16 December, 2013

Exchange 2010 - Get Full Access to User’s Mailboxes

To get access to a specific mailbox with all permissions use the following command in “Exchange Management Shell”

Get-Mailbox username | Add-ADPermission –user username –AccessRights GenericAll

To get access to a specific Exchange Mailbox database and all of the mailboxes that this database contains, use the following command in “Exchange Management Shell”

Get-MailboxDatabase –identity “mailbox database name” | Add-Permission –user username –AccessRights GenericAll


15 December, 2013

Create a VLAN with DD-WRT Based Routers

If you’ve never heard of DD-WRT by now… You should go to that link quickly. (http://www.dd-wrt.com/site/index) DD-WRT is a Linux-based firmware for wireless routers and wireless access points. Basically, it’s a firmware compatible with some cheap end-user wireless routers. Once you load that firmware on your router, you get lots of cool networking features that you would normally find in enterprise products for a lot of $$$. Some of the cool features of DD-WRT are WDS, VLAN, Multiple SSID, QoS, different wiles modes (Access Point, Bridge, Repeater, etc…), and the list goes on…
It’s free to download and use. Please use it at your own risk because during the process of flashing your router, you can also “brick” your router although, I’ve never experienced this personally. Not every router is compatible with DD-WRT, so please check the “compatibility” page before trying anything.
In this article, I’ll not cover how to flash your router or how to set it up for the first time, as there are plenty of articles explaining these “how tos”

DD-WRT documentation


  • Make a TELNET connection to your router. I’m using “PuttY” for that.
  • Enter the following commands to show all existing vlans and ports assignments.
    Nvram show | grep vlan.*ports
    Nvram show | grep port.*vlans

Use these commands to configure your vlan2 on your port 4 :
nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5*"
nvram set rc_startup='
ifconfig vlan2 netmask
ifconfig vlan2 up
nvram set rc_firewall='
iptables -I INPUT -i vlan2 -j ACCEPT
iptables -I FORWARD -i vlan2 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan2 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j logdrop
nvram commit
  • Now go back to the routers web management interface to assign the the port for for the vlan2. To do that, go to “Setup” under “VLAN” tab, deselect the port 4 and select it on vlan2 as shown in the following screenshot;

  • Apply your settings.
It’s all done. Your port #4 is now assigned to a different vlan. It should also communicate with your WAN port. Now, if you want to add a DHCP service into your vlan with your router again. Follow these steps, if you are in a LAB environment and you would like to use your own DHCP server in your lab, you can assign an IP address manually for that vlan port and use your own servers… Optional.

To activate the DHCP on the VLAN2

  • Go to the management interface again and go to “Services” under “Services” tab, find the section “DNSmasq” section and enter your DHCP options like this;


  • Under « Setup », « Networking » tab, under « Port Setup » configuration section, make sure that the « Network Configuration vlan2 » is set to « Unbridged » mode and the « Masquerade / NAT » is enabled. Than you should enter the routers IP address on your vlan. In my case it’s with a subnet mask of as shown on the following screenshot.
  • Make sure that the « use DNSMasq for DHCP » and the « User DNSMasq for DNS » are both checked under “Setup” , “Basic Setup” tab, under “Netwrok Address Server Settings (DHCP)” section as shown on the following screenshot.
  • After all, if you are not happy with your configuration or you would like to start over... To reset "nvram" from TELNET, use the following commands;
erase nvram
Here is a list of all the blogs I've visited during my researches, these are great articles that gives you a better understanding of how vlans work with dd-wrt.




08 December, 2013

Create a Windows Azure Lab

I've been experimenting with Microsoft's new cloud services, Windows Azure. The service is very versatile and practical. Basically, it's an online platform (or Portal as Microsoft calls it) you can create virtual machines, virtual networks, highly available redundant storage, databases, cloud services, web sites, web apps, active directory and the list goes on... So how and why would you use it? It was the first question I asked to myself and when I got my answer and experimented with it, I was totally blown away by the easy usage of it. You can instantly create a Lab environment to test new products. Takes about 10-15 minutes to create a couple of virtual machines connected together. So yeah, if you don't have a Hypervisor machine at home, go ahead and create your lab. But it's meant to be used by enterprises!!! Because all these resources are highly available and redundant. Microsoft spreads out it's datacenters pretty much all over the world and they give you the choice in what region you would like to create your resources. And of course... All these comes with a price! Good news is, it's free for a full month and Microsoft gives you 220$ of credit to spend on your infrastructure needs. All you need is a Windows ID.  I never review any product or service, I write technical articles when I spend hours to find a solution or when I find really cool trick that will make your professional IT life easier :) So if you are interested in Windows Azure, I invite you to look at the following links.

