This step-by-step guide explains how to install the SSL-certificate, create a web listener, a web farm, and an Exchange publishing rule to secure Exchange 2010 with Forefront TMG.

In my last post I introduced Forefront TMG’s functionality to secure Exchange 2010. Today, I will show you how to configure Exchange and Forefront to work together.

Install the SSL-Certificate

1. Open the „Exchange Management Console“ and export under „Server Configuration – > Exchange Certificate“ the Exchange certificate by right clicking „Export Exchange certificate“.
2. Name the certificate, enter a password and save it as a *.pfx file.
3. Copy the file to your Forefront TMG server.
4. Open a „Microsoft Management Console“ on the Forefront TMG Server by typing “mmc” in the Command Shell.
5. Add the Certificate Snap-in by „File -> Add/Remove Snap-In“ and choose the “local Computer” in the „Computer account“ dialog.
6. Open the certificate-tree (Local Computer) and select „Personal“.
7. Right click on the „Personal“-folder and select „All Tasks -> Import…“
8. Import the *.pfx file. You have to choose *.pfx as the file-type instead of the default *.cer. In the next dialogs keep the default settings.

(more…)

In this article, you will learn how to use the advanced features of Forefront TMG to improve security of Exchange 2010.

An essential part of an Exchange 2010 deployment is the availability of e-mail everywhere at any time. For your users, this feature eases work; for you as an administrator, it means more work, because you have to secure the Exchange Server against attacks from outside your corporate network.

I often see that Exchange 2010 is published directly to the internet by allowing access to the various ports from the internet. However, this approach undermines most of the security features of Forefront TMG. Forefront supports Preauthentication, which means the users do not authenticate with the Exchange Server but with Forefront. Forefront then passes the privileges to the Exchange Server.

(more…)

The range of wireless adapters is limited. And even if you are in range of your access point, the speed of your connection might drop a lot. The location of your wireless access point plays a big part in the connection quality. If you want to optimize the wireless coverage in your office, you need to find the best location. Finding the best place for the wireless access point is a hard job, though, because the only way to discover it is by trial and error.

EkahauHeatMapper is a tool which supports you in finding the best place for your access point. It creates a wireless coverage maps for every wireless network available at your office. With this wireless coverage maps, it is easy to figure out where to place the access point for optimal coverage.

To create wireless coverage maps, you have to download the software and install it on a laptop with a wireless card. After starting the application, you are asked if you have an image of the floor plan of your office. This is recommended because without one you need a very good sense of orientation – I’ll explain later why. If you have chosen one of the options, you will see a list of available access points on the left side, the floor plan in the middle, and on the right side you can find a help text.

(more…)

Rate this tool: (1 votes, average: 4.00 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

Time Freeze is free software testing tool that combines the sandbox and virtual machine approach of software testing.

Software testing is an important part of an administrator’s daily routine. There are various tools and different approaches for making this task easier and more efficient. Some use virtual machines as test environments, and others prefer sandboxes for software testing. Time Freeze Free is kind of a hybrid. It combines aspects of both approaches, which makes it a perfect software testing tool.

Time Freeze expands the sandbox approach. Rather than launch the software you are testing in a sandbox, the tool turns your whole Windows installation into a sandbox. Every change that is made to your Windows installation is logged. As soon as you turn Time Freeze off, you have exactly the same system as before you started testing the software. So it works more like the snapshot feature of virtual environments such as Hyper-V. The difference is that you can only have one snapshot, but on the other hand you have better performance than in virtualized environments.

(more…)

Rate this tool: (1 votes, average: 4.00 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

This article explains how to deploy the Exchange 2010 Mailbox Server Role

The Mailbox Server Role is the last role you need to install to have a working Exchange 2010 environment. The two Server Roles that I haven’t talked about yet—namely, the Edge Server Role and the Unified Messaging Server Role—are specialized roles that either improve security or centralize communication in one inbox. Exchange 2010 will run well without them, so I won’t cover these topics in my Exchange 2010 deployment series.

