1. EasyRecovery
2. FinalData
3. Stellar Phoenix Windows Data Recovery
4. GetDataBack
28 August 2012
23 August 2012
Steps to prepare computers to install Symantec Endpoint Protection 12.1 client
http://www.symantec.com/business/support/index?page=content&id=TECH163112
You must prepare your computers for installation before you install Symantec Endpoint Protection 12.1 client.
These instructions apply to both the Enterprise and Small Business Editions of Symantec Endpoint Protection 12.1 client. For more specific details at any point, please consult the product help or the implementation guides: Symantec Endpoint Protection Implementation Guide or Symantec Endpoint Protection Small Business Edition Implementation Guide
The following steps should be taken on all computers on which you install the client.
Uninstall currently installed virus protection software
Uninstall any third-party virus protection software. In general, you can use the Windows Add or Remove Programs tool to uninstall programs. However, some programs have special uninstallation routines. See the documentation for the third-party software.
Uninstall any legacy Symantec virus protection software if you do not plan to migrate the settings.
Set administrative rights to your client computers
To install the client software, you need administrative rights to the computer or to the Windows domain. If you do not want to provide users with administrative rights to their computers, use Remote Push Installation to remotely install the client software. Remote Push Installation requires you to have local administrative rights to the computers.
Prepare computers for remote deployment and management
Modify firewall settings to allow communication between Symantec Endpoint Protection Small Business Edition components:
■ Push deployment ports, used on management servers and clients: TCP 139 and 445, UDP 137 and 138, and TCP ephemeral ports.
■ For legacy communications, open UDP port 2967 on all computers.
■ General communication: TCP 8014 (HTTP)/TCP 443 (HTTPS) for management servers. These are the default ports, and may be customized. See Symantec Endpoint Protection 12.1: How to Change the ports used for communication between the Manager and clients.
Prepare Windows XP computers that are installed in workgroups: Windows XP computers that are installed in workgroups do not accept remote deployment. To permit remote deployment, disable Simple File Sharing. Note: This limitation does not apply to computers that are part of a Windows domain. Detailed instructions are provided in the following document: http://www.symantec.com/business/support/index?page=content&id=TECH102867
Prepare Windows Vista, Windows Server 2008, or Windows 7 computers: Windows User Access Control blocks local administrative accounts from remotely accessing remote administrative shares such as C$ and Admin$. Perform the following tasks:
■ Disable the File Sharing Wizard.
■ Enable network discovery by using the Network and Sharing Center.
■ Enable the built-in administrator account and assign a password to the account.
■ Verify that the account has administrator privileges.
Prepare Windows Server 2003 computers for installation using a remote desktop connection: The Symantec Endpoint Protection Manager requires access to the system registry for installation and normal operation. To prepare a computer to install Symantec Endpoint Protection Manager using a remote desktop connection, perform the following tasks:
■ Configure a server that runs Windows Server 2003 to allow remote control.
■ Connect to the server from a remote computer by using a remote console session, or shadow the console session.
Article URL http://www.symantec.com/docs/TECH163112
Problem
You must prepare your computers for installation before you install Symantec Endpoint Protection 12.1 client.
Solution
These instructions apply to both the Enterprise and Small Business Editions of Symantec Endpoint Protection 12.1 client. For more specific details at any point, please consult the product help or the implementation guides: Symantec Endpoint Protection Implementation Guide or Symantec Endpoint Protection Small Business Edition Implementation Guide
The following steps should be taken on all computers on which you install the client.
Uninstall currently installed virus protection software
Uninstall any third-party virus protection software. In general, you can use the Windows Add or Remove Programs tool to uninstall programs. However, some programs have special uninstallation routines. See the documentation for the third-party software.
Uninstall any legacy Symantec virus protection software if you do not plan to migrate the settings.
Set administrative rights to your client computers
To install the client software, you need administrative rights to the computer or to the Windows domain. If you do not want to provide users with administrative rights to their computers, use Remote Push Installation to remotely install the client software. Remote Push Installation requires you to have local administrative rights to the computers.
Prepare computers for remote deployment and management
Modify firewall settings to allow communication between Symantec Endpoint Protection Small Business Edition components:
■ Push deployment ports, used on management servers and clients: TCP 139 and 445, UDP 137 and 138, and TCP ephemeral ports.
■ For legacy communications, open UDP port 2967 on all computers.
■ General communication: TCP 8014 (HTTP)/TCP 443 (HTTPS) for management servers. These are the default ports, and may be customized. See Symantec Endpoint Protection 12.1: How to Change the ports used for communication between the Manager and clients.