Windows Azure Website

Windows Azure Free Trial

Windows Azure Virtual Machine Pricing

Windows Azure Virtual Machines Documentation

How to create your first Windows Azure Lab ?

Instead of writing a new article, I'll provide the links to a really cool article about how to create your very first Windows Azure Lab.

Part - 1

Part - 2

Part - 3

29 November, 2013

Renaming a « VMDK » file in VSphere

I have a VMDK file that was used for a Windows Server VM as a secondary disk to store only archive files. When I had to scrap the VM and redo it from 0. As any lazy admin would do, I tried to be smart and just reinstall the OS on a different VMDK and copy over the secondary VMDK, rename it, attach it to the virtual machine and off you go…

Things are never as easy as you imagine it would be with computer systems J. Here is another adventure of just a renaming simple VMDK file;

If VSphere Gui doesn’t let you rename a file, you can do it through a PuttY ssh session; 

  • Open an SSH session to one of your hosts.
  •  Browse to your DataStore which has the VMDK file.cd /vmfs/volumes/DatastoreName/originalname
  • Use the following command to rename a file;
       vmkfstools -E "originalname.vmdk" "newname.vmdk"

For more information about manipulating files in datastores or using the “vmkfstools”;

05 November, 2013

Best Practices for Anti-Virus Configuration and Exclusions in a Windows Environment

If you are here, it means you already know that configuring an anti-virus is not as simple as « next, next, next, ok ». Especially, deploying an antivirus to hundreds of clients… You’ve got to make sure that your clients are not suffering from intrusive antivirus processes, setup exclusions properly so that you don’t scan gigabytes of ISO files, make sure that the clients get the most recent and proper updates even if they are not connected to your network… Do you now get what I mean? J

I went through this process recently. We’re using Trend-Micro Worry-Free Advanced Business security software for a couple of years now. Recently Trend-Micro had an update and the most recent version of the program is version 8 as of writing this article. The process of upgrading didn’t go very well so I had to reinstall it from scratch! Here are my notes regarding this project;

I am not an antivirus expert but I guess every antivirus product has their own installing and “best practices” guide. I recommend you highly that these documents are worth reading, even if they are thousands of pages. Generally speaking, there are some folders & processes you can exclude from your real-time & scheduled scans…

Recommended folder exclusions for Windows 7 & Server 2008 R2 systems;

Windows Search & Indexing
Group Policy

This is really a general list. It all depends the software, services and roles that are installed in your systems that will determine what you should exclude from your scans. Let’s say you have a couple of custom applications that are programmed by your trusted developers, feel free to exclude these internal programs. For a complete list of suggested exclusions from Microsoft, please see the following article;

During my researches, I’ve also find this useful document from Kaspersky;


I guess there is not much left to say after giving away these documents. But I’ll give you a general list of all the processes that I’ve excluded from our systems too;

Windows Search & Indexing
Windows Search & Indexing
Windows Search & Indexing

 All the files that can be excluded from your antivirus agents;
Group Policy

 Here is a list of all the extensions that should be excluded;
Exchange Offline Cache File
Outlook Archiving File
Print Spooler File
Print Spooler File
Microsoft Virtual Machine Disk File
Microsoft Virtual Machine Disk File
VMware Virtual Machine Disk File
VMware Virtual Machine Memory File
Archive File
Windows Image File
Windows & 3rd party Log Files
Configuration File

Here is one last useful link that I found during my researches;
I hope this was useful to you and please feel free to send me your suggestions / corrections to make this document better. Best way to contact me is by email.

11 May, 2013

Change Network Locations in Windows 7 / Windows Server 2008 R2

I came across this issue several times and each time I see this, I can’t remember quiet well what to do... So I decided to document my procedure.

