Friday, July 26, 2013

Ediscovery



Performing Discovery on a mailbox in Exchange 2010 is performed in 4 steps:

1)  Set permissions to perform the search

2)  Set permissions to view the search results

3)  Perform the search

4)  View the results







1)  Set permissions to perform the search

Login to the Exchange Control Panel as an Exchange Administrator



Select Roles and Auditing

Select Discovery Management and click Details



In the Members: section, click Add…



Select the member you wish to give permissions to create the search, and click OK



Click Save











2) Set permissions to view the search results

Open the Exchange Management Console.  Right click the Discovery Search Mailbox and select Manage Full Access Permission…



Click Add…



Select the user you want to be able to view the results of the search, and click OK



Click Manage

Click Finish









3) Perform the search

Log into Outlook Web Access as a user with permission to perform the search



Select Options, and select See all Options…



Select Options Manage Myself and select My Organization



Select Mail Control and select Discovery



Click New



Type in the search query.  In this example we are looking for instances of the word ‘passcode’.

Tick Include items that can’t be searched



click Select message types…

Tick Search all



Expand Mailboxes to Search and select the mailboxes required, or select Search all mailboxes



Expand Search Name, Type and Storage Location.  Enter a Search Name and either select Estimate the search results (used to indicate size requirements) or Copy the search results to the destination mailbox.  Untick Enable deduplication.



Click Browse



Choose the mailbox to copy the results to, and click OK



Click Save to start the search



Wait for the search to finish – Refresh if necessary











4) View the results

Once the search is finished, logon to a workstation as a person with permission to view the Discovery Search Mailbox and open Outlook.

Open the Discovery Search Mailbox.

In this example we can see ‘Corey’ send ‘Omar’ an email with the word ‘passcode’

List Workstations and Last Logon Time from AD using Powershell

This will list computers and Last Logon Times from AD:
import-module ActiveDirectory
$dcs = Get-ADComputer -Filter { OperatingSystem -NotLike '*Server*' } `
    -Properties OperatingSystem
foreach($dc in $dcs) { `
    Get-ADComputer $dc.Name -Properties lastlogontimestamp | `
    Select-Object @{n="Computer";e={$_.Name}}, @{Name="Lastlogon"; `
    Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}
}

References: http://stackoverflow.com/questions/16965355/get-last-logon-time-computer-and-username-together-with-powershell
http://blogs.technet.com/b/askds/archive/2010/02/04/inventorying-computers-with-ad-powershell.aspx

Friday, July 12, 2013

Remove Service Pack Files

To make a service pack permanent, and remove the service pack uninstall files, run the following commands:

Vista SP1 – vsp1cln.exe
Vista SP2 or Server 2008 SP2 - compcln.exe
Windows 7 SP1  - DISM /online /cleanup-image /spsuperseded

reference: http://support.microsoft.com/kb/2795190