Prepare Windows XP computers that are installed in workgroups: Windows XP computers that are installed in workgroups do not accept remote deployment. To permit remote deployment, disable Simple File Sharing. Note: This limitation does not apply to computers that are part of a Windows domain. Detailed instructions are provided in the following document: http://www.symantec.com/business/support/index?page=content&id=TECH102867
Prepare Windows Vista, Windows Server 2008, or Windows 7 computers: Windows User Access Control blocks local administrative accounts from remotely accessing remote administrative shares such as C$ and Admin$. Perform the following tasks:
■ Disable the File Sharing Wizard.
■ Enable network discovery by using the Network and Sharing Center.
■ Enable the built-in administrator account and assign a password to the account.
■ Verify that the account has administrator privileges.
Prepare Windows Server 2003 computers for installation using a remote desktop connection: The Symantec Endpoint Protection Manager requires access to the system registry for installation and normal operation. To prepare a computer to install Symantec Endpoint Protection Manager using a remote desktop connection, perform the following tasks:
■ Configure a server that runs Windows Server 2003 to allow remote control.
■ Connect to the server from a remote computer by using a remote console session, or shadow the console session.
Article URL http://www.symantec.com/docs/TECH163112
21 August 2012
pushing out software that "requires" admin rights
http://social.technet.microsoft.com/Forums/en-NZ/winservergen/thread/1aecdac4-c274-4d14-85ea-432a9674f70d
How did you create a Distribution point ?
To publish or assign a computer program, you must create a distribution point on the publishing server (I am sure, you must have done that already)
However, FYI... Here are the steps
create a distribution point
Log on to the desired server as an administrator.
Create a shared network folder where you will put the Microsoft Windows Installer package (.msi file) that you want to distribute.
Set permissions on the share to allow access to the distribution package.(Authenticated Users should have READ permissions)
Copy or install the package to the distribution point.
Assign a Package
Computer configuration / Policies / Software Settings / Software installation
Right-click Software installation, point to New, and then click Package.
In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \\FileServer\Share\software.msi
Important: Do not use the Browse button to access the location. Make sure that you use the UNC path to the shared installer package.
Click Open.
Click Assigned, and then click OK. The package is listed in the right pane of the Group Policy window.
Close the Group Policy snap-in, click OK, and then quit the Active Directory Users and Computers snap-in or gpmc.
When the client computer starts, the managed software package is automatically installed.
Along with Software Distribution policy, you can set another policy "Always install with elevated privileges"
User Configuration\Administrative Templates\Windows Components\Windows Installer
This policy directs Windows Installer to use system permissions when it installs any program on the system.
This policy extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add/Remove Programs in Control Panel. This policy lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.
If you disable this policy or do not configure it, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.
Caution : Skilled users can take advantage of the permissions this policy grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy is not guaranteed to be secure.
Important: This policy appears both in the Computer Configuration and User Configuration folders. To make this policy effective, you must enable the policy in both folders.
Hope that helps.
How did you create a Distribution point ?
To publish or assign a computer program, you must create a distribution point on the publishing server (I am sure, you must have done that already)
However, FYI... Here are the steps
create a distribution point
Log on to the desired server as an administrator.
Create a shared network folder where you will put the Microsoft Windows Installer package (.msi file) that you want to distribute.
Set permissions on the share to allow access to the distribution package.(Authenticated Users should have READ permissions)
Copy or install the package to the distribution point.
Assign a Package
Computer configuration / Policies / Software Settings / Software installation
Right-click Software installation, point to New, and then click Package.
In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \\FileServer\Share\software.msi
Important: Do not use the Browse button to access the location. Make sure that you use the UNC path to the shared installer package.
Click Open.
Click Assigned, and then click OK. The package is listed in the right pane of the Group Policy window.
Close the Group Policy snap-in, click OK, and then quit the Active Directory Users and Computers snap-in or gpmc.
When the client computer starts, the managed software package is automatically installed.
Along with Software Distribution policy, you can set another policy "Always install with elevated privileges"
User Configuration\Administrative Templates\Windows Components\Windows Installer
This policy directs Windows Installer to use system permissions when it installs any program on the system.
This policy extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add/Remove Programs in Control Panel. This policy lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.
If you disable this policy or do not configure it, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.
Caution : Skilled users can take advantage of the permissions this policy grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy is not guaranteed to be secure.
Important: This policy appears both in the Computer Configuration and User Configuration folders. To make this policy effective, you must enable the policy in both folders.
Hope that helps.
