Windows Tips & Tricks UPDATE--November 7, 2005

Windows Tips &amp Tricks UPDATE, November 7, —brought to you by the Windows IT Pro Network and the Windows 2000 FAQ site
http://www.windows2000faq.com

Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Tips & Tricks UPDATE.

Download a Tool that will Benefit any Sys Admin
http://www.tntsoftware.com/wintip110705

Eliminating Overlooked System Vulnerabilities
http://www.windowsitpro.com/whitepapers/symantec/eliminatingsysvul/index.cfm?code=ttmid1107


Sponsor: TNT

Download a Tool that will Benefit any Sys Admin Are you searching for an affordable real-time monitoring toolset that will support your proactive system management objectives? Start NOW and download ELM Enterprise Manager from TNT Software. Within an hour, you will experience for yourself why ELM is recognized as the tool that will benefit any System Administrator. Before the 30 Day full feature trial is completed, the Monitoring, Alerting and Reporting will have saved you time and provided you the data for prompt corrective action. Be Proactive; and download ELM Enterprise Manager from the link below:
http://www.tntsoftware.com/wintip110705


FAQs

  • Q. How can I check the password of the IUSR and IWAM local accounts on a machine?
  • Q. How can I grant a user access to someone else's mailbox in Microsoft Outlook?
  • Q. How can I use the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in to grant a user access to someone else's mailbox?
  • Q. How can I enable logging of user access to another user's mailbox?
  • Q. What's new in Microsoft Exchange Server 2003 Service Pack 2 (SP2)?

Sponsor: Symantec

Eliminating Overlooked System Vulnerabilities Do your firewalls, intrusion detection systems, virus protection, and vulnerability scans still leave you vulnerable to attack and downtime? How long does it take to deploy patches? How fast can you rollback to a stable state to correct network service interruption from an update? To completely secure your IT infrastructure you also need to be able to manage it well. In this free white paper learn why systems and storage management must play a critical role in your security efforts. You'll learn how patch management and disaster recovery solutions can provide you a better, smarter, and more efficient way to combat attacks, eliminate vulnerabilities and more.
http://www.windowsitpro.com/whitepapers/symantec/eliminatingsysvul/index.cfm?code=ttmid1107


FAQs

by John Savill, FAQ Editor, [email protected]

Q. How can I check the password of the IUSR and IWAM local accounts on a machine?

A. Usually the IUSR_<machine name> and IWAM_<machine name> passwords are set automatically and are never known. However, I've seen cases in which for some reason the passwords get out of sync or corrupted and need to be reset. The easiest way to reset these passwords is to extract the passwords that Microsoft IIS has in its metabase and update the accounts in Local Users and Groups to use that password.

You first need to update the adsutil.vbs script, which you'll find in the AdminScripts folder under the Inetpub folder, to display sensitive information (e.g., passwords) instead of just asterisks. Open the adsutil.vbs file in Notepad and search for the text "IsSecureProperty = True", replace this text with "IsSecureProperty = False" and save the file. Now run the following commands to return the passwords (/anonymoususerpass is the IUSR account; /wamuserpass is the IWAM_ account).

C:\Inetpub\AdminScripts>cscript adsutil.vbs get w3svc/anonymoususerpass

anonymoususerpass : (STRING) "/XEv`J01T"!69I"

C:\Inetpub\AdminScripts>cscript adsutil.vbs get w3svc/wamuserpass

wamuserpass : (STRING) "ikI37Q"W5\[,uu%"
If you want to reset the passwords to match the passwords you had already set in Local Users and Groups, use the following command:
C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/anonymoususerpass "Pa55word"

anonymoususerpass : (STRING) "Pa55word"

C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/wamuserpass "Pa55word"

wamuserpass : (STRING) "Pa55word"

You should now run the command below to sync the password from IIS with Microsoft Transaction Server (MTS) and component services:

C:\Inetpub\AdminScripts>cscript.exe synciwam.vbs -v

IIS Applications Defined:
Name, AppIsolated, Package ID

You should now restart IIS via the "All Tasks" context menu option of the IIS server in the MMC Internet Information Services (IIS) Manager snap-in.