The deployment of the Mailbox Server Role is straightforward. The Mailbox Server Role is quite resource intensive, so unless you have a very small amount of users and data you should deploy it on its own server. The mailbox server is also the place where all your data resides, so it needs plenty of hard disk space. A video is available at TechNet that supports you in deciding how to size the mailbox server. There is also a tool to calculate Exchange 2010 Mailbox Server Role Requirements.

(more…)

1-4a Rename is the feature king of the batch renamer tools.

Many batch renamer tools exist. Michael recently reviewed ReNamer which offers enough features for most users. However, the feature king of the batch renamer tools certainly is 1-4a Rename. If you visit the tool’s homepage, you will see that this tool is quite old and hasn’t been developed further in recent years. Nonetheless, it runs perfectly under every newer OS including the 64-bit versions.

What does this batch renamer offer you that others do not? When you launch the tool for the first time, nothing spectacular awaits you:

(more…)

Rate this tool: (1 votes, average: 4.00 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

By now you should have a working Exchange 2010 Client Access server. However, an Exchange 2010 environment needs at least two more server roles installed: the Hub Transport Server Role and the Mailbox Server Role. It doesn’t matter if you are going to deploy these roles on the same server as the Client Access Server Role or if you choose a different server; the procedure is nearly the same. Because installing the three roles on the same server might lead to performance issues, however, Microsoft recommends to not combine the Mailbox Server Role with any other role on the same server. In small environments, performance shouldn’t drop when you run all of them on the same server, even if the server is virtualized.

Let’s start with the Hub Transport Server Role. The installation process will differ slightly if you install this role together with the Client Access Server Role or on a standalone system. If you do the latter, you should install the prerequisites before you launch the setup wizard. The fastest way to achieve this is by typing these PowerShell commands:

(more…)

There was a big hype when Apple introduced their Time Machine in v10.5 of OS X. Basically, Time Machine makes it possible to travel back in time – not with your body, that is, but with your computer’s data. Time Machine creates a system restore point at specified times. With Time Machine’s GUI, you can go back in time and restore your system to the exact state it was in when Time Machine performed a backup.

Comodo recognized the shortcomings of an easy-to-use system restore utility in the Windows world and released a system restore tool with a nice user interface. Named after the Apple pendant Time Machine, Comodo’s Time Machine tool is simple to use. The only configuration task you have to do during installation is specify the hard drives for which you want to enable Time Machine.

(more…)

Rate this tool: (2 votes, average: 4.00 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

In my yesterday’s post in the migration to Exchange 2010 series, I wrote about deploying a Client Access server. By following my guide, you set the external namespace for the Exchange 2010 environment. For your users’ convenience, you might have chosen the same namespace you used for your legacy server. But assigning the same namespace for two different services usually causes a lot of trouble, so you might ask yourself how both Exchange versions can coexist under the same namespace.

Coexistence under the same namespace is not possible. When you provided the same namespace during the Client Access Server Role installation that you are using for your legacy Exchange installation, the setup routine automatically changes the namespace for the legacy server. If your users try to access Exchange using the URL they are used to, they connect to Exchange 2010. But that is what you want your users to do because Exchange 2010 Client Access can interoperate with legacy Client Access servers. If the Exchange 2010 Client Access server gets an access request it can’t handle, it simply redirects the query to the legacy server.

(more…)

After you prepare the active directory and determine the hardware resources, you can start deploying Exchange 2010. The first role you have to deploy is the Client Access role. Before you can run the Exchange server’s setup routine, you must install the following software: .NET Framework 3.5 SP1, PowerShell 2.0, WinRM 2.0, and IIS 7.0.