Microsoft Exchange/change email address
http://en.allexperts.com/q/Microsoft-Exchange-2094/2008/6/change-email-address.htm
Question
How do I change my email address in exchange. I need to change from my oldemail@gmail.com to a newemail@gmail.com. I simply am not able to find this setting in my outlook exchange options
Thanks
AnswerThere are several ways to skin this cat.
1. Change the alias of your account (not recommended unless you are changing the entire name of the account)
2. Add new SMTP address and make it your primary (recommended)
3. Create new account and merge all the Outlook info to the new account (really not recommended)
1. this option has some consequences to note, so read about them here:
http://www.amset.info/exchange/usernamechange.asp
Open Active Directory Users and Computers mmc
Locate your AD account and right click-->Properties
Click on the Mailbox Store tab
Change the alias
Wait for Recipient Update Services to refresh your email address, check the Email Addresses tab in 15 minutes
2.
Right click on user again, and choose Properties.
Click on the "Email Addresses" tab.
Add the new email address in the same format as your existing email addresses. Leave the old address in place.
Change the default (set as primary) address to the new one.
By doing this, any email sent in on the old address will still be delivered, but all new email will go out with the new address.
uncheck auto update email addresses based on recipient policy, or your primary will be switched back to the alias generated address
3.
LOTS of work, but you can do it, if you really want to.
Question
How do I change my email address in exchange. I need to change from my oldemail@gmail.com to a newemail@gmail.com. I simply am not able to find this setting in my outlook exchange options
Thanks
AnswerThere are several ways to skin this cat.
1. Change the alias of your account (not recommended unless you are changing the entire name of the account)
2. Add new SMTP address and make it your primary (recommended)
3. Create new account and merge all the Outlook info to the new account (really not recommended)
1. this option has some consequences to note, so read about them here:
http://www.amset.info/exchange/usernamechange.asp
Open Active Directory Users and Computers mmc
Locate your AD account and right click-->Properties
Click on the Mailbox Store tab
Change the alias
Wait for Recipient Update Services to refresh your email address, check the Email Addresses tab in 15 minutes
2.
Right click on user again, and choose Properties.
Click on the "Email Addresses" tab.
Add the new email address in the same format as your existing email addresses. Leave the old address in place.
Change the default (set as primary) address to the new one.
By doing this, any email sent in on the old address will still be delivered, but all new email will go out with the new address.
uncheck auto update email addresses based on recipient policy, or your primary will be switched back to the alias generated address
3.
LOTS of work, but you can do it, if you really want to.
How to assign software to a specific group by using Group Policy in Windows Server 2003
http://support.microsoft.com/kb/324750
System TipThis article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows 7 Solution Center
This article was previously published under Q324750
For a Microsoft Windows 2000 version of this article, see 302430
(http://support.microsoft.com/kb/302430/EN-US/ )
.
On This Page
SUMMARY
You (as an administrator) can use Group Policy to assign or to publish software to users or computers in a domain. Additionally, it is useful to be able to deploy software based on group membership. A Group Policy object (GPO) is usually applied only to members of an organizational unit (OU) to which the GPO is linked. Because a user cannot be located in several OUs at the same time, you must be able to apply Group Policy settings outside the boundaries of OUs. This article describes how to have your software deployment policy applied to users who are not in an OU.
Assign a program to a group
- Create a folder to hold the Windows Installer package on a server. Share the folder by applying permissions that let users and computers read and run these files. Then, copy the MSI package files into this location.
- From a Windows Server 2003-based computer in the domain, log on as a domain administrator, and then start Active Directory Users and Computers.
- In Active Directory Users and Computers, right-click the container to which you want to link the GPOs, and then click Properties.
- Click the Group Policy tab, and then click New to create a new GPO for installing the Windows Installer package. Give the new GPO a descriptive name.
- Click the new GPO, and then click Edit.
The Group Policy Object Editor starts. - Right-click the Software Settings folder under either Computer Configuration or User Configuration, point to New, and then click Package.
Notes- The Software Settings folder under Computer Configuration contains software settings that apply to all users who log on to the computer. This folder contains software installation settings. It may also contain other settings that are put there by independent software vendors.
- The Software Settings folder under User Configuration contains software settings that apply to users regardless of which computer they log on to. This folder also contains software installation settings. It may contain other settings that are put there by independent software vendors.
- In the Open dialog box, type the Universal Naming Convention (UNC) path of the Windows Installer file (.msi) for this package in the File name box, and then click Open.
Note If the Windows Installer file resides on the local hard disk, do not use a local path. Instead, use the UNC path of the local computer to indicate the location of the installation files. A UNC path takes the form \\servername\sharename\path\filename.msi. - In the Deploy Software dialog box, do one of the following:
- Click Assigned to specify that the application is deployed as assigned and that default settings are used for deployment properties.
