Most of us have used StartupList and Hijack This; this tool takes it a step further. Written by Mark Russinovich and Bryce Cogswell previously of Sysinternals, this tool examines every place in your machine that applications can be started automagically. I have already used this tool a half dozen times to resolve things from virus infection to troubleshooting application "linking" issues. I recommend you check it out and keep it in the proverbial "toolbox". Read more here.
-JC-
Last week I attended the Windows 2008 Partner Preparation course. I learned of quite a few new and useful features included in Server 2008. I wanted to outline a choice few here:
--> Byte Level DFS(r) - Well this is a very cool feature to be included in the Standard and Enhanced versions of Server 2008. Your SYSVOL share now utilizes byte-level DFS-R. Also, you can create Read-Only members of a DFSR topology. They have also extended the previous recommendation that the DFS namespace not contain more 5,000 folders. In my opinion DFS is one of the most underutilized technologies included in Windows Server Operating Systems since 2000. I think this is due, in part, to its shortcomings. Windows Server 2008 is going to take a stab at making this wonderful technology more useful (and functional) for everyone.
--> Manipulation of AD databases can be done INSIDE the OS, without having to boot into Directory Services Restore Mode. That's not to say they are getting rid of DSRM but it wont be necessary in order to perform certain functions. The service name has also been changed and is now called "Domain Controller Service". There are several caveats here such as the fact that, of course, no one will be able to authenticate to the DC while the AD related services are stopped. This wont be a problem in organizations that employ a secondary domain controller. I am very interested in how this will effect the Swing Migration technique.
--> Server Core - This is essentially a stripped down version of the Server operating system for use on systems that you either want reduced attack surface or want to run on lesser hardware. You'd better get used to the command line here because that's all this puppy has; no explorer shell nothing, nada. Once you have your IP information (netsh), Time Zone, Activation, Computer Name, Domain Membership (netdom) and, Server Roles configured, you can manage it from another computer simply by using the MMC Snap-in that manages that respective service or as they refer to it now, role.
--> The Read-Only Domain Controller - This is a new operation mode for Active Directory. This is meant for remote office configurations where a DC resides in a physically insecure environment or where a DC may need to sit in a less secure network segment for LDAP lookups (for RADIUS etc). The RODC contains a copy of the AD database that is not writable; it redirects all write attempts to the main DC. This RODC also does not cache credentials providing greater security. In order to implement this only one DC that contains the PDC Emulator role needs to be at Server 2008, the rest can be 2003.
--> Network Access Protection - This is essentially a replacement for IAS, which was essentially Microsoft's RADIUS. This allows an administrator to specify a Policy Server that will define what the requirements are for a PC to be able to "talk" on the trusted network. This could be an up-to-date set of Windows Updates, Anti-Virus or Firewall Software. This system works with Certificates of Health that are presented to the NAP server and accepted or rejected depending on the client. Upon rejection, the client can be redirected to a set of remediation servers that will subsequently get the computer where it needs to be in terms of its compliance with the parameters set on the policy server.
--> No Native support for TAPE - "And the crowd goes wild" For many years I have been a believer in the "Tape is a four letter word" adage and I couldn't be more happy that Microsoft has taken a step towards getting people off of that old technology. This also means there is no more NTBackup; at least not as most of us know it. On a scheduled backup, the destination media is ALWAYS formatted before a backup is made. Now when the instructor said this we all thought he was crazy, but apparently this is true.
--> "Hot Patching" - We will notice that Security Patches require less frequent restarts under the 2008 platform. This is true for most non-kernel patches.
--> Terminal Services - Oh where to begin? The new TS features are some of the coolest changes that have been made. Terminal Services under 2008 now fully supports RDP 6.0 as opposed to 2003's 5.2. One of the most notable, and debatably the most useful new features is called TSRemoteApps. Essentially what this does is allow a user to run a program from their desktop seamlessly but be running it on the Terminal Server. This is something Citrix has been doing for years. Another thing Citrix has been doing for years that will be available is Terminal Services Web Access. This allows you to browse to a site and run an application from the terminal server from a program link on a web site. They go so far as to include a Sharepoint Webpart to accomplish this so that you could neatly integrate this with your Sharepoint deployment. Then there is Terminal Services Gateway; this allows you to securely implement Terminal Services over HTTPS. By wrapping your TS session in SSL it provides end to end encryption instead of the default two channel encryption. This also serves to provide greater compatibility for roaming users as seldom does anyone block port 443. Ok, now any TS admins dream, Terminal Services Easy Print. This is a technology that will install the client's print drivers into the Terminal Server without having to do this manually; I know this will save me lots of headache.
