Categories
Windows Server 2003

Renaming a Windows 2003 Domain Controller

Renaming a Windows Server 2003 Active Directory Domain Controller using the ‘netdom’ tool’

Whilst not an everyday occurrence, I would recommend deploying a new machine and running dcpromo on it in order to achieve this result. However, a native Windows 2003 Active Directory environment will permit name changes on Domain Controllers.

Please note that this is NOT possible in a Windows 2000 Server Active Directory Domain.

This guide illustrates the required commands for renaming the server ‘vm-dc1.home.net’ to ‘vm-dc.home.net’ (notice no ‘1’ in the name anymore)

Step One; add the additional name to the computer object.

Open a command prompt window and type:

netdom computername vm-dc1.home.net /add:vm-dc.home.net

Successfully added vm-dc.home.net as an alternate name for the computer.

The command completed successfully.

Service Principal Name (SPN) attributes will be updated using the netdom command and DNS records will be created for the new computer name.

After allowing sufficeient replication time I would suggest you verify the secondary name has been registered correct in Active Directory using adsiedit.msc. Simply find the original Computer Object and check the msDS-AdditionalDnsHostName attiribute has been populated with the new name.

Step Two; make the new name the primary name for the computer object.

Next, run the following command:

netdom computername vm-dc1.home.net /makeprimary:vm-dc.home.net

Successfully made vm-dc.home.net the primary name for the computer.

The computer must be rebooted for this name change to take effect. Until then this computer may not be able to authenticate users and other computers, and may not be authenticated by other computers in the forest. The specified new name was removed from the list of alternate computer names. The primary computer name will be set to the specified new name after the reboot.

The command completed successfully.

Using ADSI edit you will now see that the msDS-AdditionalDnsHostName attribute for the Computer Account is now populated with the old name.

Step Three; reboot the server.

Proceed with a reboot of the server.

Step Four; remove the old name.

Finally, run the command:

netdom computername vm-dc.home.net /remove:vm-dc1.home.net

Successfully removed vm-dc1.home.net as an alternate name for the computer.

The command completed successfully.

And that’s it!

Categories
Windows Server 2003

Reset the DSRM Password

How to reset the Directory Services Restore Mode (DSRM) Password

The importance of the DSRM password is often forgotten; many administrators will have never used Directory Services Restore Mode.

There is a simple procedure for resetting this crucial password using ntdsutil; from a command prompt window run the following commands:

C:\>ntdsutil

nntdsutil: set dsrm password
Reset DSRM Administrator Password: reset password on server domainController1
Please type password for DS Restore Mode Administrator Account: ********
Please confirm new password: ********
Password has been set successfully.
Reset DSRM Administrator Password: quit
nntdsutil: quit

C:\>

If you\\”ve forgotten your DSRM password, or you have any doubts I’d seriously reccomend changing the password so you know exactly what it is.

Categories
Windows Server 2003

Identify / Determine FSMO role holders in Active Directory

Identify / Determine / Find FSMO role holders in Active Directory

Illustrates how to use the ‘netdom‘ tool in order to find the FSMO role holders within your environment. These days the process for identification of FSMO role holders seems to be described in the most complex and long-winded of ways. Yes yes yes, this process can be done using the MMC snap-ins; Active Directoryy Users and Computers, Active Directory Domains and Trusts and Active Directory Schema. However, using the netdom utility supplied with the Windows Server 2000 / 2003 support tools it is possible to display this information almost instantly, in a single command window.

Simply run the following command form a command window.

netdom query fsmo

The output you recieve should look something like:

Schema owner vm-dc1.home.net
Domain role owner vm-dc1.home.net
PDC role vm-dc1.home.net
RID pool manager vm-dc1.home.net
Infrastructure owner vm-dc1.home.net

The command completed successfully

Categories
Windows Server 2003

IAS RADIUS Server Configuration for 802.1x EAP-MS-CHAP v2

IAS RADIUS Server Configuration for 802.1x EAP-MS-CHAP v2

This article describes the steps required to setup a resiliant 802.11x Wifi RADIUS authentication infrastructure; a must for any SMB.