Q. How can I grant a user access to someone else's mailbox in Microsoft Outlook?

A. You can grant a user access to another user's mailbox by performing the following steps:

  1. Log on to Outlook as the user who owns the mailbox and select Options from the Tools menu.
  2. Select the Delegates tab.
  3. Click Add.
  4. You'll see a list of users who can be given access to the mailbox. Select the user or users to whom you want to delegate access and click Add, as the figure shows. Click OK.
  5. Now select the rights that this delegated user has. By default, users are given only Calendar and Tasks access, but you can give access to other areas (e.g, Inbox, Contacts) at different levels (e.g., Reviewer, Author, Editor) as the figure shows. Notice you can also select the option to send the delegate an email message confirming the access level and the option that sets whether the delegate can see items marked private. Click OK.
  6. Click OK to the main Options dialog box.

Q. How can I use the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in to grant a user access to someone else's mailbox?

A. In the FAQ " How can I grant a user access to someone else's mailbox in Microsoft Outlook?" I explain how to use Outlook to delegate access to another user's mailbox. You can also use Active Directory Users and Computers to perform this delegation. To do so, perform these steps:

  1. Start the Exchange Server version of the Active Directory Users and Computers snap-in.
  2. Right-click the user who owns the mailbox to which you want to grant access by another user and select Properties from the displayed context menu.
  3. Select the "Exchange Advanced" tab.
  4. Click Mailbox Rights.
  5. Click Add and select the user to whom you want to give access. Click OK.
  6. Select the new user and clear the "Delete mailbox storage" check box. Select either "Read permissions" or "Full mailbox access" as the figure shows. Click OK.
  7. Click OK to the user object's Properties dialog box.

The big difference between this method for granting mailbox access and the method that uses Outlook is that with this method, the user has no idea that someone else has access to their mailbox. However, this method could have legal ramifications. Privacy laws are very strict.

Q. How can I enable logging of user access to another user's mailbox?

A. If you've delegated permissions so that a user can open another user's mailbox and you want to audit this type of activity, you need to enable at least a minimum level of diagnostic logging. To do so, perform these steps:

  1. Start the Microsoft Management Console (MMC) Exchange System Management snap-in.
  2. Expand your administrative group until your Exchange server is displayed in the navigation tree (Administrative Groups - Servers).
  3. Right-click the Exchange server and select Properties.
  4. Select the "Diagnostics Logging" tab.
  5. Under Services select MSExchangeIS - Mailbox.
  6. In the Categories section select Logons and set logging level to Minimum, as the figure shows. Click OK.
  7. Click OK.
  8. Restart the Information Store service for the change to take effect. (This will cause a mail outage, so schedule this restart appropriately.)

Now when a user accesses another user's mailbox, an event ID 1016 is written to the Application event log that shows who accessed which mailbox, as the figure shows. In the FAQ " How can I trigger an action to be performed when certain Windows events occur?" (http://www.windowsitpro.com/Article/ArticleID/46008/46008.html ), I explained how to use Eventtriggers to trigger actions based on certain event logs. You could therefore use a trigger to activate an action based on event ID 1016 in the Application event log. For example, to start a script called mailboxaccess.vbs use this command:

C:\>eventtriggers /create /tr "Non-Owner Mailbox Access" /eid 1016 /l application /tk c:\scripts\mailboxaccess.vbs

The mailboxaccess.vbs script can contain any actions that you desire (e.g., send an email, page someone).