--> PowerShell - Blah Blah Blah, new command-line and scripting interface.
--> Self-Healing NTFS - As it stands now if the OS detects corruption in the file system the volume is marked "dirty" and a chkdsk on the concurrent reboot is necessary to clear this. Under 2008 this can be done inside the OS while it is running. This happens fairly autonomously and is transparent to the user except for some notable event logging.
--> Hyper-V - This can be thought of as the ability to partition a single physical server into multiple computational partitions. This is an additional "Layer" if you will, that sits between your HAL (no, not 9000) and the O/S (with another layer called the VMBus) illustrated here. What this does is provide better "separation" between the physical machine and the virtual machine while being able to more efficiently utilize the physical hardware under the virtual OS. Windows Server 2008 essentially integrates Virtual Server into the OS natively.
--> Windows System Resource Manager - This allows you to prioritize tasks on a server based on executable name. This takes it a step further than raising a processes priority or setting a processes affinity to a particular CPU.
Now I know I am not doing all of these features justice as there is simply a lot more to say but hopefully this gives you a good idea of some of the features coming down the pipe. Thanks for reading!
Technically,
-JC-
You are trying to open an OST that has been orphaned and are getting "ost file was configured for another mailbox".
Just Googling this turns up all kinds of people looking for a solution here. There is a (relatively) simple way of recovering when 2 things are true.
1.) You haven't removed the user's local profile that contained an "association" with the Exchange mailbox from which the OST was created. (Usually in c:\Documents and Settings\<username>)
2.) You are utilizing Outlook 2003 or better.
*You will want to create a local user account with which to do this.
So the first thing to understand is that the registry contains a "mapping" (if you will) of local profiles to user accounts. Second thing is that all user accounts, local and otherwise (the latter of which are beyond the scope of this conversation), have a Security Identifier or SID.
Login as 'Administrator' Open regedit and navigate to 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList". You will note several SIDs; these represent the accounts on your computer. You will note that the service accounts also have a SID. You want to select each of these subkeys and examine the 'ProfileImagePath' value. This will "point" to the local copy of each respective user profile. Identify the one that belongs to the account you created above *. Identify the one belonging to the old account with which you had the mailbox previously working (and thusly the OST). Change the value of the account you created to point to the previously working one.
Log off the administrator and login as the user you created. Make sure your OST is properly in place (usually c:\Documents and Settings\<username>\Local Settings \Application Data \Microsoft \Outlook).
You should now be able to open the OST and then export to PST and easily access your data to do with what you will.
If this seems like a bit much to you maybe you ought to consider hiring a professional (namely me) to do it for you.
=)
Cheers,
-JC-
If you support SBS and are like most IT Pros, you have probably logged into a server in the evening and been working on one thing or another and up pops the scheduled SBS backup. That is, if you always use the console session as it is a best practice (mstsc /console).
As an aside, I always encourage technicians' to log off of sessions when done; console or otherwise. This not only frees up memory by unloading tasks such as explorer.exe or any other thing that happens to interactively run based on a user logon, it also allows someone else to logon "behind" you thereby avoiding them the hassle of "the terminal server has exceeded the maximum number of allowed connections" error. I have also heard reports of problems being caused when snap-ins utilizing MMC are left open in remote sessions.
Getting back to the point, if you see the native backup launch under SBS while doing maintenance, you can safely log-off when done as the SBS integrated backup, while it does display interactively, runs under the context of the 'SBS Backup User' and therefore logging off of your session will not effect the backup in any way.
Just thought that would be good to throw out there.
Posts
All Comments