This article assumes you have configured your Wireless Access Point with the desired radius server IP addresses / FQDNs and a shared secret.

IAS/Certificate Services Installation/Configuration Primary RADIUS Server

To optimize IAS authentication and authorization response times and minimize network traffic, install IAS on a domain controller.

  1. First, install IIS on your Domain Controller.
  2. Next, install Enterprise Certificate Authority Root – Enterprise Root Server Mode> Give the CA the same name as the server’s name
  3. Next Create a new Global Group > ‘Wireless Users and Computers’ Add Computer AND User Objects into this group that you wish to grant IAS RADIUS Access.
  4. Ensure that Users Account are configured to grant Remote Access (Dial In) permissions.
  5. Next Install IAS (via Add/Remove Programs > Windows Components)

You will also need to request a NPS/IAS/RADIUS Server Authentication certificate for each IAS server you wish to configure.

Create IAS RADIUS Clients

Next load the IAS MMC Snap-In Select Clients

  1. Rt-Click Clients > New > Enter a Friendly Name
  2. Ensure that Protocol is ‘RADIUS’
  3. Enter Access Point IP Address
  4. Select RADIUS Standard as the client vendor.
  5. Tick the Client must always send the signature attribute in the request
  6. Enter the shared secret as configured on the AP
  7. Click Finish

           RADIUS2.png

Configure Remote Access Policies

  1. Select Remote Access Policies
  2. Rt-Click Remote Access Policies > New Remote Access Policy>
  3. Enter a friendly name
  4. Click Next
  5. On the conditions window, click Add
  6. Select Windows Groups and click Add
  7. Click Add and then set Domain as location and earch for the Global Group, then click OK, you will return to the conditions window
  8. Click Add, select NAS-Port-Type and then select Wireless – IEEE 802.11
  9. Click Add, select Wireless – Other and then Click Add, you will return to the conditions window.
  10. Click Next
  11. Select Grant Remote Access Permission
  12. Click Edit Profile then select the ‘Authentication’ tab
  13. Enable Extensible Authentication Protocol, select PEAP as the EAP type from the drop down box
  14. Disable all other authentication types
  15. Click Configure under the Extensible Authentication Protocol group
  16. Ensure that Secured Password (EAP-MSCHAP-V2) is listed
  17. Select the IAS/RADIUS Server Authentication certificate you wish use for authentication (note if the certificate is to be replaced in future change it here)

           RADIUS3.png

    18. Click OK

    19. Click OK until the Remote Access Policy Configuration Window disappears!

RADIUS1.png

Perform the steps as above on the Secondary RADIUS server.

Client Configuration

Once laptop has detected AP, configure advanced options:

                Network Authentication should be set as: WPA using TKIP Data encryption
                Under Authentication select Protected EAP
                                Select Properties
                                Ensure Validate Server Certificate is selected
                                Ensure that Connect to these servers contains the RADIUS servers FQDN’s
                                Scroll down and select both RADIUS server certificates under Trusted Root Cert. Authorities
It may be necessary to manually install one of the Certificates to your client.

Client configuration can be completed using Group Policy; Computer Configuration/Windows Settings/Wireless (802.11) Policies

Manual Certificate Installation

Navigate Internet Explorer to:

  • http://your-certificateserver1/certsrv
  • http://your-certifcateserver2/certsrv

From each server retrieve the CA certificate’; download the CA certificate in DER encoded format.