You also have to install a few server roles and features. You can do this via the Server Manager interface, or you can use this PowerShell command:

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,
        Web-Windows-Auth,Web-Metabase,Web-Net-Ext,
        Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,
        Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,
        NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

(more…)

PortQry is not just another port scanner but it is a helpful network troubleshooting tool. Its port scanning results are more accurate than those of many other port scanners. The main advantage over other port scanners is that PortQry uses correctly formatted messages when checking UDP ports. If a port scanner uses unformatted messages, it may return incorrect information about the port because most services do not respond if they receive an incorrectly formatted message. Some port scanners also report that an UDP port is not listening when in reality it is being filtered by a firewall.

(more…)

Rate this tool: (No Ratings Yet)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

In my last post about Exchange migration, I wrote about the preparation of the Active Directory. Before I give a rough guide through the migration process I want to talk about the possibilities of virtualizing Exchange Server 2010. There are two reasons why I think it is necessary to bring this point up: First, there are still quite a few administrators that have a deep aversion to virtualization. Second, although virtualization is widely used today, there are a few things you have to consider before you should deploy Exchange 2010 on a virtualized machine. Exchange 2010 is ready for virtualization, so you can install every role on virtualized guests. Only the Unified Messaging Server Role needs to be installed directly on the hardware.

For those who are still skeptical about running a business-critical application like Exchange in a virtualized environment, I just have to say that it works; indeed, it works very well. Besides that, there is no difference between running Exchange Server 2010 on a hardware machine or a virtualized machine, as long as you follow some guidelines. It even has some advantages: If you want use the DAG feature of Exchange 2010 you need two Server and two Windows Server 2008 R2 Enterprise licenses. If you only have a midsized company, the chances are big that the resources of the two Servers are not close to being utilized properly. The Windows Enterprise license allows you to run up to four software instances at a time in a virtualized environment under one license. So you could have up to eight virtualized machines running Windows Server 2008 R2 Enterprise with the two licenses you need for a DAG. Isn’t that alone reason enough to virtualize Exchange 2010?

(more…)

This article describes how you can turn Windows Server 2008 R2 into a workstation. You may wonder now, why anyone would prefer Windows Server 2008 R2 instead of Windows 7 on their workstation. Although Microsoft doesn’t recommend using Windows Server 2008 R2 as a workstation OS, there are many good reasons to do so:

For me, the biggest advantage is that I can run HyperV on it. There are many virtualization products that run under Windows 7, but none of them runs as smoothly and as seamlessly as HyperV does. With almost any of those products, I ran into stability, performance, or manageability issues.

Besides that, I see configurations where people run Windows 7 and a virtualized Windows Server 2008 R2 on their workstation. Very often, this Server has only a single limited task; e.g., delivering AD services, run SharePoint, etc. If they would use Windows Server 2008 R2 instead of Windows 7, there would be no need to have a virtualization environment at all. The spare resources could be used elsewhere.

(more…)

BitLocker to Go is a new feature in Windows 7 that encrypts data on USB sticks or flash cards. So whenever you lose an USB stick with sensitive data on it, you can be sure that nobody can read the data. However, one downside of BitLocker to Go is that there is no version for other operating systems, like Windows XP. This somehow contradicts the function of BitLocker to Go, because many people use USB sticks to transfer data between different computers. However, those computers may run on different operating systems, e.g. Windows XP, and because of the limitation of BitLocker to Go in Windows 7, you are not able to transfer the data to these PCs.

(more…)

Rate this tool: (3 votes, average: 2.00 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

Microsoft currently offers a beta version of the Microsoft Fix it Center. This application has one purpose: It should automatically fix some computer problems and support the user in finding a solution for those problems it can’t solve. As every administrator knows, fixing hardware or software problems can take up a lot of time. So having a tool that automatically fixes various problems would be any administrator’s heaven. But is the Microsoft Fix it Center really a ticket to heaven?

First you have to download it here. During setup, the tool checks your software and hardware configuration. Depending on this configuration it offers to install different so-called troubleshooters. After you choose which of these troubleshooters to install, you are asked if you want to create an online account. (The benefit of having an online account is that you have access to Fix it Center Online.) Here is a picture of the Troubleshooters that were selected for my system:

(more…)