ITIL Study Videos

Recently my organization has started to discuss moving to ITIL for IT service management.  This is a very positive development that some of us have been pushing for for years within the organization but now we have executive level management that seems to be pushing for it as a way to improve operational stability.

In trying to find some material to introduce me to the general concepts of ITIL I discovered the youtube channel of Marco Cattaneo who is a professor for Charles Sturt University in Australia.  He has a playlist that covers their master’s level ITIL Foundation class.  It’s a lot of videos and I haven’t even begun to watch all of them but I certainly plan to keep coming back to this playlist if we continue to move towards ITIL.

Posted in ITIL | Comments Off

Installing Mercurial on Server 2008 R2 with IIS

I use Mercurial to version all of my scripts at work, and have a general preference for using IIS over Apache on Windows.  Problem is that finding detailed instructions for installing Mercurial on Server 2008 R2 using IIS were hard to come by.  I found some excellent instructions for 2003 on the Vampire Basic blog but they required some modification for use on 2008 R2.  Below are the basic steps that I used for instaling Mercurial 1.5.1 on a 2008 R2 VM.  One of the advantages of using IIS is that it’s easier to native authentication for Mercurial access control.
Posted in Development | Comments Off

PowerShell pscmdlet.writedebug vs Write-Debug

In working on some script based cmdlets I noticed some inconsistent behavior related to the Preference variables.  The $pscmdlet automatic variable provides several methods for interacting with a pipeline, including it’s own WriteDebug function which performs similarly to the Write-Debug cmdlet.  Supposedly it respects the $DebugPreference variable the same way as Write-Debug does, but in my testing I discovered this not to be the case.

Given the following example code, If you run the script with a -debug arguement it should output two lines of debug output without halting the script for permission to continue (the default action when -debug is specified is ‘Inquire’).

Note that if you change a preference variable inside of a script block, it will reset when that script block is completed which is why you have to set the value in the BEGIN and PROCESS block.

Posted in Development, PowerShell | Comments Off

Conditionally hiding SharePoint UI elements on custom forms

While working with an internally customized SharePoint site, one of the common pain points was that one of the previous admins would remove from the default form various admin only items because she didn’t want them visible to the normal users.  Her method achieved that goal but required that an alernate method was created for the users that were supposed to have access to those features and that wasn’t always done and even when it was most users were confused about how to use it since it deviated from what they were familier from other parts of SharePoint.

In researching the issue to make some of my own customizations, I came across this blog posting over at the WSSDemo blog which explained how to use conditional formating to hide elements of the page based on the current user’s access.  Since in this case each of the Admins had a right that the normal users didn’t it made it simple to filter the portions of the page condtionally so that the site appeared normal for the admin users but would hide the undesired admin elements from the regular users.

While the reality is that any user that knows the direct URL to the hidden features could still access them, their access is still controlled by SharePoint so that they are only allowed what they are given permissions to do, but it’s useful for hiding the “View All Site Content” link to prevent users from trying to modify lists that they wouldn’t otherwise even notice.

Posted in SharePoint | Comments Off

SharePoint 2010 Licensing

This article is about the most useful explination that I’ve seen about the different web parts that are provided (out of the box) by the different SharePoint license types.

http://www.sharepointconfig.com/2010/06/sharepoint-2010-web-parts-by-license-type/

Posted in References, SharePoint | Comments Off

Converted from Drupal…

Well I finally gave up on using Drupal to run my site and converted everything over to WordPress.  So far WordPress has been a lot easier to work with, though I couldn’t find any tools to import my old Drupal data, but I did find some how-tos showing how to import a SQL dump into WordPress.

I still had to go back and edit almost every single post to fix formatting issues, which wasn’t so bad but was certainly tedious.

I also added some posts that were previously non-public after sanitizing some of the data in them.  Unfortunately there are some scripts that I can’t share that I would like to due to them being specific to my current employer’s environment.