ON the client load MMC and add the Certificates snap-in, select Computer account > Local computer. Expand Trusted Root Certificate Authorities and Select Certificates  > Right-Click certificates > Import >  Select the first RADIUS server’s CA certificate

 

Categories
Exchange Server 2003

Automatic MAPI Profile Creation for Outlook XP / 2000/3/7

Automatic MAPI Profile Creation for Outlook 2000 / XP / 2003 & 2007

Like many Wintel Administrators I was presented with the requirement to automate MAPI profile creation on our Citrix Farm; this requirement was later extended to our Windows XP workstations running a multitude of different Outlook versions.

When auto-generating a MAPI profile in Outlook 2000 (Outlook v9) it is necessary to use the NewProf.exe tool along with a PRF file, newer versions of Outlook (Outlook v10+) are able to read a PRF file directly if configured to read the file on first run for a user.

The following script is Cross Platform (i.e Windows and Outlook) compatible; and must be used along with the PRF file further down:

Const ForReading = 1
Const ForWriting = 2

Set WshShell = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“Scripting.FileSystemObject”)
windir = WshShell.ExpandEnvironmentStrings(“%windir%”)

Set objNetwork = CreateObject(“Wscript.Network”)
currentDomain = objNetwork.UserDomain
currentUser = objNetwork.UserName

‘——————————– Mk2
‘Create an instance of Outlook so that it can be queried for it’s version
Set objOLK = CreateObject(“Outlook.Application”)
OLKVer = left(objOLK.Version,inStr(1,objOLK.Version,”.”)-1)
objOLK.Quit

‘If Outlook version is later than 2000 then make this registry change so that Outlook imports the PRF on first run
If OLKVer > 9 Then
‘Set Wsh = CreateObject(“Wscript.Shell”)
If CheckRegKey(“HKEY_CURRENT_USER\Software\Microsoft\Office\” & OLKVer & “.0\Outlook\Setup\First-Run”) = TRUE Then
RetVal = WshShell.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Office\” & OLKVer & “.0\Outlook\Setup\First-Run”)
End If
RetVal = WshShell.RegWrite(“HKEY_CURRENT_USER\Software\Microsoft\Office\” & OLKVer & “.0\Outlook\Setup\ImportPRF”,_
WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”)
‘Set Wsh = Nothing
End If

‘———————— Establish 16bit names for fso – required for newprof tools
arrPath = Split(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”),”\”)
For Each str in arrPath
If Len(str) > 7 Then
str = Left(str,6) & “~1”
End If
If fullpath = “” Then
fullpath = str
Else
fullpath = fullpath & “\” & str
End If
Next
savePath = fullpath & “\MYDOCU~1\PST\”

If Not fso.FileExists(WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\Outlook.prf”) Then
WScript.Quit
End If

‘Read contents of Template prf file
Set fsoTextStream = fso.OpenTextFile(WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\Outlook.prf”, ForReading)
strTmpPrf = fsoTextStream.ReadAll
fsoTextStream.Close

‘Search though the array of lines and replace anything with %username% with logon name
Set vbsRegExp = New RegExp
vbsRegExp.Pattern = “%username%”
vbsRegExp.Global = True
vbsRegExp.IgnoreCase = True
strNewPrf1 = vbsRegExp.Replace(strTmpPrf,currentUser)
Set vbsRegExp = Nothing

‘Search though the array of lines and replace anything with %userprofile% with env var userprofile
Set vbsRegExp = New RegExp
vbsRegExp.Pattern = “%userprofile%”
vbsRegExp.Global = True
vbsRegExp.IgnoreCase = True
strNewPrf2 = vbsRegExp.Replace(strNewPrf1,savePath)
Set vbsRegExp = Nothing

If Not fso.FolderExists(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\”) Then
fso.CreateFolder WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\”
End If

If Not fso.FileExists(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”) Then
‘fso.DeleteFile(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”)

Set fsoTextStream = fso.CreateTextFile(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”, ForWriting)
fsoTextStream.Write strNewPrf2
fsoTextStream.Close

‘fso.CopyFile WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf” ,_
‘ WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\Outlook.prf”, True

End If

‘Add code for Outlook 2K (9) only

If OLKVer =<9 AND fso.FileExists(WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\newprof.exe”) Then
cmd = WshShell.Run(“%comspec% /c (” & WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\newprof.exe -p ” _
& savePath & “Outlook.prf -x)”,0,True)
End If

‘**** CheckRegKey(RegStr)
Function CheckRegKey(RegStr)
On Error Resume Next
Wsh.RegRead RegStr
If Err Then
CheckRegKey = False
Else
CheckRegKey = True
End If
On Error Goto 0
End Function

Save the above code in to a new fie named ‘profgen.vbs.’ A group policy should then be created and this script assigned as a logon script for users.

The following code should be saved into a new file named ‘outlook.prf‘:

; Outlook PRF file for Exchange Server users
; ——————————————-
; Copyright (C), Microsoft Corporation, 1996.
;
; The following PRF file is included as an example of how to create a PRF file that will
; configure Outlook users with Exchange Server. Section 1, 2, and 3 may be modified.
; DO NOT MODIFY SECTION 4. It will most likely cause Exchange services to crash.
; Be very careful when editing to ensure property values match their property types.
; NOTE: The HomeServer setting for the Microsoft Exchange Server must be filled in
; before using this file.
;
; For information about how to disable Outlook Profile Setup and instead use the
; the Inbox Setup Wizard, see NONE.PRF in the Office Resource Kit.

; ************************************************************************
; Section 1 – Profile defaults.

[General]
Custom=1
; — Required. Indicates that this is a customized PRF file.
ProfileName=%username%
DefaultProfile=Yes
OverwriteProfile=No
DefaultStore=Service2

; ************************************************************************
; Section 2 – Services in profile.

[Service List]
Service1=Microsoft Outlook Client
Service2=Microsoft Exchange Server
Service3=Outlook Address Book
Service4=Archived Messages
;Service5=

; ************************************************************************
; Section 3 – Default values for each service.

[Service1]
EmptyWastebasket=TRUE
SelectEntireWord=TRUE
AfterMoveMessage=2
CloseOriginalMessage=FALSE
GenReadReceipt=FALSE
GenDeliveryReceipt=FALSE
DefaultSensitivity=0
DefaultPriority=1
SaveSentMail=TRUE

; **** Customized Outlook Client properties ****
CloseOriginalMsg=1
AllowCommaAsSeparator=1
MarkMyComments=0
AutoArchiveInterval=60
DefaultArchiveFile=”%userprofile%%username%.pst”

[Service2]
ConversionProhibited=TRUE
MailboxName=%username%
HomeServer=MAILSERVER
; Required.
; — The name of the Microsoft Exchange Server the user should
; connect to (ex: ALEX). You can specify any Microsoft Exchange Server
; in your site, and the correct Home Server will be assigned
; when the user first logs on.

[Service3]
Ben=TRUE
; — Dummy property. Do not delete or modify.

[Service4]
PathToPersonalFolders=”%userprofile%%username%.pst”
RememberPassword=TRUE
EncryptionType=0x40000000
Password=

[Service5]
PathToPersonalAddressBook=”%userprofile%%username%.pab”
ViewOrder=1

; ************************************************************************
; Section 4 – Mapping for profile properties. DO NOT MODIFY.

; ************************************************************************
; Microsoft Outlook Client definitions

[Microsoft Outlook Client]
SectionGUID=0a0d020000000000c000000000000046

EmptyWastebasket=PT_BOOLEAN,0x0115
; — A boolean value indicating whether or not to empty the
; wastebasket on exit.

SelectEntireWord=PT_BOOLEAN,0x0118
; — A boolean value indicating whether or not to select entire
; words when selecting.

AfterMoveMessage=PT_LONG,0x013B
; — Indicates what to do after moving or deleting a message.
; Possible values are shown below:
; 0 – Open Next Message
; 1 – Return to Viewer
; 2 – Open Previous Message

CloseOriginalMessage=PT_BOOLEAN,0x0132
; — A boolean value indicating whether or not to close the
; original message after replying.

