2011年10月19日 星期三

Windows Server 2008 R2: Event ID 36888 Schannel






 
Solution:

Set the value of EventLogging to 0 at the key: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel


http://technet.microsoft.com/en-us/library/dd197492%28WS.10%29.aspx

 

Exchnage Server 2010 信箱權限設定

Grant permissions on a single mailbox
Use the following command to grant access to just one mailbox for a single user:Add-MailboxPermission -Identity “” -User -AccessRights Fullaccess -InheritanceType all
Example:Add-MailboxPermission -Identity “Test” -User Administrator -AccessRights Fullaccess -InheritanceType all



Grant permissions on all mailboxes
Use the following command to grant access to all mailboxes for a single user:Get-Mailbox | Add-MailboxPermission -User -AccessRights Fullaccess -InheritanceType all
Example:Get-Mailbox | Add-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all
Note: In the screenshot below I received a message saying that Administrator already have access to the mailbox Test (Yellow text message).



Grant permissions on mailboxes using Where
We might as well add a where to the command while we are at it. With this command we grant access to all mailboxes in a specific OU for a single user:
Get-Mailbox | Where { $_.OrganizationalUnit –eq “” } | Add-MailboxPermission -User -AccessRights Fullaccess -InheritanceType all
Example:Get-Mailbox | Where { $_.OrganizationalUnit –eq “sundis.local/Test/Users” } | Add-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all



Remove permissions on a single mailbox
Quite simple, just change Add to Remove:Remove-MailboxPermission -Identity “” -User -AccessRights Fullaccess -InheritanceType all
Example:Remove-MailboxPermission -Identity ”Test” -User Administrator -AccessRights Fullaccess -InheritanceType all



Remove permissions on all mailboxes
Well you have probably figured this one out already, but I will show it to you anyway:Get-Mailbox | Remove-MailboxPermission -User -AccessRights Fullaccess -InheritanceType all
Example:Get-Mailbox | Remove-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all
Note: As you can se below, using this command will remove the users full access to its own mailbox. That is not good, this command should be used with care…

As a final note: These commands only affects excisting mailboxes. The permissions will not be automatically applied to new mailboxes. To achieve this you can run the command as a scheduled script on a regular basis, once every night for example.

查看用戶信箱大小的指令(Exchange Server 2010)

假設 Exchange Server 2010 Server Name = ex01


請在 ex01 伺服器上(Exchange Management shell)以下指令來查看,輸出檔案為 USER.CSV

Get-MailboxStatistics -server "ex01" Select DisplayName, LastLoggedOnUserAccount, ItemCount, TotalItemSize, LastLogonTime, LastLogoffTime Export-CSV USER.csv -encoding "unicode"

Exchange Server 2010 Push Mail 無法使用

在 Exchange Server 2010 的架構下,只要是屬於 Domain Admins & Enterprise Admins 的成員,該帳號繼承選項在一小時內都會被清掉,導致 Push Mail 無法使用,這是 Exchange 2010 安全性的設計。




建議將用戶帳號與系統管理帳號分開使用,盡量避免將一般使用者帳號加到
Domain Admins & Enterprise Admins 的群組中

參考資訊:
http://support.microsoft.com/kb/907434/en-us

2011年10月8日 星期六

Outlook 2003 存取 Exchange Server 2010

當使用 Outlook 2003 存取 Exchange Server 2010 時,Outlook 2003 嘗試開啟已授權其他用戶信箱,會出現錯誤訊息


解決方法請在 Exchange Server 2010 輸入以下指令:

$a = Get-ThrottlingPolicy | where-object {$_.IsDefault -eq $true}

$a | Set-ThrottlingPolicy –RCAMaxConcurrency:$null