Category Archives: Windows Server 2003

Solutions for Windows Server 2003

Disable Outlook Anywhere in Group Policy Object (GPO)

By default the standard outlk12.adm templates do not come with a configuration of Outlook Anywhere. You can configure the “Configure Outlook Anywhere user interface options” options to disable or grey out the settings. However, this DOES NOT disable Outlook anywhere, just user interaction with it.

You will need to download a new administrative template that Microsoft released in this hotfix. If you don’t like reading Microsoft’s wonderful support site instructions or Microsoft changes their support site after this blog post, here is the file and instructions paraphrased.

1. Download Add-On Outlook Anywhere Administrative Template here…article-961112 (unzip to reveal article-961112.adm file).
2. In the Group Policy Object Editor add the Article-961112.adm file:
Right-click Administrative Templates and click Add/Remove Templates.
In the Add/Remove Templates dialog box click Add.
In the Policy Templates dialog box locate and select the Article-961112.adm file. Click Open.
Click Close in the Add/Remove Templates dialog box.
3. Under User Configuration in Administrative Templates expand the policy node labeled Article 961112 Policy Settings. (Note: You may see this under Classic Administrative Templates in a sub-menu)
4. Select the Outlook Anywhere (RPC/HTTP) node to list the following policies under the Setting column in the right-pane:

RPC/HTTP Connection Flags -> Set to Enabled -> No Flags
Proxy Server Name -> Do not change
Only Connect if Proxy Server certificate has this principle name -> Do not change
Proxy authentication Setting -> Do not change

5. Double-click each policy to configure the appropriate RPC/HTTP setting for your Outlook clients.

Target Specific People or Computers with Item-Level Targeting in GPOs

Using Group Policy Objects can be a huge time saver, but if used improperly can be a big headache. Once you’ve messed around with GPO settings enough, you quickly figure out that you need to create new GPOs for specific programs, events, etc… that are not all in one GPO. This gives you a lot more flexibility and makes it very easy to track down troublesome GPO related issues when done properly. Now lets say you create a Power Savings GPO that you want to apply only to computers that meet certain conditions. WMI, Security, and Site Filtering are all too broad for this task, and you want to use Item-Level Targeting. After you create your Group Policy Object you will need to add this setting to the GPO.

In Group Policy Management Settings
-User Configuration -> Preferences -> Control Panel -> Regional Options
-Right-Click and Select New
-Navigate to Common Tab
-Check Item-Level Targeting and Press Targeting…

From here you will be able to select tons of critaria that you want to meet for your GPO. This can be system requirements to install a program, or only select certain Operating Systems. You can also add is not tags that will rule out any computer that meet that criteria. The options are limitless and its very easy to incorporate in your GPO. Personally, I never use the often complicated and time consuming WMI Filters anymore.

Disable RSS Feed in Outlook 2007 using GPO (Group Policy Object)

First install the 2007 Office system Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool version 2.0 if you haven’t already done so.

In Group Policy Editor navigate to User Configuration -> Polices -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools | Account Settings -> RSS Feeds

-Default RSS Feeds -> Set to Disabled
-Synchronize Outlook RSS Feeds with Common Feed List -> Set to Disabled
-Turn off RSS Feature -> Enabled

After all these are set you can reboot the workstations or force a GPO update by using gpupdate /force

By disabling RSS feeds you are cleaning up space on your Exchange store and speeding up your users outlook. I recommend doing this in any business.

Windows Server Backup (BackupExec, NTbackup, Acronis True Image, etc…)

I will walk through the various backup solutions out there for businesses. Most of the big names in the backup world are very good at backups, however they must be used properly. If using Windows Server 2003, I’d recommend Acronis True Image for any file systems and NTbackup for the exchange backup or other servers. If using Windows Server 2008, I’d recommend Acronis True Image for any servers, and Acronis® Recovery™ for Microsoft Exchange.

In the times I’ve had to reference backups, tape drives are generally neglected and fail when the tapes aren’t properly cycled out. Many business keep using tapes past a year old and end up not having an up-to-date backup or any old backups. Also, I’ve seen tapes wear out over long periods of time in storage. I’d highly recommend a SAN or NAS Solution for Local backups. If its in your budget and you have the bandwidth, cloud is obviously the best solution.

You MUST purchase a Exchange Ready backup solution for Microsoft Exchange 2007 SP1 or earlier

Failure to do so will result in an excess of log files that will fill all free space on your server and crash it.

    Acronis True Image

    1. Block by block image backup
    2. Easily browse old backups to grab a couple files, or restore then entire server to that state
    3. Do not use for Exchange Backup! (It will backup the database, but it will not clear and condense the log files generated by exchange. If left for a long period of time your logs will fill up all free space on your server and crash it.)
    4. Personal Favorite for any File Server

    Symantec BackupExec

    1. Wonderful Tape backup solution (Supports various backup rotations)
    2. Does a proper Exchange backup with add-in purchase
    3. Personally, I’ve always thought the interface is bulky and difficult to use. Also, with all the add-ins you need to purchase this is one of the most expensive solutions on the market.
    4. Not Recommended unless you are using tapes.

    NTBackup

    1. Built into Windows Server 2003
    2. Great for Exchange 2003 or earlier
    3. Restoration process is time consuming and not recommended for File Servers

    Windows Server Backup

    1. Built into Windows Server 2008
    2. Backup system automatically adjusts and is space efficient when saving to external drives, SAN, and NAS solutions
    3. Does NOT support tape devices
    4. Restoration process is time consuming and not recommend for File Servers
    5. Has NO Exchange Support unless you upgrade past SP2 on the OS and SP2 on Exchange Server 2007.

W32TM Windows Time for Server 2003/2008

Setting up the windows time service can be a bit challenging at times, but I run these steps on my servers and it works every time. (Fixes clocks being off on servers and time discrepancy’s between server and clients)

First, Lets take care of the server setup(Open regedit on time server, Verify registry settings):

1. Change Windows to use the NTP protocol for time synchronization: Key: HKLMSYSTEMCurrentControlSetServicesW32TimeParameters
Value: Type
Data: NTP
————
2. Configure the AnnounceFlags value:
Key: HKLMSYSTEMCurrentControlSetServicesW32TimeConfig
Value: AnnounceFlags
Data: 5
————
3. Enable the NTP server value:
Key: HKLMSYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpClient
Value: Enabled
Data: 1
————
4. Specify the NTP server to use:
Key: HKLMSYSTEMCurrentControlSetServicesW32TimeParameters
Value: NtpServer
Data: us.pool.ntp.org,0x1
————
5. Select the NTP polling interval:
Key: HKLMSYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpClient
Value: SpecialPollInterval
Data: 900
————
6. Configure the time correction settings:
Key: HKLMSYSTEMCurrentControlSetServicesW32TimeConfig
Value: MaxPosPhaseCorrection
Radix: Decimal
Data: 3600
————
Key: HKLMSYSTEMCurrentControlSetServicesW32TimeConfig
Value: MaxNegPhaseCorrection
Radix: Decimal
Data: 3600

Once the registry settings have been verified restart w32time service (net stop w32time / net start w32time) followed by running the following command: w32tm /resync

Most people over-think how to correct the time on the workstation setups. Its very simple, do NOT use a GPO! Simply add the following line to your start-up script

  • net time \yourtimeserver /set /yes

Have your users logout and back in and they will be synced with the server.