GenReadReceipt=PT_BOOLEAN,0x0141
; — A boolean value indicating whether or not to generate
; a read receipt on sent mail.

GenDeliveryReceipt=PT_BOOLEAN,0x014C
; — A boolean value indicating whether or not to generate
; a delivery receipt on sent mail.

DefaultSensitivity=PT_LONG,0x014F
; — The default sensitivity to send mail with.
; Possible values are shown below:
; 0 – Normal
; 1 – Personal
; 2 – Private
; 3 – Confidential

DefaultPriority=PT_LONG,0x0140
; — The default priority to send mail with.
; Possible values are shown below:
; 0 – Low
; 1 – Normal
; 2 – High

SaveSentMail=PT_BOOLEAN,0x0142
; — A boolean value indicating whether to save a copy of
; sent messages in the sent items folder.

; **** Custom entries added by [email protected] ****

CloseOriginalMsg=PT_BOOLEAN,0x0132
; — A boolean value indicating whether Outlook should close original
; message when replying or forwarding.

MarkMyComments=PT_BOOLEAN,0x0319
; — A boolean value indicating whether Outlook should mark comments
; in a reply message with the users name.

AllowCommaAsSeparator=PT_BOOLEAN,0x0350
; — A boolean value indicating whether Outlook should allow a comma
; to be used as an address separator.

AutoArchiveInterval=PT_LONG,0x0323
; — The default is to auto archive every 14 days.
; Possible values are shown below:
; 1 – 60

DefaultArchiveFile=PT_STRING8,0x0324
; — The path and file name for the default auto archive file.
; ex: c:\home\rickva\outlook\archive.pst

; ************************************************************************
; Microsoft Exchange Server service definitions.

[Microsoft Exchange Server]
ServiceName=MSEMS
MDBGUID=5494A1C0297F101BA58708002B2A2517

MailboxName=PT_STRING8,0x6607
; — The name of the user’s Exchange Server Mailbox

HomeServer=PT_STRING8,0x6608
; — The name of the Microsoft Exchange Server the user should
; connect to. You can specify any Microsoft Exchange Server
; in your site, and the correct Home Server will be assigned
; when the user first logs on.

OfflineFolderPath=PT_STRING8,0x6610
; — The path to the Offline Store File that contains
; local replicas of the user’s Mailbox and Favorites.
; If you do not specify a value, no Offline Store will
; be created. If you specify a path, an Offline Store
; will be created and the Inbox, Outbox, Deleted Items,
; and Sent Items folders will be replicated to it.

OfflineAddressBookPath=PT_STRING8,0x660E
; — The path to the directory to store offline address
; book files in.

ExchangeConfigFlags=PT_LONG,0x6601
; — Flags that control behavior when connecting to the Exchange
; Server.
; The following values are possible:
; VALUE RESULT
; 4 Normal
; 6 Ask whether to connect or work offline at startup.
; 12 Allow clients to be authenticated via the Internet
; 14 Combination of 6 and 12.

ConversionProhibited=PT_BOOLEAN,0x3A03
; — A boolean value indicating whether NEWPROF should
; attempt to resolve the Exchange mailbox name at run time.
; If set to TRUE, NEWPROF will copy the name to the profile
; without resolving it.
; If FALSE, the name will be resolved. Invalid server or
; mailbox name will not be copied to the profile.

; ************************************************************************
; Microsoft Mail service definitions.

[Microsoft Mail]
ServiceName=MSFS

; — The path to the users post office. Mapped network drives, UNC and NETWARE paths
; are acceptable. NETWARE paths of the type NWServer/share:dir\dir1 are converted to
; UNC paths of the type \\NWServer\share\dir\dir1.

