Windows Intune (The future of Small and Medium Businesses?)
Windows Intune is hitting the market and making a splash as Microsoft continues to explore cloud services. I've used all the features of windows intune and its long term success is really determined on how much polish the product has.
Intune is basically Windows Server Update Services (WSUS), System Center Essentials, Microsoft Forefront, Windows Assistance, and Lifetime Windows upgrades from the cloud. So take all these roles away from your internal servers and are farmed out to the cloud at $11 dollars per PC a month. It looks very promising except Microsoft isn't always the best at these things, and here is my rundown of the limitations.
WSUS - Easy to install and monitor from your file server with little footprint. Almost no benefit having this bundled in to Intune, other than putting everything in one spot. This is also a free add-on to any server environment
System Center Essentials - I have a love/hate relationship with SCE, and I'm not all that impressed with it. It can be, at times, a nightmare to keep up-to-date with the alerts from the servers and desktops. Its not without its merits, and has been improved since the 2007 version I've used. I think having a polished slimmed down SCE for Intune was a great idea. Only time will tell if this is worth it.
Microsoft Forefront - I don't like forefront, and it does an OK job of virus scans and anti-spam. Personally, I don't think it would beat a Trend Micro or Symantec Solution, but its not a deal breaker. Again, the convenience of everything in one spot is nice.
Windows Assistance - Never been a fan of windows assistance, because it relies on the end-user to initiate the connection. Direct remote access is needed without end-user assistance, and find this feature lacking.
Lifetime Windows Upgrades - This is where Intune really shines. It offers unlimited upgrades to all computers in your environment. I know we all have windows XP machines still, and having them all upgrade to Windows 7 would be nice.
Conclusion
I think for a small branch office or even a small/medium business with limited IT, this would be a decent solution. I personally think its overpriced and needs to mature more before I'd put my business on this solution. The one thing that would push me over the edge is the Unlimited Windows Upgrades which would be very nice to have. However, Microsoft really needs to step up there game, because they aren't the only player in the space. My recommendation would be towards Kaseya solution. Its a fraction of the cost $2 per PC, and its been in the market for several years. Kaseya does require a more gifted hand than Microsoft Intune, but would be much better bang for the buck.
Disable Outlook Anywhere in Group Policy Object (GPO)
By default the standard outlk12.adm templates do not come with a configuration of Outlook Anywhere. You can configure the "Configure Outlook Anywhere user interface options" options to disable or grey out the settings. However, this DOES NOT disable Outlook anywhere, just user interaction with it.
You will need to download a new administrative template that microsoft released in this hotfix. If you don't like reading microsoft's wonderful support site instructions or Microsoft changes their support site after this blog post, here is the file and instructions paraphrased.
1. Download Add-On Outlook Anywhere Administrative Template here...article-961112 (unzip to reveal article-961112.adm file).
2. In the Group Policy Object Editor add the Article-961112.adm file:
Right-click Administrative Templates and click Add/Remove Templates.
In the Add/Remove Templates dialog box click Add.
In the Policy Templates dialog box locate and select the Article-961112.adm file. Click Open.
Click Close in the Add/Remove Templates dialog box.
3. Under User Configuration in Administrative Templates expand the policy node labeled Article 961112 Policy Settings. (Note: You may see this under Classic Administrative Templates in a sub-menu)
4. Select the Outlook Anywhere (RPC/HTTP) node to list the following policies under the Setting column in the right-pane:
RPC/HTTP Connection Flags -> Set to Enabled -> No Flags
Proxy Server Name -> Do not change
Only Connect if Proxy Server certificate has this principal name -> Do not change
Proxy authentication Setting -> Do not change
5. Double-click each policy to configure the appropriate RPC/HTTP setting for your Outlook clients.
Target Specific People or Computers with Item-Level Targeting in GPOs
Using Group Policy Objects can be a huge time saver, but if used improperly can be a big headache. Once you've messed around with GPO settings enough, you quickly figure out that you need to create new GPOs for specific programs, events, etc... that are not all in one GPO. This gives you a lot more flexibility and makes it very easy to track down troublesome GPO related issues when done properly. Now lets say you create a Power Savings GPO that you want to apply only to computers that meet certain conditions. WMI, Security, and Site Filtering are all too broad for this task, and you want to use Item-Level Targeting. After you create your Group Policy Object you will need to add this setting to the GPO.
