Windows Tips & Tricks UPDATE, June 14, 2004, —brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
Important: To help ensure uninterrupted delivery of this free newsletter to your inbox, Windows & .NET Magazine would like to remind you to take a minute to visit our email subscription center at http://www.winnetmag.com/email where you can confirm or update your email address in our system. We would also like to recommend that you add XPa[email protected] to your list of allowed senders and contacts so that your copy of Windows Tips & Tricks UPDATE doesn't get mistakenly blocked by antispam software. We value your readership and want to ensure that we can continue to reach you. Thanks for reading!
This Issue Sponsored By
Sponsor: Argent Software
Free Download: Monitor Your Entire Infrastructure with ONE Solution
The Argent Guardian monitors servers, applications, any and all SNMP-compliant devices as well as the overall health of the entire network at a fraction of the cost of "framework" solutions. Network Testing Labs states that "The Argent Guardian will cost far less than MOM and yet provide significantly more functionality." Using a patented Agent-Optional architecture, the Argent Guardian is easily installed and monitoring your infrastructure in a matter of hours. Download a fully-functioning copy of the Argent Guardian at:
- Q. How can I create a file that contains a list of all objects in a domain?
- Q. How can I configure Microsoft Exchange Server 2003 administrators so that they can access all users' mailboxes?
- Q. How can I delete all occurrences of a message from a Microsoft Exchange Server 2003 mail database?
- Q. How can I enable the Security tab at the Exchange organization level?
- Q. I used Group Policy to disable the Windows XP registry-editing tools, but now the silent-mode switch no longer works on my XP system. Does a fix exist for this problem?
by John Savill, FAQ Editor, [email protected]
This week, I tell you how to create a file that contains a list of all objects in a domain, how to delete all occurrences of a message from a Microsoft Exchange Server 2003 mail database, and how to grant administrators access to all users' mailboxes in Exchange 2003. I also explain how to enable the Security tab at the Exchange organization level and why you can't use the /s switch to run .reg files when Windows XP's registry-editing tools are disabled.
Is your helpdesk spending too much time on simple password reset requests? Learn how to cut costs, reduce call backlogs, and implement employee self-service for password resets. Read OpenNetwork's free whitepaper, Understanding the Identity Management Roadmap, at
Q. How can I create a file that contains a list of all objects in a domain?
A. You can use the Csvde utility, which is included in Windows Server 2003 and Windows 2000 Server, to create a comma-separated value (CSV) file that lists all objects in a domain. For example, to list all objects in the demo.local domain, you'd run the command
csvde -d "dc=demo,dc=local" -f domain.csv
The -d parameter specifies the root of the distinguished name (DN) from which to start the output to the .csv file, and the -f parameter provides the output filename. Running this command displays the following messages on screen:
Connecting to "(null)" Logging in as current user using SSPI Exporting directory to file domain.csv Searching for entries... Writing out entries ......................................... ......................................... ......................................... Export Completed. Post-processing in progress... 201 entries exported The command has completed successfully.
You can easily refine Csvde's output further. For example, let's say you want to create a file that contains a list of the domain's organizational units (OUs). To do so, you'd run the command
csvde -d "dc=demo,dc=local" -f ous.csv -r"(objectClass=organizationalUnit)"
(The command wraps to two lines here because of space constraints.) Notice that the command is the same as in the previous example, except that the output filename is different and the command includes the -r parameter. The -r parameter creates a Lightweight Directory Access Protocol (LDAP) search filter so that the output will include only objects of class organizationalUnit.
The .csv file that Csvde creates typically contains a large amount of data that's relevant to the domain's objects (230 attributes in total). You can load the Csvde utility's output into a Microsoft Office Excel spreadsheet to view it more easily.
Q. How can I configure Microsoft Exchange Server 2003 administrators so that they can access all users' mailboxes?
A. Unlike Exchange Server 5.5, in Exchange 2003 administrators don't have Send As or Receive As permissions--in fact, such permissions are explicitly denied to administrators by default. To grant Send As and Receive As permissions to administrators (and other users), perform the following steps:
- Open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, create a security group called MailBoxAccess, and to this group add users to whom you want to grant Send As and Receive As permissions.
- Start the Exchange System Manager (ESM) utility (click Start, Programs, Microsoft Exchange, System Manager).
- Navigate to the database to which you want to grant access (e.g., <org>, <Administrative Groups>, <admin group>, Servers, <Server name>, <storage group>, <database>).
- Right-click the database and select Properties.
- Select the Security tab.
- Click Add.
- Enter the MailBoxAccess group and click OK.
- Check to verify that the group has Send As and Receive As permissions and click OK.
Users in the MailBoxAccess group will now have access to all mailboxes. Remember that Exchange administrators are explicitly denied access by default. However, we've explicitly granted access at the actual mailbox database level, which overrides the inherited permission (i.e., the Send As and Receive as permissions that are explicitly denied to administrators).
Q. How can I delete all occurrences of a message from a Microsoft Exchange Server 2003 mail database?
A. Although you can recall sent messages in Exchange, recalling a message doesn't reliably delete all occurrences of it. Sometimes you'll want to remove all traces of a message--for example, when a former employee sends a malicious email message to current employees. You can use the Mailbox Merge Wizard (Exmerge) utility, which is available in Exchange 2003 and Microsoft Exchange 2000 Server and is typically used to migrate mailboxes, to search for and delete all instances of a message. You can download the utility at http://www.microsoft.com/downloads/details.aspx?familyid=429163ec-dcdf-47dc-96da-1c12d67327d5&displaylang=en. Be aware that you need Send As and Receive As permissions to run the Exmerge utility, which I discuss in the FAQ "How can I configure Microsoft Exchange Server 2003 administrators so that they can access all users' mailboxes?"
Let's say I accidentally sent the message "Top Secret Plan," which could reveal the secret identities of certain people, to a group in my organization. To delete all occurrences of this message, I can perform the following steps:
- Start the Exmerge utility.
- Click Next at the Mailbox Merge wizard's introduction page.
- At the Procedure Selection page, select "Extract or Import (Two Step Procedure)" and click Next.
- Ensure that the "Step 1: Extract data from an Exchange Server Mailbox" option is selected and click Next.
- Enter the Exchange server name, then click Options. You'll see the Data Selection Criteria dialog box.
- Select the Data tab and make sure the "User messages and folders" check box is selected.
- Select the Import Procedure tab, which the figure at http://www.winnetmag.com/content/content/42974/exmergetab2.gif shows, then select the "Archive data to target store" option.
- Select the Folders tab. At this point, you're prompted to click Yes to verify that you want to confirm the previously selected options, which will result in messages being deleted. Click Yes.
- On the Folders tab, you can specify folders that Exmerge should either ignore or process when it searches the mail database for the message. If you don't enter any folder names, Exmerge will search all folders in the database.
- Select the Dates tab if you want to limit Exmerge's search to a particular date range. If you don't specify a date range, Exmerge will search the entire database.
- Select the Message Details tab. You'll see a page like the figure at http://www.winnetmag.com/content/content/42974/exmergetextoptions.gif shows. Enter the criteria you want Exmerge to use in its search--for example, the message subject "Top Secret Plan."
- Click OK.
- The Source Server page displays. Click Next.
- If you have more than one mailbox database, you're prompted to select which databases to include in the search. If necessary, select the database(s) to include and click Next.
- At the Mailbox Selection page, which the figure at http://www.winnetmag.com/content/content/42974/exmergemailboxes.gif shows, you select which mailboxes to search. You can select specific mailboxes by holding down the Ctrl key, or you can click Select All to select all mailboxes. Click Next.
- Select the locale for the mailboxes and click Next.
- Click Change Folder to select a location for the personal store (PST) files that will be created or for the extracted message, then click Next.
- At the Save Settings page, click Next. A progress indicator displays while Exmerge performs the search and delete operations.
- After the "Operation completed successfully" message displays, click Finish. The message is now deleted from all mailboxes.
Q. How can I enable the Security tab at the Exchange organization level?
A. By default, the Security tab isn't displayed on an Exchange organization's properties page. To display the tab, perform these steps:
- Start the registry editor (regedit.exe).
- Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin subkey.
- From the Edit menu, select New and click DWORD Value.
- Enter a name of ShowSecurityPage and press Enter.
- Double-click the new value and set it to 1. Click OK.
- Close the registry editor.
The Security tab will now be displayed on the Exchange organization's properties page. At the Security tabbed page you can turn off the Send As and Receive As deny settings, which I discuss in the FAQ "How can I configure Microsoft Exchange Server 2003 administrators so that they can access all users' mailboxes?" to grant Exchange administrators full access to all mailboxes in the organization. The Security tab method is a simpler way to grant administrators access to users' mailboxes than the technique described in the FAQ; however, it lets you grant access only to all mailboxes (or none).
Q. I used Group Policy to disable the Windows XP registry-editing tools, but now the silent-mode switch no longer works on my XP system. Does a fix exist for this problem?
A. On Windows 2000 and Windows NT Server 4.0 systems, when registry-editing tools are disabled users can still use the registry editor with the /s (silent-mode) switch to run .reg files. In XP, the /s switch no longer works when registry-editing tools are disabled. For information about a supported feature that lets you use the /s switch on an XP system even when registry-editing tools are disabled, see the Microsoft article "'Prevent Access to Registry Editing Tools' policy changes in Windows XP" at http://support.microsoft.com/?kbid=831787 .
(from Windows & .NET Magazine and its partners)
How are you evaluating, distributing, and installing software patches? This free Webcast discusses the importance of patch management and establishing a patch-management process by using Windows and Office Update as a patch-management tool in your environment. Register now!
In this free Web seminar, you'll learn how blade servers provide native hot swappable support, simplified maintenance, modular construction, and support for scalability. And we'll talk about why you should be considering a blade server as the backbone of your next hardware upgrade. Register now!
Join Roger A. Grimes for a quick and fact-filled journey detailing where Windows malware likes to hide and how to eradicate it. The presentation will cover general types of Windows malware, where Windows malware hides, and how to get rid of it quickly.
Hot Release: Veritas Software
Download the White Paper: "How to Reclaim 30 Percent of your Storage Space and Control Storage Growth." This free technical white paper is brought to you courtesy of Veritas Software and Windows & .NET Magazine's White Paper Central.
(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )
True end-to-end management of the messaging infrastructure requires an integrated, service-oriented approach. This free Web seminar introduces service-driven management and best practices for managing and monitoring the key elements critical to ensuring email health and performance, including Exchange, Active Directory, network, and storage. Sign up today!
Comparison Paper: The Argent Guardian Easily Beats Out MOM
Microsoft(R) TechNet Webcasts: essential guidance, industry experts
Here's how to reach us with your comments and questions:
- About the newsletter — [email protected]
- About technical questions — http://www.winnetmag.com/forums
- About product news — [email protected]
- About your subscription — [email protected]
- About sponsoring UPDATE — [email protected]
Contact Our Sponsors
Primary Sponsor: Argent Software -- http://www.Argent.com -- 1-860-674-1700
Secondary Sponsor: OpenNetwork -- http://www.opennetwork.com -- 1-877-561-9500
Hot Release Sponsor: Veritas Software -- http://www.veritas.com -- 1-800-327-2232
This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.