With Windows 7 and Server 2008 R2 editions, you have the “Network Locations” options. Basically, whenever your computer connects to a new network Windows is asking you if you are connected to a “Home” network, “Work” network or a “Public” network. Based on your choice Windows sets its firewall settings automatically. This feature is really clever as you don’t want your firewall to be open to everyone while you are connected to Starbuck’s “Public” network and you absolutely don’t want your file sharing to be blocked while you are at home (Home) network.  If you ever made a mistake choosing your network location, you can always go back to “Network and Sharing Center” from “Control Panel” and click on the link that defines the actual network location.  Now the problem is, sometimes this option is grayed out or the option is disabled and you can’t change your network locations...


The easiest way to solve this problem is to remove you network card from your computer and reinstall it. If you are working with a virtual machine, you should follow this option and you will be asked for a new network location as soon as your network adapter is reinstalled.

If you are working with a physical machine and removing the NIC is not an option for you, you can follow these steps;

1-      Hit the “Windows + R” button to bring the “Run” window and type in “gpedit.msc”

2-      Browse to “Computer configuration, Windows Settings, Security settings, Network List Manager Policies”

3-      On the right pane, double click on “All Networks” and choose “User can change location” under “Network Location” section.

4-      Click on “OK” on all windows and restart your machine.

19 January, 2013

Managing Internet Explorer Add-Ons for All Users

I guess we all heard about the Java security breach. I don't know about you but I've heard about it and decided to take action like a good IT Professional. :)  We decided to deactivate the Java add-on on our Terminal Server which is running Windows Server 2008 R2. I realized that if I turn off the add-on manually from the Internet Explorer settings, the action is only takes effect only for the user account that your are logged in. But, what do you do for a Terminal server or on system that multiple user is using? I've found the answer on Microsoft TechNet forums and I wanted to share it with you guys because the answer wasn't easy to find at all.

First, here is the forum thread that I'm talking about;


Here is the original article from Microsoft (even though it says Windows XP in the article, this applies to Windows 7 & Server 2008 R2 systems as well;


Personally, I've configured these settings trrough GPO by setting up these 2 settings;

 - Computer Configuration, Administrative Templates, Windows Components, Internet Explorer, Security Features, Add-On Management
          * Deny All add-ons unless specifically allowed in the Add-On List = Enabled
          * Add-On List = Enabled

Optionally you might want to activate some of the add-ons. In this case, you will need to find out what is the CLSID (.....)
To find out what is your add-ons CLSID value for internet explorer, follow these steps;
 1 - Open Internet Explorer
 2 - Under Tools, click on "Manage Add-Ons"
 3 - Under "Toolbars and Extensions" on the right pane, right click on one of the add-ons in the list and go to "Columns" and make sure that the "Class ID" is checked. When this setting is checked you will see that the CLSID is shown along with all add-ons.
 4 - Use the CLSID value of the add-on that you want to enable in the "Add-On List"  GPO.

With all these settings in place, you will have the control of what is enabled and used in Internet Explorer by your users. You don't need to worry about Java or any other add-on security breaches.

Never forget to keep it up-to-date :)

03 January, 2013

VMWare "Failed to lock the File" Error

Recently I have created multiple virtual machines using VMWare Workstation 9. I wanted to prepare template VMs already installed, updated, patched and configured... Just ready to load and start my super clean VM lab. So after hours of work, all  my vms were ready with a nice Sysprep finish :) But when I started to use them, I realized that I could not open my vms...
I was just copying the template VM folder that I created earlier into another folder and just renaming the folder for my personal use, but i never renamed the actual files of vms. I would go from my VMware Workstation and do "File", "Open" . Surprise!

"Failed to lock the file. Cannot open the disk 'C:\path\vmfilename.vmdk' or one of the snapshot disks it depends on.

Here is what I found. Actually, I think it will be even better if I just state the most important part of the VMWare knowledge base article # 1038189 regarding this problem. Here is the WHY? ;

The error Failed to lock the file means that another process is opening the file and the process you are using cannot open the file properly. 

This typically occurs if you:

  • Start two copies of the .vmx file
  • Power on a virtual machine with mounted disks (via the vmware-mount utility)
  • Try to turn on a virtual machine through the user interface during a snapshot operation
  • Try to add the same virtual disk to the machine twice.

And here is what you should do to remedy the stuation;

To resolve this issue, remove the disk from the virtual machine and re-add it. When you re-add it, you can use the datastore browser to locate the disk on one of your datastores.

Basically, all I needed to do is remove the virtual disk trough my vm's settings and re-add it.