In Group Policy Management Settings
-User Configuration -> Preferences -> Control Panel -> Regional Options
-Right-Click and Select New
-Navigate to Common Tab
-Check Item-Level Targeting and Press Targeting...
From here you will be able to select tons of critaria that you want to meet for your GPO. This can be system requirements to install a program, or only select certain Operating Systems. You can also add is not tags that will rule out any computer that meet that criteria. The options are limitless and its very easy to incorporate in your GPO. Personally, I never use the often complicated and time consuming WMI Filters anymore.
Disable RSS Feed in Outlook 2007 using GPO (Group Policy Object)
First install the 2007 Office system Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool version 2.0 if you haven't already done so.
In Group Policy Editor navigate to User Configuration -> Polices -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools | Account Settings -> RSS Feeds
-Default RSS Feeds -> Set to Disabled
-Synchronize Outlook RSS Feeds with Common Feed List -> Set to Disabled
-Turn off RSS Feature -> Enabled
After all these are set you can reboot the workstations or force a GPO update by using gpupdate /force
By disabling RSS feeds you are cleaning up space on your Exchange store and speeding up your users outlook. I recommend doing this in any business.
ShareScan for Canon (MEAP) Scanner will not load connectors
Fixing communication problems with Canon Imagerunner Copier connectors.
-Verify you have all the proper firewall ports open (9030 and 9100 are a MUST!)
-Verify you have connectivity to the copiers
-Unload and Reload the Copiers in ShareScan
-Start and Stop eCopy ShareScan Agent / Manager Service in Windows
-Power Cycle Copiers
If the Copiers are displaying "unable to connect to 192.168.x.x" and pressing the connect button only freezes the copier momentarily and then brings you back to this screen. The Copier's Internal Service will need to be start and stopped. Here is how you do this:
-Login to the copier via internet browser (i.e. http://192.168.x.x:8000/sms/)
-Enter "MeapSmsLogin" as the password
-Start and Stop the Service
-Exit and you should see your connectors
System Center Essentials 2007 OperationsManager SQL DB too large (4GB +)
I run System Center Essentials 2007 and by default it installs into SQL Server Express on EBS Installations. This is normally not an issue, but if the database grows larger than 4GB than you will no longer get the benefit of SCE 2007 as SQL Server Express has a 4GB limitation on its databases. I noticed that my database was growing considerably and before I knew it my OperationsManager DB was larger than 4GB.
First, I groomed the database and reduced all retention periods via the EBS teams SCE 2007 blog post. For instructions on how to groom SCE 2007, here is their blog post. This outlined how to reduce the retention period of various SCE 2007 buckets in both SQL Server Management Studio and SCE 2007 Administrative Console.
Second, I used shrink on the OperationsManager and OperationsManagerDW Databases in SQL Management Studio. This is done via SQL Query or by Right Clicking Database -> Tasks -> Shrink -> Database. On next screen leave options default and hit OK.
These both helped me considerably, but I noticed the OperationsManager was still quite large. I found a solution on Experts Exchange that finally reduced the Database well below the 4GB limit. There is aparently a bug in SCE 2007 SP1 that bloats the dbo.LocalizedText table to several gigs if left unchecked for a year. Here is a complete Solution step-by-step.
Step 1: Create a Backup of the Database
-Right-Click OperationsManager -> Tasks -> Back Up...
Step 2: Verify you have a large dbo.LocalizedText table
-Run the Following SQL Query on OperationsManager. This is also great for checking other SQL Databases to see which table is eating up all the space.
USE OperationsManager
DECLARE @TblNames Table
(
COUNTER INT IDENTITY(1,1),
tbl_name nvarchar(100) NULL,
row varchar(10),
reserved varchar(10),
data varchar(10),
index_size varchar(10),
unused varchar(10)
)
DECLARE @ROWCOUNT INT
DECLARE @I INT
DECLARE @str nvarchar(100)
SET @I = 1
INSERT INTO @TblNames(tbl_name) SELECT name FROM sys.Tables
SET @ROWCOUNT = @@ROWCOUNT
WHILE @I <= @ROWCOUNT
BEGIN
SELECT @str = tbl_name FROM @TblNames WHERE COUNTER = @I
INSERT INTO @TblNames EXEC sp_spaceused @str
SET @I = @I +1
END
-- Display results in Sorted order
SELECT tbl_name as TableNm, CAST(REPLACE(data, ' kb', '') as int) as TblSize,
CAST(REPLACE(index_size, ' kb', '') as int) as IdxSize
FROM @tblNames ORDER BY TblSize DESC
Step 3: Clean Up Localized Text
-Run the following SQL Query on OperationsManager. (This will take about 10 minutes per gig.)