Q. What's new in Microsoft Exchange Server 2003 Service Pack 2 (SP2?)

A. Exchange 2003 SP2 is available from http://www.microsoft.com/technet/prodtechnol/exchange/downloads/2003/sp2/download.mspx and offers the following new features:

  • Improvements to mobile clients. New Email, Calendar, Contact and Task notifications are directly pushed via an HTTP connection to devices with improved data compression. New policies exist that, if a mobile device is lost or misplaced, a local wipe will be performed after a defined number of incorrect logon attempts, thus preventing unauthorized users from getting access to private information. You can also initiate a remote wipe when needed, rendering the device "as new" with no data. A video is available at http://www.microsoft.com/windowsmobile/_assets/video/teched/final-mobilityv7-2mbps.wvx that shows some of the new mobile functionality.
  • Improved spam protection. SP2 includes an updated Intelligent Message Filter (IMF), as well as support for the new Sender ID email authentication protocol.
  • New maximum mailbox store size (up to 75GB)
  • New offline address book format
  • The ability to force remote clients to use cache mode
  • More granular Public Folder replication and permissions management, which includes not allowing a replica of a public folder to be deleted while there is unreplicated data
  • Support for Novell GroupWise 6.x connectors and migration tools

Events and Resources
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )

  • Get Ready for the SQL Server 2005 Roadshow in Europe - Get the facts about migrating to SQL Server 2005!

  • SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database-computing environment. Receive a one-year membership to PASS and one-year subscription to SQL Server Magazine. Register now.
    http://www.windowsitpro.com/roadshows/sqlservereurope/index.cfm?code=1109emailannc

  • What Does It Mean to Be Compliant?

  • We've all heard about legal and regulatory requirements, but there are other types of compliance that might also affect you--specifically email compliance. In this free Web seminar, you'll get insights into compliance and policy issues that you need to know about, suggestions on what to look for when implementing your compliance strategy, and more. Register today!
    http://www.windowsitpro.com/go/seminars/compliance/?partnerref=1116emailannc

  • Are You Really Prepared for Disaster Recovery?

  • Join industry guru Liam Colvin in this free Web seminar and get the tips you need to validate your disaster recovery data. You'll learn if your backup and restore data is worth staking your career on, what type of geo-clustering is right for you, which response to use in crisis situations, and more!
    http://www.windowsitpro.com/go/seminars/disasterrecovery/?partnerref=1109emailannc

    Featured White Paper
    (from Windows IT Pro and its partners)

  • Stopping Crimeware and Malware: How to Close the Vulnerability Window

  • Computer users can no longer wait for a new vaccine every time a new security threat appears. How do you defend your network in a world of smarter, faster, Internet-borne zero-day attacks? Find out about an Intrusion Prevention System that can detect and destroy malware with virtually zero false positives.
    http://www.windowsitpro.com/go/whitepapers/panda/stopcrimeware?code=1109emailannc

    Announcements
    (from Windows IT Pro and its partners)

  • Windows IT Pro Monthly Online Pass = Quick Answers

  • Sign up for a Monthly Online Pass and get inside access to ALL the articles, tools, and helpful resources published in Windows IT Pro, including exclusive subscriber-only content. You'll have 24/7 access to a database of more than 9,000 Windows articles that will give you all the answers you need, when you need them. BONUS--Includes the latest digital issue of Windows IT Pro. Sign up now for just US$5.95 per month:
    https://store.pentontech.com/index.cfm?s=1&promocode=eu205buw

  • Save up to $30 off SQL Server Magazine

  • You won't want to miss any of SQL Server Magazine's upcoming fall issues! Subscribe now and discover the best tools to keep SQL Server tuned, the ins and outs of SQL Server 2005, ways ADO.NET 2.0 solves your problems, and much more! You'll also gain exclusive access to the entire SQL Server Magazine online article database more than 2,300 articles), and you'll save up to $30 off the full cover price! Click here:
    https://store.pentontech.com/index.cfm?s=9&promocode=eu215bum

    Contact Us
    Here's how to reach us with your comments and questions:

    This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.
    https://store.pentontech.com/index.cfm?s=1&promocode=eu205xxb

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish