Powershell for Resource Information in Exchange 2010

Posted on by Adam Fowler

Hi,

I came up against an issue today, where the person looking after calendar bookings for some newly created rooms (which was a resource) in Exchange 2010, could not see a lot of the information on the appointments. The subject had changed from whatever the person booking had written to their own name and the comments were missing. Coming from Exchange 2007 I hadn’t seen this before, but delved into the ‘Resource Inforamtion’ tab on one of the rooms. Rather quickly I realised this was happening by design, and the default options from Exchange:

Resource Information

 

So, for my scenario I wanted to remove most of these options, as we wanted the people with full access to the calendar to be able to see these things. I can understand having this disabled by default, as it’s really a business decision to make on who should see what. For me, I wanted to have the appointment unaltered which means removing “Delete attachments”, “Delete comments”, “Delete subject”, “Delete non-calendar items” and “Add the organizer’s name to the subject” (this one is just for less confusion, and you can still see the organiser from the attendees on the appointment itself). “Remove the private flag on an accepted meeting” I’d rather keep, if someone’s actually marking the meeting as private there’s hopefully a good reason.

Anyway, changing these options works perfectly, but doing it on a mass scale isn’t fun via the GUI. Powershell time!

I want to change this for all my Room Resources. First, you can get your list of Room Resources with this command:

Get-Mailbox -RecipientTypeDetails RoomMailbox

After confirming you see the results that you expect, you can pipe that into a command to turn off the required options. As a single command it would be this:

Set-CalendarProcessing -identity “Roomname” -DeleteAttachments $false -DeleteSubject $false -DeleteComments $false -DeleteNonCalendarItems $false -AddOrganizerToSubject $false

And merging the two together will be (dropping the -identity):

Get-Mailbox -RecipientTypeDetails RoomMailbox | Set-CalendarProcessing -DeleteAttachments $false -DeleteSubject $false -DeleteComments $false -DeleteNonCalendarItems $false -AddOrganizerToSubject $false

That’s it. All your rooms will now have the options you want. There’s a great article on MSExchange that covers this and a lot more: http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/resource-mailboxes-exchange-2010-part4.html and also has a table of the options on this screen and the relevant powershell parameter.

Good luck!

Office 365 Chat on The Register

Posted on by Adam Fowler

Hi,

I was invited by Trevor Pott @cakeis_not alie to be involved in an event on The Register to discuss Office 365. I’ve had a 1 year’s subscription thanks to Microsoft, so decided to accept. It was quite interesting to do, but also nice to see we all had similar ideas on the questions raised.

The feed of the live chat is available here:

http://www.theregister.co.uk/2013/06/18/office_365_livechat_promo/

Phoummala Schmitt @PhoummalaSchmit and Aaron Milne @wigginsix were also in on the chat. Hopefully more come up in the future!

 

How to set up Lync to Skype Federation

Posted on by Adam Fowler

Hi,

Microsoft Lync can now federate to Skype! This means that users can communicate between each system, which is awesome. This was launched 29th May 2013 as per this post http://blogs.skype.com/2013/05/29/skype-and-lync-connecting-the-living-room-to-the-board-room/#fbid=WXSmsIxTDGt

It’s a fairly easy process to request, assuming that you’ve already got standard federation up and running with edge servers. It doesn’t just magically work though, the Lync administrator needs to apply with Microsoft for the Skype to Lync federation to occur. I’d recommend starting with the “Provisioning Guide for Lync-Skype Connectivity: Lync Server 2013 and Lync Online” (which also works for Lync 2010) Microsoft have made available here: http://www.microsoft.com/en-sg/download/details.aspx?id=39071

This guide mentions that you need to go to https://pic.lync.com to sign up, which I did, but going through the process resulted in the error at the bottom of this post*. @ScottBreen on twitter directed me to send an email to [email protected] asking for Lync to Skype federation.

The information they require are your Enterprise Name, Agreement Number. Access Proxy, Domain, Public IM Networks,  and Main Contact (Name, Email Address, Phone #).

After sending this off, overnight they had quoted 3-5 days to make it happen, but had set it up in less than 6 hours. There was nothing else at my end, I was able to immediately add my own Skype contact to my Lync contact, and communicate between the two.

I then tested with @nickstugr but couldn’t add him (no errors, just appeared as ‘presence unknown’ and he didn’t receive any request). After getting him to add my Lync email address it worked, I set out to find out why (i.e. I googled it).

I found this KB article http://support.microsoft.com/kb/2566829 which matched exactly. He was using a non Hotmail/Outlook/MSN email address for his Microsoft account which Microsft call an EASI (email as sign in)domain, and annoyingly you can’t just add those via Lync. You can add them by using this format: skypeguy(customdomain.com)@hotmail.com which is rather confusing for an end user, so my recommendation is to get the Skype user to add the Lync user.

lync

After you’ve added a Skype user to Lync, you’ll see the little Skype logo next to their name in an active chat window. Skype users will see the word ‘Lync’ below the Lync contact’s name.