-
- Create temp table to speed up looking for a PublisherId when we know the MessageId
BEGIN TRY
CREATE TABLE #PublisherMessageReverseIndex(MessageStringId UNIQUEIDENTIFIER,
MessageId INT)
CREATE CLUSTERED INDEX #PublisherMessageReverseIndex_CI ON #PublisherMessageReverseIndex(MessageStringId)
INSERT INTO #PublisherMessageReverseIndex (MessageStringId, MessageId)
SELECT MessageStringId, MessageId
FROM dbo.PublisherMessages
-- Create temp table of message lengths, message id, and Message Hash with the
-- Message String Id so that we can efficiently figure out whether a given message
-- is duplicated. The duplicate messages generated by the converted MP have
-- different PublisherId's, but everything else is identical. INDEX this TABLE so that
-- we can look up quickly by the MessageStringId and also by values we expect to see
-- duplicated.
CREATE TABLE #LTHashStrings (MessageStringId UNIQUEIDENTIFIER,
LTValueLen INT,
LTValueHash VARBINARY(32),
MessageId INT NULL)
CREATE CLUSTERED INDEX #LTHashStrings_CI ON #LTHashStrings(MessageStringId)
CREATE NONCLUSTERED INDEX #LTHashStrings_NCI1 ON #LTHashStrings(LTValueLen, MessageId, LTValueHash)
-- Create temp table for the Orphaned PublisherStrings that we find. These
-- are rows in PublisherMessages whose corresponding Events have already been groomed away.
-- They still have corresponding rows in LocalizedText. We won't add rows for PublisherMessages
-- which are not for a duplicated message.
CREATE TABLE #OrphanedPublisherStrings (PublisherId UNIQUEIDENTIFIER,
MessageStringId UNIQUEIDENTIFIER)
CREATE CLUSTERED INDEX #OrphanedPublisherStrings_CI ON #OrphanedPublisherStrings(MessageStringId)
-- Create temp table to use in looking up whether a PublisherMessages row still
-- has a corresponding Event. Event_01 etc. have no index on PublisherId, so we
-- don't want to do a query that keeps seeking into EventAllView.
-- If a PublisherId occurs multiple times in the Event tables we will only need it
-- once in our temp table, hence the unique clustered index with IGNORE_DUP_KEY.
-- This keeps the temp table relatively small and will be a time saver for
-- seeing which PublisherMessages are orphaned.
CREATE TABLE #EventAllPublishers (PublisherId UNIQUEIDENTIFIER)
CREATE UNIQUE CLUSTERED INDEX #EventAllPublishers_CI ON #EventAllPublishers (PublisherId)
WITH (IGNORE_DUP_KEY = ON)
-- Populate temp table by scanning EventAllView one time
INSERT INTO #EventAllPublishers(PublisherId)
SELECT PublisherId
FROM EventAllView
-- Populate first Temp table for figuring out which messages are duplicated
INSERT INTO #LTHashStrings (MessageStringId, LTValueLen, LTValueHash, MessageId)
SELECT LTStringId, len(LTValue), HashBytes('SHA1', LTValue), MessageId
FROM dbo.LocalizedText LT
JOIN #PublisherMessageReverseIndex PM ON PM.MessageStringId = LTStringId
-- Create second table for figuring out which messages are duplicated.
CREATE TABLE #LTCountByMessage( LTValueLen INT,
MessageId INT,
LTValueHash VARBINARY(32),
MsgCount INT)
CREATE CLUSTERED INDEX #LTCountByMessage_CI ON #LTCountByMessage(LTValueLen, MessageId, LTValueHash)
-- Populate second message for duplicate message detection by scanning INDEX of
-- the first one and doing a grouped count.