ServerPath=PT_STRING8,0x6600

; — The users mailbox name. eg. in a NET/PO/USER address,
; this is USER. The maximum mailbox name is 10 characters.

Mailbox=PT_STRING8,0x6601

; — The users mailbox password. The maximum password is 8 characters.

Password=PT_STRING8,0x67f0

; — A boolean value indicating whether the users password is
; to be remembered in the profile or not. This is useful because
; if the password is remembered the user can bypass the logon prompt
; if his server path, mailbox name and password are all supplied.

RememberPassword=PT_BOOLEAN,0x6606

; — The connection type. This may be one of CFG_CONN_AUTO, CFG_CONN_LAN,
; CFG_CONN_REMOTE, CFG_CONN_OFFLINE as defined below.
;
; 0x0 — LAN type connection. Used to connect to the post office using a
; UNC path or pre-existing mapped drive.
; 0x1 — Dial up connection using Dial-up Networking.
; 0x2 — Not connected.
; 0x3 — Automatically detect whether the connection type is LAN or REMOTE.
; This connection type is only available on Win95.

ConnectionType=PT_LONG,0x6603

; — A boolean value indicating whether session logging
; is on or off.

UseSessionLog=PT_BOOLEAN,0x6604

; — The path to the session log file.

SessionLogPath=PT_STRING8,0x6605

; — A boolean value which indicates whether mail in the outbox
; is sent.

EnableUpload=PT_BOOLEAN,0x6620

; — A boolean value which indicates whether mail in the server
; mailbag is downloaded.

EnableDownload=PT_BOOLEAN,0x6621

; — A bit array which allows the user to indicate which addresses
; for which the transport is to attempt delivery. This is useful
; in order to allow a user to specify that a transport only handle
; delivery for a subset of the addresses it can really process.
; When multiple transports are installed and the user wants a
; different transport to handle some specific address types they
; can use this bit array to specify that the MSMAIL transport
; only handle a specific set of addresses.
;
; Possible values as defined below include:
;
; 0x00000001 — Local Post Office and External Post Office address types
; 0x00000002 — PROFS address types
; 0x00000004 — SNADS address types
; 0x00000008 — MCI address types
; 0x00000010 — X.400 address types
; 0x00000040 — FAX address types
; 0x00000080 — MHS address types
; 0x00000100 — SMTP address types
; 0x00000800 — OfficeVision address types
; 0x00001000 — MacMail address types
; 0x000019df — All of the above address types

UploadMask=PT_LONG,0x6622

; — A boolean value which indicates whether a netbios notification
; is sent to a recipients transport when mail is delivered to
; their server inbox.

NetBiosNotification=PT_BOOLEAN,0x6623

; — The polling interval in minutes when the transport
; checks for new mail. 1 <= polling interval <= 9999

NewMailPollInterval=PT_STRING8,0x6624

; — A boolean value which, if TRUE, only displays the Microsoft Mail Global Address
; list for name selection. The Postoffice list, external post office lists, and gateway
; address lists are not shown.

DisplayGalOnly=PT_BOOLEAN,0x6625

; — A boolean value which indicates whether the user wants to enable
; headers while working on the LAN. Headers mode allows the user
; to download message headers and selectively choose which mail
; to download.

UseHeadersOnLAN=PT_BOOLEAN,0x6630

; — A boolean value which indicates whether the user wants to use
; name resolution based on a local copy of the server address book
; rather than the server address book itself.

UseLocalAdressBookOnLAN=PT_BOOLEAN,0x6631

; — A boolean value which indicates whether EXTERNAL.EXE, a server process, should be used
; to deliver submitted mail messages. This is sometimes useful when mail is running
; on a slow LAN connection.

UseExternalToHelpDeliverOnLAN=PT_BOOLEAN,0x6632

; — A boolean value which indicates whether the user wants to enable
; headers while working over a slow speed link. Headers mode
; allows the user to download message headers and selectively
; choose which mail to download.