Also, due to restructuring a few months ago at work I no longer work daily with Exchange so I may not have as many tidbits to share, but I’m hoping to become comfortable enough with SharePoint (not 2010 unfortunately – I will miss PowerShell greatly) to begin sharing some useful bits of knowledge as I pick up that skill in the future.

Posted in Uncategorized | Comments Off

Mailboxes with special permissions

Got auditors who want to review any mailboxes that have permissions granted for users other than the mailbox owner?  If you do you’ll appreciate the usefulness of this oneliner, which will give you a list of all of the mailboxes that have special permissions assigned to them so that you don’t have to review every single mailbox on your system manually.

This command grabs all of the mailboxes that have non-inherited permissions for users other than the mailbox owner.

Oneliner   
get-mailbox -resultsize unlimited | Get-MailboxPermission |? {$_.IsInherited -eq $false -and $_.User -notlike "NT AUTHORITY\SELF"} | ft @{Label="Identity";Expression={$_.identity.name}}, User, Deny
Posted in Exchange 2007, Information Security, PowerShell, System Administration | Comments Off

Report users assigned to a specific ActiveSync policy

Want to know which users are assigned to a specific ActiveSync policy?  It’s fairly straight forward, but unfortunately it’s not a single command.

You have to first retrieve the policy and assign it to a variable, then you can filter the Get-CASMailbox cmdlet based on that policy.  This will give you a list of all of the mailboxes that are assigned to that policy that you can use for additional processing or reporting purposes.

  1. $ASPolicyDN = (Get-ActiveSyncMailboxPolicy "Policy Name").Identity.DistinguishedName
  2. Get-CASMailbox -Filter {ActiveSyncMailboxPolicy -eq $ASPolicyDN}
Posted in Exchange 2007, PowerShell, System Administration | Comments Off

Get Mailbox Count per Database Efficiently

As part of our migration from SCC to CCR in our Exchange 2007 environment, I had to write a script that evacuated all of the users off of a given mailbox server across a collection of other servers while taking into account the number of mailboxes per server/database and available disk space (projected by quota) .  I can’t share the full script that I wrote, but I wanted to share a very useful method that I stumbled across to get the current count of mailboxes on the mailbox databases of a given server.

Normally the performance of the native Exchange Management Shell cmdlets is acceptable for daily administration, however for this process that we were using we discovered that enumerating 10,000 mailboxes to get a mailbox count per database wasn’t very efficient.

I basically took the method described over at sidefumbling and used it in the process and it saved me nearly 1 full minute per mailbox in the process which allowed us to perform the mailbox moves during a single tech window instead of having to split it across 2 different tech windows, subsequently allowing us to save a weeks worth of down time.

Posted in Active Directory, Exchange 2007, PowerShell, References | Comments Off

Reply-All to the AllUsers Distribution List Got you Down?

Work in a company long enough, and there will always be that user who does a reply-all to a large distribution list that spawns a huge reply-all storm.  This normally leads to questions about how it was even possible for Bob from the warehouse to send a message to half the company, or the dozens of replies that landed in the CEO’s mailbox.

Fortunately, Exchange provides you with the ability to control who is allowed to use a distribution list.  The problem is identifying what lists you may want to restrict.  The good news is that using PowerShell, it’s fairly trivial to identify any Distribution Lists you have in your environment that have a large number of users in them.  This is useful if you work in an environment where other departments have the ability to create Distribution Lists and you need to give them a list of the lists they need to restrict.

The basic logic is to look at all of the distribution lists in Exchange that are not restricted by either specific senders or other distribution lists, and report on the ones that have some arbitrary number of users.  The following one-liner will give you a table of all of the distribution lists that have more than 500 members in them showing you the list name and the number of members in each list.

Get-DistributionGroup -resultsize unlimited -filter {AcceptMessagesOnlyFrom -eq $null -and AcceptMessagesOnlyFromDLMembers -eq $null} | get-group | where-object {$_.members.count -gt 500} | ft displayname,@{Label="MemberCount";Expression={$_.members.count}}
Posted in Exchange 2007, PowerShell, System Administration | Comments Off