INSERT INTO #LTCountByMessage (LTValueLen, MessageId, LTValueHash, MsgCount)
SELECT LTValueLen, MessageId, LTValueHash, COUNT(1)
FROM #LTHashStrings
GROUP BY LTValueLen, MessageId, LTValueHash
-- Now that we are set up to detect both Orphans and duplicated messages by
-- joining to our relatively small (and properly indexed) temp tables,
-- figure out the OrphanedPublisherStrings that have duplicate messages
INSERT INTO #OrphanedPublisherStrings (PublisherId, MessageStringId)
SELECT PM.PublisherId, PM.MessageStringId
FROM dbo.PublisherMessages PM
JOIN #LTHashStrings LTS ON (LTS.MessageStringId = PM.MessageStringId AND LTS.MessageId = PM.MessageId)
JOIN #LTCountByMessage LTC ON (LTC.LTValueLen = LTS.LTValueLen AND
LTC.MessageId = LTS.MessageId AND LTC.LTValueHash = LTS.LTValueHash)
WHERE PM.PublisherId NOT IN (SELECT PublisherId FROM #EventAllPublishers) AND
LTC.MsgCount > 1
-- Deleting all of the OrphanedPublisherStrings and corresponding LocalizedText rows
-- at once may be too large for the transaction log to handle. Create a
-- numbered / ordered table so that we can delete them in relatively small batches
-- and not overtax the transaction log.
CREATE TABLE #NumberOrphanPublisherStrings(OrphanNum INT IDENTITY,
PublisherId UNIQUEIDENTIFIER,
MessageStringId UNIQUEIDENTIFIER)
CREATE CLUSTERED INDEX #NumberOrphanPublisherStrings_CI on #NumberOrphanPublisherStrings(OrphanNum)
-- Populate Numbered TABLE
INSERT INTO #NumberOrphanPublisherStrings (PublisherId, MessageStringId)
SELECT PublisherId, MessageStringId FROM #OrphanedPublisherStrings
END TRY
BEGIN CATCH
GOTO Error
END CATCH
-- Set up variables so that we can delete our orphaned rows
-- If transaction log fills up, try reducing the @OrphanIncrement value,
-- which controls the number of rows that we delete at a time
DECLARE @OrphanNum INT
DECLARE @OrphanIncrement INT
DECLARE @OrphanLimit INT
SET @OrphanNum = 0
SET @OrphanIncrement = 10000
SELECT @OrphanLimit = MAX(OrphanNum) FROM #NumberOrphanPublisherStrings
BEGIN TRY
WHILE @OrphanNum < @OrphanLimit
BEGIN
DELETE dbo.LocalizedText FROM
#NumberOrphanPublisherStrings OPS JOIN dbo.LocalizedText LT
ON LT.LTStringId = OPS.MessageStringId
WHERE OPS.OrphanNum >= @OrphanNum AND OPS.OrphanNum < @OrphanNum + @OrphanIncrement
DELETE dbo.PublisherMessages FROM
#NumberOrphanPublisherStrings OPS JOIN dbo.PublisherMessages PM
ON PM.PublisherId = OPS.PublisherId
WHERE OPS.OrphanNum >= @OrphanNum AND OPS.OrphanNum < @OrphanNum + @OrphanIncrement
SET @OrphanNum = @OrphanNum + @OrphanIncrement
END
END TRY
BEGIN CATCH
GOTO Error
END CATCH
Error:
IF @@ERROR <> 0
SELECT
ERROR_NUMBER() AS ErrorNumber,
ERROR_MESSAGE() AS ErrorMessage;
-- Try to drop all of the Temp tables
BEGIN TRY
IF EXISTS (SELECT 1 FROM tempdb.INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '#PublisherMessage%')
DROP TABLE #PublisherMessageReverseIndex
IF EXISTS (SELECT 1 FROM tempdb.INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '#OrphanedPublisherStrings%')
DROP TABLE #OrphanedPublisherStrings
IF EXISTS (SELECT 1 FROM tempdb.INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '#LTHashStrings%')
DROP TABLE #LTHashStrings
IF EXISTS (SELECT 1 FROM tempdb.INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '#EventAllPublishers%')
DROP TABLE #EventAllPublishers
IF EXISTS (SELECT 1 FROM tempdb.INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '#LTCountByMessage%')
DROP TABLE #LTCountByMessage
IF EXISTS (SELECT 1 FROM tempdb.INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '#NumberOrphanPublisherStrings%')
DROP TABLE #NumberOrphanPublisherStrings
END TRY
BEGIN CATCH
SELECT
ERROR_NUMBER() AS ErrorNumber,
ERROR_MESSAGE() AS ErrorMessage;
END CATCH
Step 4: Reindex Database and finish
-Run the following SQL Query on the OperationsManager.