UseHeadersOnRAS=PT_BOOLEAN,0x6640

; — A boolean value which indicates whether the user wants to use
; name resolution based on a local copy of the server address book
; rather than the server address book itself.

UseLocalAdressBookOnRAS=PT_BOOLEAN,0x6641

; — A boolean value which indicates whether EXTERNAL.EXE, a server process, should be used
; to deliver submitted mail messages. This speeds up message delivery when mail is
; running on a Dial-up network connection.

UseExternalToHelpDeliverOnRAS=PT_BOOLEAN,0x6639

; — A boolean value which indicates that a Dial-up Network connection should
; be established when the transport provider starts up.

ConnectOnStartup=PT_BOOLEAN,0x6642

; — A boolean value which indicates that a Dial-up Network connection should
; be automatically terminated when headers are finished downloading.

DisconnectAfterRetrieveHeaders=PT_BOOLEAN,0x6643

; — A boolean value which indicates that a Dial-up Network connection should
; be automatically terminated after mail has finished being sent
; received.

DisconnectAfterRetrieveMail=PT_BOOLEAN,0x6644

; — A boolean value which indicates that a Dial-up Network connection should
; be automatically terminated when the provider is exited.

DisconnectOnExit=PT_BOOLEAN,0x6645

; — The name of the Dial-up Network profile that the transport will use by
; default to attempt the connection.

DefaultDialupConnectionName=PT_STRING8,0x6646

; — Number of times to attempt dial for connection.
; 1 <= retry attempts <= 9999

DialupRetryCount=PT_STRING8,0x6648

; — Delay between retry attempts in seconds.
; 30 <= retry delay <= 9999

DialupRetryDelay=PT_STRING8,0x6649

; ************************************************************************
; Personal Folders service definitions.

[Archived Messages]
ServiceName=MSPST MS

; — Path to personal folders.

PathToPersonalFolders=PT_STRING8,0x6700

; — A boolean value that determines if the personal folders password
; should be cached.

RememberPassword=PT_BOOLEAN,0x6701

; — A value that designates the type of encryption that is used to
; compress the data in the PST:
;
; No Encryption 0x80000000
; Compressable Encryption 0x40000000
; Best Encryption 0x20000000

EncryptionType=PT_LONG,0x6702

; — PST password.

Password=PT_STRING8,0x6703

; ************************************************************************
; Personal Address Book service definitions.

[Personal Address Book]
ServiceName=MSPST AB

; — Path to personal address book.

PathToPersonalAddressBook=PT_STRING8,0x6600

; — Determines if PAB entries are first, last, or last, first.
;
; first last 0
; last, first 1

ViewOrder=PT_LONG,0x6601

; ************************************************************************
; Outlook Address Book service definitions.

[Outlook Address Book]
ServiceName=CONTAB
Ben=PT_STRING8,0x6700
; — Dummy property. Do not modify.

Finally we have to ensure the availability of the required files for the profgen.vbs VBScript. This is completed by running a machine start-up script attached to a group policy. First, copy the NewProf.exe, outlook.prf into your domains NETLOGON share (i.e \\mydomain.com\NETLOGON). Then copy the code below into a new text file and save it as comp-startup.vbs. Assign this script as machine startup script for all machines you wish to automate MAPI profilecreation on.

Set objNetwork = CreateObject(“Wscript.Network”)
Set fso = CreateObject(“Scripting.FileSystemObject”)

Set oShell = CreateObject( “WScript.Shell” )
windir = oShell.ExpandEnvironmentStrings(“%windir%”)

target = windir & “\NEWPROF.EXE”
If Not (fso.FileExists(target)) Then
‘If it exists overwrite it.
fso.CopyFile “\\mydom.com\netlogon\NEWPROF.EXE”, windir & “\” ,True
End If

‘target = windir & “\Prfpatch.exe”
‘If Not (fso.FileExists(target)) Then
‘If it exists overwrite it.
‘ fso.CopyFile “\\mydom.com\netlogon\Prfpatch.exe”, windir & “\” ,True
‘End If

target = windir & “\outlook.prf”
If Not (fso.FileExists(target)) Then
‘If it exists overwrite it.
fso.CopyFile “\\mydom.com\netlogon\outlook.prf”, windir & “\” ,True
End If

 

 

Categories
Windows Server 2003

Deploying Outlook 2007 via Group Policy

Deploying Outlook 2007 via Group Policy

There are 2 options for deploying Outlook 2007 via Group Policy:

1) Using the supplied MSI and modifying the config.xml file

2) Calling setup from a group-policy machine start up script and installing using a customised MSP file.

 

Option 1 Cons / Option 2 Pros

Option 1 is limiting in that you are not able to integrate service packs and updates by adding the MSP files to the Upgrades directory in the root of your installation folder. Option 2 allows you to achieve this. This means you cannot automate integration of SP1 with Option 1.

Option 1 also limits your setup options, whereas you can use the following command to create an entirely modified and personalised Outlook 2007 setup: setup /adminOption 1 will not allow you to upgrade a previous version of Outlook to 2007 unless you specifically deployed Outlook via group policy and not a complete Office Suite installation that included Outlook.

If you attempt to upgrade using Option 1 setup will install the files but Outlook 2007 will show as ‘Not Available’ when you try to modify the setup. This is due to Group Policy; even though you specify the ‘Setting Id=”RemovePrevious” Value=”OUTLOOKFiles” ’ setup will not upgrade the previous version as group policy does not see the installation as an upgrade.

Furthermore, instructing the new Outlook 2007 GPO to upgrade your previous version of Office will also fail.Option 2 will allow you to upgrade a previous installation of Outlook to 2007, even if your Outlook install is part of an full Office Suite.

 

Option 1 Pros / Option 2 Cons

Option 2, however, will not allow you to ‘manage’ the software; if a machine falls out of the scope of the install script Outlook will not be uninstalled. Option 1 would enable you to manage software in this way.

 

Conclusion

With the above in mind I opted for Option 2 as I was performing an upgrade to 2007 from 2000 so it really was a no brainer. I combined the MSP based setup with a start-up script written in vbScript. This is configured in a new GPO and set as a machine start-up script. The scope of the GPO depends upon machine membership within a particular group within AD: thus providing a granular and controlled method of deployment.

Const HKEY_LOCAL_MACHINE = &H80000002
Set WshShell = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“Scripting.FileSystemObject”)
Set objNetwork = CreateObject(“Wscript.Network”)
strComputerName = objNetwork.ComputerName
InstallDIR = WshShell.ExpandEnvironmentStrings(“%PROGRAMFILES%”) & “Microsoft OfficeOffice12”
target = InstallDIR & “OUTLOOK.exe”
 
If NOT fso.FileExists(target) Then ”If there is no Outlook 2007 executable install Outlook 2007
    cmd = WshShell.Run(“file_serveroutlook2007$setup.exe /adminfile file_serveroutlook2007$Outlook2K7UPDT.MSP”,0,True)
    ‘Create Outlook Desktop Icon
    Set objNetwork = CreateObject(“Wscript.Network”)
    Set wmiLocator = CreateObject(“WbemScripting.SWbemLocator”) ”Object used to get StdRegProv Namespace
    Set wmiNameSpace = wmiLocator.ConnectServer(objNetwork.ComputerName, “rootdefault”) ‘ Registry Provider (StdRegProv) lives in rootdefault namespace.
    Set objRegistry = wmiNameSpace.Get(“StdRegProv”)
    objRegistry.CreateKey HKEY_LOCAL_MACHINE, ”   SoftwareMicrosoftWindowsCurrentVersionExplorerDesktopNameSpace{00020D75-0000-0000-C000-000000000046}]”
End If