Changing OWA time out on an Exchange 2007 Server

By default the Outlook Web Access (OWA) will automatically time out for the security purposes. This feature has been designed to restrict unauthorized access to any mailbox when the user is using a public or shared computer. You can select this option before you logon to your mailbox.

OWA_TO_01    OWA_TO_02

Though this feature is good for security reasons it may be annoying for many users who use OWA regularly and they may not want to enter the password several times after the time out. This can settled down with a simple registry tweak on the CAS server that runs your Internet facing OWA site. This can be done by following registry modification:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeOWA
Name: PublicTimeout
Type: DWORD
Value: {value in minutes} (This value is 15 minutes by default)

The above suggestion applies only when the user selects the Public Computer option from the OWA logon screen. For the user who select the Private Computer from the logon screen you might want to modify:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeOWA
Name: PrivateTimeout
Type: DWORD
Value: {value in minutes} (This value is 8 hours by default)

If you don’t see the DWORD values named, PublicTimeout and PrivateTimeout then you have create then manually.

Microsoft Exchange 2007 Service Pack 2 available

 Last week Exchange Service Pack 2 has become available! Here are some new features: 

  • Enhanced Auditing – New Exchange auditing events and audit log repository enable Exchange administrators to more easily audit the activities occurring on their Exchange servers. It allows the right balance of granularity, performance, and easy access to audited events via a dedicated audit log repository. This simplifies the auditing process and makes review of audited events easier by segregating audited events in a dedicated location.
  • Exchange Volume Snapshot Backup Functionality A new backup plug-in has been added to the product that will enable customers to create Exchange backups when a backup is invoked through the Windows Server 2008 Backup tool. Exchange Server 2007 didn’t have this capability on Windows Server 2008 and additional solutions were required to perform this task.
  • Dynamic Active Directory Schema Update and Validation – The dynamic AD schema update and validation feature allows for future schema updates to be dynamic deployed as well as proactively preventing conflicts whenever a new property is added to the AD schema. Once this capability is deployed it will enable easier management of future schema updates and will prevent support issues when adding properties that don’t exist in the AD schema.
  • Public Folder Quota Management – SP2 enables a consistent way to manage quotas by improving the current PowerShell cmdlets to perform quota management tasks.
  • Centralized Organizational Settings – SP2 introduces new PowerShell option that enable centralized management of many of the Exchange organization settings.
  • Named Properties cmdlets – SP2 enables Exchange administrators to monitor their named property usage per database.
  • New User Interface for Managing Diagnostic Logging– SP2 enables Exchange administrators to easily configure and manage diagnostic logging from within the Exchange Management Console.
  • You can download Exchange 2007 Serivce Pack 2 here.

    Managing the Event Viewer with PowerShell

    An easy way to manage your windows event viewer is to use PowerShell. With some simple commands you can open all the events. Let’s have a look on that….

    Get-EventLog *
    (gives an overview of all the available event sources)

    Get-EventLog -LogName”DNS Server”
    (gives all the event logs in the DNS server log)

    Get-EventLog -LogName “DNS Server” -Newest 10
    (gives the newest 10 event logs in the DNS server log)

    event_01    event_02    event_03

    When you put the following commands into a PS1 file and schedule it on a specific server, you’ll receive the event logs in an e-mail! 🙂
    (in this example you’ll receive an e-mail from eventviewer@e2k10.local with the 10 newest event logs)

    —————————————————————————
    $body = Get-EventLog -LogName “dns server” -Newest 10 | out-string
    $From = “eventviewer@e2k10.local”
    $to = “administrator@e2k10.local”
    $server = “srv-exc2010.e2k10.local”
    $subject = “Event Viewer – srv-exc2010.e2k10.local”
    $msg = new-object System.Net.Mail.MailMessage $From, $to, $subject, $body
    $client = new-object System.Net.Mail.SmtpClient $Server
    $Client.Send($msg)
    —————————————————————————

    event_04

    Exchange 2007 change permissions on your Information Store

    If you’re using a service account for example your backup software, it’s some times nessesary that this account has full controll permissions on all the mailboxes in your Exchange environment. Now you can set the full controll permissions on all the mailboxes, but it’s better to set the permissions on your information store. So if there are new mailboxes created, they have also the right permissions automatically. With the following command you can set the permissions on information store level:

    get-mailboxserver Servername | add-adpermission -user svc-backup -accessrights GenericRead, GenericWrite -extendedrights  Send-As, Receive-As, ms-Exch-Store-Admin

    Exchange 2007 export all distribution groups

    In some situations it’s verry usefull to have an export of all the available distribution group in your Exchange 2007 environment. With the following script you can export alle the distribution groups with there Name, Alias, SMTP address and secundary SMTP addresses.

    —————————————————————————————————
    Get-DistributionGroup | select name , alias ,EmailAddresses | foreach {
      “Name: “+$_.name
      “Alias: “+$_.alias
       $_.EmailAddresses | foreach {
         if($_.SmtpAddress){
         “SmtpAddress: “+$_.SmtpAddress
       }
    }
    write-host
    }
    —————————————————————————————————

    When you copy and past this code in notepad and save it as Get_Dis.ps1 , you get the following export for example:

    Name: Exchange Team
    Alias: ExchangeTeam
    SmtpAddress: Exchange2003Team@e2k7.local
    SmtpAddress: Exchange2007Team@e2k7.local
    SmtpAddress: ExchangeTeam@e2k7.local

    Name: ICT Helpdesk
    Alias: ICTHelpdesk
    SmtpAddress: Helpdesk@e2k7.local
    SmtpAddress: ICTHelpdesk@e2k7.local

    Name: ICT Management
    Alias: ICTManagement
    SmtpAddress: ICTManagement@e2k7.local

    Exchange 2007, find all mailboxes hidden from the GAL

    With the following command you can list all the mailboxes that are hidden from the GAL (Global Address List). A very usefull command when you’ve to perform a migration from Exchange to Exchange and you’ve pre-created the new Exchange mailboxes.

    Get-Mailbox | Where {$_.HiddenFromAddressListsEnabled -eq $true} | ft -wrap

    Get-Mailbox | Where {$_.HiddenFromAddressListsEnabled -eq $true} | Select Name, HiddenFromAddresslistsEnabled, ExchangeVersion

    pwsh_011

    Exchange 2007 view all the full access permissions

    To view all the full access permissions on all the mailboxes in your environment, you can use the following command in the Exchange Management Shell.

    Get-Mailbox | Get-mailboxpermission | where {-not ($_.User -like “NT AUTHORITY\SELF”)} | Ft -wrap

    fullaccess_01

    When you want the full access permissions configured on one specific mailbox, you can add the -identity switch. For example:

    Get-Mailbox -identity systeembeheer | Get-mailboxpermission | where {-not ($_.User -like “NT AUTHORITY\SELF”)} | Ft -wrap

     fullaccess_02