USE OperationsManager
go
SET ANSI_NULLS ON
SET ANSI_PADDING ON
SET ANSI_WARNINGS ON
SET ARITHABORT ON
SET CONCAT_NULL_YIELDS_NULL ON
SET QUOTED_IDENTIFIER ON
SET NUMERIC_ROUNDABORT OFF
EXEC SP_MSForEachTable "Print 'Reindexing '+'?' DBCC DBREINDEX ('?')"
Windows Server Backup (BackupExec, NTbackup, Acronis True Image, etc…)
I will walk through the various backup solutions out there for businesses. Most of the big names in the backup world are very good at backups, however they must be used properly. If using Windows Server 2003, I'd recommend Acronis True Image for any file systems and NTbackup for the exchange backup or other servers. If using Windows Server 2008, I'd recommend Acronis True Image for any servers, and Acronis® Recovery™ for Microsoft Exchange.
In the times I've had to reference backups, tape drives are generally neglected and fail when the tapes aren't properly cycled out. Many business keep using tapes past a year old and end up not having an up-to-date backup or any old backups. Also, I've seen tapes wear out over long periods of time in storage. I'd highly recommend a SAN or NAS Solution for Local backups. If its in your budget and you have the bandwidth, cloud is obviously the best solution.
You MUST purchase a Exchange Ready backup solution for Microsoft Exchange 2007 SP1 or earlier
Failure to do so will result in an excess of log files that will fill all free space on your server and crash it.
-
Acronis True Image
- Block by block image backup
- Easily browse old backups to grab a couple files, or restore then entire server to that state
- Do not use for Exchange Backup! (It will backup the database, but it will not clear and condense the log files generated by exchange. If left for a long period of time your logs will fill up all free space on your server and crash it.)
- Personal Favorite for any File Server
- Wonderful Tape backup solution (Supports various backup rotations)
- Does a proper Exchange backup with add-in purchase
- Personally, I've always thought the interface is bulky and difficult to use. Also, with all the add-ins you need to purchase this is one of the most expensive solutions on the market.
- Not Recommended unless you are using tapes.
- Built into Windows Server 2003
- Great for Exchange 2003 or earlier
- Restoration process is time consuming and not recommended for File Servers
- Built into Windows Server 2008
- Backup system automatically adjusts and is space efficient when saving to external drives, SAN, and NAS solutions
- Does NOT support tape devices
- Restoration process is time consuming and not recommend for File Servers
- Has NO Exchange Support unless you upgrade past SP2 on the OS and SP2 on Exchange Server 2007.
Symantec BackupExec
NTBackup
Windows Server Backup
W32TM Windows Time for Server 2003/2008
Setting up the windows time service can be a bit challenging at times, but I run these steps on my servers and it works every time. (Fixes clocks being off on servers and time discrepancy's between server and clients)
First, Lets take care of the server setup(Open regedit on time server, Verify registry settings):
1. Change Windows to use the NTP protocol for time synchronization: Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Value: Type
Data: NTP
------------
2. Configure the AnnounceFlags value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
Value: AnnounceFlags
Data: 5
------------
3. Enable the NTP server value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Value: Enabled
Data: 1
------------
4. Specify the NTP server to use:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Value: NtpServer
Data: us.pool.ntp.org,0x1
------------
5. Select the NTP polling interval:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Value: SpecialPollInterval
Data: 900
------------
6. Configure the time correction settings:
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
Value: MaxPosPhaseCorrection
Radix: Decimal
Data: 3600
------------
Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
Value: MaxNegPhaseCorrection
Radix: Decimal
Data: 3600
Once the registry settings have been verified restart w32time service (net stop w32time / net start w32time) followed by running the following command: w32tm /resync
Most people over-think how to correct the time on the workstation setups. Its very simple, do NOT use a GPO! Simply add the following line to your start-up script
- net time \\yourtimeserver /set /yes
Have your users logout and back in and they will be synced with the server.