- Click Advanced to specify that you are manually editing the package properties instead of accepting the defaults. You can also choose between assign and publish for the deployment method.
- When you are prompted to choose between Advanced and Assigned, click Assigned unless you have to modify the advanced options.
- Click OK.
The software package appears in the details pane of the Group Policy Object Editor. - Close the Group Policy Object Editor.
- In the GPO Properties dialog box, click the GPO, and then click Properties.
- Click the Security tab.
- Click Authenticated Users in the Group or user names list, and then click Remove.
- Click Add, select the security group that you want this policy applied to, and then click OK to add the security group to the list.
- Select the security group, and then under Permissions for Users, click to select the READ and the Apply Group Policy check boxes in the Allow column.
- Click Apply, click OK, click Apply, and then click OK.
How to assign software to a specific group by using Group Policy
http://support.microsoft.com/kb/302430
System TipThis article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows 7 Solution Center
This article was previously published under Q302430
For a Microsoft Windows Server 2003 version of this article, see
324750
(http://support.microsoft.com/kb/324750/ )
How to assign software to a specific group by using Group Policy in Windows Server 2003 Notice
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center
(http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fwin2000)
is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy
(http://support.microsoft.com/lifecycle/)
.
On This Page
SUMMARY
You can use Group Policy to assign or to publish software to users or computers in a domain. Additionally, it is useful to be able to deploy software based on group membership. A Group Policy object (GPO) is usually applied only to members of an organizational unit (OU) to which the GPO is linked. Because a user cannot be located in several OUs at the same time, you must be able to apply Group Policy settings outside the boundaries of OUs. This article describes how to have your software deployment policy applied to users who are not in an OU.
Assign a program to a group
- Create a folder to hold the MSI package on a server. Share the folder by applying permissions that let users and computers read and run these files. Then, copy the MSI package files into this location.
- From a Windows 2000-based computer in the domain, log on as a domain administrator, and then start Active Directory Users and Computers.
Note You can apply Group Policy settings to domains, sites, and OUs. - In Active Directory Users and Computers, right-click the container to which you want to link the GPO, click Properties, and then click the Group Policy tab.
- Create a new GPO for installing your MSI package, and then give the new GPO a descriptive name.
- While the new GPO is selected, click Edit. This starts the Group Policy Object Editor.
- Open and then right-click Software installation in the GPO, and then click New Package.
- You are prompted for the path of the Windows Installer file (.msi) for this package. View the network location that contains the Windows Installer file, click the file, and then click Open.
Warning If the Windows Installer file resides on the local hard disk, do not use a local path. Instead, use the UNC path of the local computer to indicate the location of the installation files. A UNC path takes the form \\servername\sharename\path\filename.msi. - When you are prompted to choose between Assigned and Advanced Published or Assigned, click Assigned unless you have to modify the advanced options. You should now see the software package in the details pane of the Group Policy Object Editor.
- In Active Directory Users and Computers, click the container to which you linked your GPO. Right-click that container, click Properties, and then click the Group Policy tab.
- Click your GPO, and then click Properties.
- Click the Security tab, and then remove Authenticated Users from the list.
- Click Add, and then select the security group which you plan to have this policy applied to add it to the list.
- Select your security group, and then give them Read and "Apply Group Policy" permissions.
227302
(http://support.microsoft.com/kb/227302/ )
Using SECEDIT to force a Group Policy refresh immediately 08 August 2012
How to change group policy update interval in windows 2003 server?
http://technet.microsoft.com/en-us/library/cc757597(v=ws.10)
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Changing the Group Policy Refresh Interval
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Administrators can change the default refresh policy interval setting by using one of these policy settings: Group Policy Refresh Interval for Computers,Group Policy Refresh Interval for Domain Controllers, or Group Policy refresh Interval for Users. By using these settings, you can stipulate an update rate from zero to 64,800 minutes (45 days). You can also set the policy to Turn off background refresh of Group Policy.
Important
Important
- When you set the refresh interval to 0 minutes, the computer tries to update Group Policy every seven seconds. Because such updates might interfere with users’ work and increase network traffic, very short update intervals are appropriate only in test environments.
Group Policy Refresh Interval for Computers
This setting specifies how often Group Policy for computers is updated in the background. It specifies a background update rate only for Group Policy settings under Computer Configuration. Computer Group Policy is updated in the background every 90 minutes by default, with a random offset of 0 to 30 minutes. In addition to background updates, computer Group Policy is always updated when the system starts. This policy setting is available in the Group Policy Object Editor under Computer Configuration\Administrative Templates\System\Group Policy.