The last caveat is that you can’t add a pure skype user. Yes, this is a big one, the user at the Skype end needs to be signed in to Skype using their Microsoft account rather than their Skype account.

Apart from that, it does seem to work quite well. Functions such as pasting pictures into chat or video are currently not available, and the video part will be mid 2014,  according to Microsoft http://www.zdnet.com/microsoft-delivers-first-phase-of-lync-skype-integration-7000016045/

Good luck!
Continue reading

An Email Conversation Regarding Domain Names and Aliases

Posted on by Adam Fowler

Hi,

Just sharing some correspondence I had with a company that I signed up with to purchase some goods online. Details have been changed for privacy and a few extra lines in the emails deleted that were irrelevant.

From: Mr Website Owner <[email protected]>

Hello Mr Adam Fowler,

Recently you registered on our site using the email address of [email protected]

We are not sure why you have chosen our registered business name and web address as an email address.
We would hope that this is not for any misrepresentation. Therefore we request that you cancel this name registration immediately.

We would not like to have to report this to the authorities, ASIC or Planet Domain for a breach of any company laws or internet protocol related issues.

Thanking you in advance for your assistance.

Kind Regards,

Mr Website Owner

From: Adam Fowler <[email protected]>

Hi Mr Website Owner,

I’d recommend you have a chat with someone that knows I.T. to back up what I’m about to tell you, but this isn’t a name registration.
I own the domain mydomain.com and can have any email address @mydomainname.com, just like you can have anything @yourdomainname.com
That’s also why I’m replying from [email protected]
When I sign up for any service, I use a specialised email address solely for use with that business. Nobody sees this but you.
You can make up any word or phrase before @mydomainname.com and the email will get to me.
I also do not own any business, and do not have an ABN.

Threatening me with incorrect information, and being reported to the authorities isn’t the best way to deal with someone who’s planning to order XXXX from you.

Thanks

From: Mr Website Owner <[email protected]>

CC: Mr Website’s Lawyer

Thank you for your speedy reply.

It is unfortunate that your reply seems to contain a little more aggression that my email intended but that is the down side with the written word. Doesn’t contain emotion.

As you would be aware in owning a domain, which is just like any business, you need to protect it.

In today’s day and age, with Spammers, Hackers etc. doing enormous amounts of damage to all businesses, everyone needs to be vigilant.

We have competitors daily copying our business names (yes we have a few) registering and using names so close it’s confusing to our existing customers. Even down to having their office staff say they have the same name as our staff.

I accept your assurance that we are the only ones who will see this address, but I’m sure you would agree that it can be concerning to see initially.

I can assure you when I make a statement I have no intention of giving incorrect information.

When it comes to Misrepresentation I meant:

An assertion or manifestation by words or conduct that is not in accord with the facts.
Misrepresentation is a tort, or a civil wrong.

Many small businesses will have [email protected] as the email address for their business name of ‘My Big Pies’ because they don’t own a domain or have a web site. It’s any easy way to have a personalised email. Some of my friends have their business emails setup this way.

Just because you own a domain or even a printing press for that matter, doesn’t allow you to print a business card containing an email address of say [email protected] and be running an Electronics Service Business. The effect is confusion from Apple product owners who may think you work for or are an Authorised agent for Apple when this is not the case. I’m not here to lecture. I am asking in this case for some professional courtesy and refrain from using our business name just like any other business would.

If you are not happy with my explanation or request, please feel free to contact our Solicitor (I’m sure he is better with his words than I am):

<Lawyers Details Here>

If you choose not to purchase from us that is purely up to you. We can’t force you.  We do try to please every customer in the same way we fight to protect our business…with a passion.

Thanks again for your understanding and reply.

All the best,

Kind Regards,

Mr Website Owner

From: Adam Fowler <[email protected]>

CC: Mr Website’s Lawyer

Hi Mr Website Owner,
The reason for shortness on my last email is that I don’t like to be threatened, regardless if there is any emotion behind it.
To keep things short, are you confirming that you accept my explanation and that no action is required from myself? I have no interest in using your name for anything apart from an account I signed up to your website with, which now I would request that it be terminated and removed from any databases and mailouts.

Thanks

Mr Website Owner <[email protected]>

CC: Mr Website’s Lawyer

Thank you Adam,

Yes I accepted your explanation behind the creation of the email address. You must have quite a few if you deal with many businesses.

I will of course remove your account if you no longer require it.

Please accept my apology if I have caused any upset. It was not my intention. I am just very protective of my business as I’m sure you are with your domain.

Also I hope we haven’t sent you any unsolicited marketing emails in the past. We definitely don’t operate that way.

Consider it all closed.

Thanks again,

Kind Regards,

Mr Website Owner

From: Adam Fowler <[email protected]>

 

Thank you Mr Website Owner, I’ll consider the issue closed from my end too.

