you've come to an organisation with an extensive preexisting Public Folder hierarchy, and missed out on the chance to mind-meld with the previous sysadmin who built it from the ground up?
Obviously you'll need a report. We have a small Public Folder scenario, with 4500+ folders which contain more than 600,000 mail items. Using
Get-PublicFolderStatistics | ft FolderPath,*ItemCount,total*
returns the size of each and every public folder. (You can pipe it out with export-csv and chuck it in Excel.)
To find out which permissions a user has on a particular folder, use:
Get-PublicFolderClientPermission -Identity "\yourfoldernamehere" -User yourusernamehere
Awesome, that's almost what we need!
To get the same info recursively over the whole Public folder tree:
Get-PublicFolder "\" -recurse | Get-PublicFolderClientPermission -user yourusernamehere export-csv
Very useful!
Problem: You have an alias address, and you need to find out to which Exchange 2007 mailbox this is mapped.
Solutions: Use the following powershell command to list all mailbox names and aliases:
get-mailbox | select name, alias | format-table name, alias
(which is OK if you have a small number of users, but not so useful for large orgs). You can also use the Find option whilst looking at the Recipient Configuration tree in the Exchange Management console.
One of Heike's sisters lives in a remote area in southern Spain. They recently got a modem connection to their house. Heike was Skyping with her nephew, and typed, "I have to go now, time to walk the dog and meet people for dinner." The nephew replied, "Where will you go for your walk?" "In Görlitzer park," replied Heike, "... why don't you come with me?" Nephew (10 y.o.) said "I will! I will come with you on google earth!"
So sweet!
* Tuesday - riding to work, when suddenly some boofy german bloke in a big navy blue BMW slows down next to me. He's wound down the passenger side window and is shouting at me across the body of his tiny, weaselly-looking mate - "Hey You went through the red light! Red lights are for bicyclists, too, you know! Do you think you are special?"
OK, whatever, if I went through a red light at an intersection where there were no cars except for me and this guy, that's my business, right?. But I got /angry/. Really really angry. BMW roared off up the street, obviously proud to have done his civic duty. But I know the streets here, and I know that the light he was heading for is very slow. So I caught up with him there, and slammed the closed window with the flat of my hand. "Fuck you!", I yelled, and (the only german swearphrase I know coz it is written on the wall in the stairwell of my friend's house) "Fich dich, Opfer!". The lights changed to green, I got off my bike and strolled nonchalantly across the road to work, whilst BMW had to drive off, because of all the other cars waiting behind him at the lights.
* Tuesday, Part Two. I'm enjoying an afternoon coffee in the breakroom with Tobias from work. He's the 28-y.o., Go-playing, maths-PhD fella with the shiny head. He explains about a great bug that he's working on - there's a biggest integer down there in the engine of the software, and you're not supposed to get a value that's higher than it. But he found a situation where input from a MIDI keyboard wraps the value, and returns exactly the right value to give exactly the right behaviour - playing a note. We chuckled over this accidentality, and went back to work.
* Wednesday. I'm reading the latest xkcd cartoon - poor Mr. xkcd is trying to get to sleep, and is counting sheep. He counts and counts, when suddenly the number of the sheep goes into negative values. Integer overflow. http://www.xkcd.com/571/. Fitted nicely, coz I had terrible insomnia meself the night before. Might explain why I got so pissed at Mr. BMW.
* Wednesday, Part Two. Boss at work is working like a fiend - for him, that's typing up a storm, not talking to /anyone/, going into the machine room a lot, four or five terminal windows open at the same time on his monitors. At about four in the afternoon, he turns to me and explains that the job-tracker database needed to be upgraded live. He shows me some log files to do with the search component. "Search array out of range. Search daemon stopping." Apparently the new version fixes this, but it's completely undocumented. Well, the search engine is working now, but it was having a kind of integer overflow.
* Thursday. Riding home, going down a one-way street. Full of potholes, had to weave around a bit to avoid being chucked of the bike. It's a slow road anyway, running alongside a hotel with lots of waiting cabs, and tour buses. Suddenly massive horn-beeping from behind me. Without thinking, I yell, "Fuck /OFF/!". I've just about had it with these impatient, self-righteous cars. Surprise surprise (not) a big silvery BMW roars past me ... straight into the loving arms of another slow set of lights. Ha ha ha. Revenge is mine. I pull up next to Wanker Number Two and shout into the driver window - "What the fuck is the big hurry?" Mr. Big Arab yells back at me, "Fuck me?! Fuck you! I fuxk the Americans! I fuck the Israelis! I fuck your mother! I fuck the South Africans! I fuck the Brits!" Quite a large part of my brain is thinking, "How interesting. He's trying to figure out what kind of English-speaker I am." By now, the lights have changed, and we're both going round the corner together during this tirade. I yell back, "You must have a huge cock, then!" He and his mates all shout with laughter, and he roars off down the street.
* Friday. Today. I declare integer overflow week to be officially Over.
Posts