Group Policy Refresh Interval for Domain Controllers
This setting specifies how often Group Policy is updated in the background on domain controllers. By default, Group Policy on domain controllers is updated every five minutes. This policy setting is available in the Group Policy Object Editor under Computer Configuration\Administrative Templates\System\Group Policy.
Group Policy Refresh Interval for Users
This setting specifies how frequently Group Policy is updated in the background only for the Group Policy settings in the User Configuration folder. In addition to background updates, Group Policy for users is always updated when users log on. This policy is in the User Configuration\Administrative Templates\System\Group Policy item.
Turn off background refresh of Group Policy
This policy prevents Group Policy settings from being updated while the computer is in use. It applies to Group Policy for computers, users, and domain controllers. This policy setting is available in Computer Configuration\Administrative Templates\System\Group Policy item.
Running Command Line Options to Refresh Policy
From a given computer, you can refresh the settings that are deployed to that computer by using the Gpupdate.exe tool. One reason this is useful is to ensure that security settings are enforced. Table 2.7 describes parameters for Gpupdate.exe. The Gpupdate.exe tool is used in Windows Server 2003 and Windows XP environments and replaces the /refreshpolicy option previously used with the secedit command. For Windows 2000, continue to use the secedit /refreshpolicy command.
The Gpudate.exe tool uses the following syntax:
Table 2.7 Gpudate.exe Parameters
The Gpudate.exe tool uses the following syntax:
gpupdate [/target:{computer|user}] [/force] [/wait:value] [/logoff] [/boot]
| Parameter | Description |
|---|---|
| /target:{computer|user} | Depending on what target you specify, Gpupdate.exe processes the computer settings, the current user settings, or both. By default, both the computer and the user settings are processed. |
| /force | Reapplies all settings and ignores processing optimizations. |
| /wait: value | Specifies the number of seconds that policy processing waits to finish. The default is 600 seconds. A value of 0 means no wait; -1 means wait indefinitely. |
| /logoff | Logs off after the policy refresh completes. This is required for Group Policy client-side extensions that do not process on a background refresh cycle but do process when the user logs on, such as user Software Installation and Folder Redirection. This option has no effect if there are no extensions called that require the user to log off. |
| /boot | Restarts the computer after the policy refresh completes. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but do process when the computer starts up, such as computer Software Installation, for example. This option has no effect if there are no extensions called that require the computer to be restarted. |
| /? | Displays Help at the command prompt. |
02 August 2012
Exchange Server 2010 certificate problem
http://www.petri.co.il/forums/showthread.php?t=50852
Re: Exchange 2010 Certificates on Outlook Anywhere
Re: Exchange 2010 Certificates on Outlook Anywhere
Exchange 2010 has all the tools you need to generate your own self signed cert without buggering about with CAs or anything like that.
Use the Exchange Shell:
Use the Exchange Shell:
Quote:
| [PS] C:\Windows\system32>help New-ExchangeCertificate NAME New-ExchangeCertificate SYNOPSIS Use the New-ExchangeCertificate cmdlet to create a self-signed certificate, renew an existing self-signed certifica te, or generate a new certificate request for obtaining a certificate from a certification authority (CA). There are many variables that you must consider when configuring certificates for Secure Sockets Layer (SSL) and Tr ansport Layer Security (TLS). You must understand how these variables may affect your overall configuration. For mo re information and before you continue, see Understanding TLS Certificates. |
Quote:
| [PS] C:\Windows\system32>help Enable-ExchangeCertificate NAME Enable-ExchangeCertificate SYNOPSIS Use the Enable-ExchangeCertificate cmdlet to enable an existing certificate in the local certificate store for Exch ange services such as Internet Information Services (IIS), SMTP, POP, IMAP, and Unified Messaging (UM). There are many factors to consider when you configure certificates for Transport Layer Security (TLS) and Secure So ckets Layer (SSL) services. You must understand how these factors may affect your overall configuration. Before you continue, read Understanding TLS Certificates. Don't use the Enable-ExchangeCertificate cmdlet to enable a wildcard certificate for POP and IMAP services. To enab le a wildcard certificate, you must use the Set-ImapSettings or Set-PopSettings cmdlets with the fully qualified do main name (FQDN) of the service. Don't use the Enable-ExchangeCertificate cmdlet to enable a certificate for federation. Certificates used for feder ation trusts are managed by using the New-FederationTrust and Set-FederationTrust cmdlets. |
Subscribe to:
Posts (Atom)