Anywhere I need to sign up for any service gets it’s own email address, you’d be suprised how many online companies seem to get hacked and their customer list starts to get spammed. There’s actually quite a few people who do the same, so you may see others sign up similar to how I did.

Not a problem either, I understand where you were coming from on it, which is why I took the time to explain.

Good luck with your ventures.

Thanks

That’s where it ended, apart from a week later I received a gift from the website owner of some of the products I was considering purchasing! Well done to him for turning the situation around in the end.

LinkedIn Security/Information Risks with Exchange

Posted on by Adam Fowler

Hi,

Today after logging on to LinkedIn, I was greeted with a new screen I found rather worrying. It is commonplace for services like LinkedIn and Facebook to scan through your address book, and ask for credentials to do so (which is rather concerning already), but a new option has popped up:

 

linkedin

 

This is asking for your work username and password. No 3rd party should be asking for corporate credentials like this, even more so a company that’s been hacked before http://www.pcworld.com/article/257045/6_5m_linkedin_passwords_posted_online_after_apparent_hack.html . I tried this with a test account, entering the username and temporary password. It then asked for further information, which was the address for the Outlook webmail link and then connected and started showing contacts.

LinkedIn on this page says “We’ll import your address book to suggest connections and help you manage your contacts. And we won’t store your password or email anyone without your permission.” which is a start, but it’s just such a bad practise to get into, and encouraging people to do this is irresponsible of LinkedIn in my opinion. On top of this, it’s providing an easy mechanism for staff to mass extract their contacts outside the company, which many companies frown upon or even have strict policies in place.

You can’t stop people from entering in these details of course, but you can block the connection from working at the Exchange end, as long as you have at least Exchange 2010 SP1.

There are a few settings to check. First, under the Set-OrganizationConfig area, you’ll need to check that EwsApplicationAccessPolicy is set to ‘EnforceBlockList’. If it’s not, it’s going to be “EnforceAllowList” and you’re probably OK, as it’s using a whitelist for access to only what’s listed rather than a blacklist, to only block what’s listed.

Next, you need to add LinkedIn into the BlockList. This is done with the command “Set-OrganizationConfig -EwsBlockList LinkedInEWS

How do we know it’s the string “LinkedInEWS” to block? The IIS log files from Exchange will reveal this. After doing your test of trying LinkedIn (or any other Exchange Web Services connection) there will be a log entry. You can read this blog post from Microsoft for some great details http://blogs.technet.com/b/matabra/archive/2012/08/23/block-mobile-apps-that-use-exchange-web-services.aspx but the abbreviated version is to look at what’s connecting fir POST /EWS/Exchange.asmx, and you’ll see the username you used to test, then the named connection. Here’s an example (with domain, username and IP changed):

2013-06-02 10:37:48 192.1.1.135 POST /EWS/Exchange.asmx – 443 domain\testusername 192.168.1.1 LinkedInEWS+(ExchangeServicesClient/0.0.0.0) 200 0 0 296

After applying, I retested and it seemed to still connect, but couldn’t find any contacts. My guess is that it’s authenticating OK, but then refusing to do much else. If anyone else would like to test this and post the results, I’d be very happy to find out update this.

 

Funnily enough, after writing this I found that LinkedIn had posted a very short version of the above:

From: http://help.linkedin.com/app/answers/detail/a_id/5025

Disabling Contact Import Process – Corporate IT Managers Instructions

How do I disable the ability for employees at my company to import contacts from their work email account?

Last Reviewed: 10/10/2012

Report Answer Inaccuracies

If you’re a Corporate IT manager, you can disable an employee’s ability to import contacts from their work email accounts.

Use Set-OrganizationConfig cmdlet to:

  • Set the value of config parameter EwsApplicationAccessPolicy to EnforceBlockList.
  • Add value LinkedInEWS to config parameter EwsBlockList.

For more information on using Set-OrganizationConfig cmdlet, please refer to Microsoft’s Managing Access for EWS Managed API Applications.

 

Further reading is available here:

http://thoughtsofanidlemind.wordpress.com/2010/08/12/controlling-ews-access-in-exchange-2010-sp1/

http://security.stackexchange.com/questions/36560/how-do-i-block-linkedin-from-extracting-data-from-microsoft-exchange-server

 

Update:

Paul Cunningham has done a great writeup about this with some extra investigation and details, have a read: http://exchangeserverpro.com/blocking-linkedin-access-to-your-exchange-server-organization/

 

Update 2:

This story had now been picked up by The Register, have a read here: http://www.theregister.co.uk/2013/06/06/linkedin_snarfing_contacts_from_exchange/

 

Update 3:

Seems to be getting picked up all over the place, so I’ll just keep updating this point as I find other articles. There’s some good discussion and opinions on this out there, such as why is Exchange configured to allow everything by default?

http://securencrypt.com/blog/linkedin-has-major-privacy-issue/

http://webwereld.nl/beveiliging/78036-linkedin-slurpt-data-van-zakelijke-exchange-servers