One thing I see while doing Lync environmental health checks for some customers is some elevated accounts that are enabled for Lync. An example is members of the Domain Admins group. This can be somewhat problematic, especially for administration of those elevated accounts. For security reasons, it is not recommended to enable members of Domain Administrators group for Lync.

You cannot use Lync Server Control Panel to manage users who are members of the Domain Admins Active Directory group. For Domain Admins users, you can use Lync Server Control Panel only to perform read-only search operations. Attempting to perform write operations (such as enable or disable for Lync Server Control Panel, change pool or assigned policies, telephony settings, SIP address) on an elevated user will yield an “Access Denied” error. To perform write operations on a member of Domain Admins, you must use Lync Server Management Shell (PowerShell) cmdlets while logged on as a member of Domain Admins.

For more information please refer to this Microsoft page: User accounts enabled for Lync Server 2013

To query an elevated group, such as Domain Admins, for Lync enabled users, use the following:

(Get-ADGroupMember "Domain Admins").DistinguishedName | Get-CsUser -ErrorAction SilentlyContinue | Format-Table DisplayName,SipAddress

You can replace the “Domain Admins” with the name of any group, really. When you run it, you’ll end up with something like:

PS C:\> (Get-ADGroupMember "Domain Admins").DistinguishedName | Get-CsUser -ErrorAction SilentlyContinue | Format-Table DisplayName,SipAddress

DisplayName                                                 SipAddress
-----------                                                 ----------
Services                                                    sip:services@contoso.com
Dan Giles                                                   sip:dan.giles@contoso.com
Neil Armstrong                                              sip:neil.armstrong@contoso.com
Dawn Lopes                                                  sip:dawn.lopez@contoso.com
Bob Seger                                                   sip:bob.seger@contoso.com
Gail O'Grady                                                sip:gail.ogrady@contoso.com
Troy Dallas                                                 sip:Troy.Dallas@contoso.com
Steve Carrell                                               sip:steve.carrell@contoso.com

You can Lync disable these users for Lync, using the Disable-CsUser cmdlet. This can be done either individually using the -Identity parameter, or everyone at once by pipeline, with something like:

(Get-ADGroupMember "Domain Admins").DistinguishedName | Disable-CsUser -ErrorAction SilentlyContinue

If you have some accounts that were previously members of an elevated group like Domain Admins, but no longer are, then the AdminCount parameter on their account may still be set. This will cause the Access Denied issue to continue. You can manually change this on the user object using ADSIEDIT, or via a script such as Set-AdminUser.

This is the changelog page for New-SignedScript. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v1.3 – 09-18-2016

1. Now includes a selection box when more than one valid code signing certificate is found.

v1.1 – 06-10-2014

1. Better handling when there is more than one code signing cert. Script now finds the first valid code signing cert and uses that.
2. Better validation that the script is successfully signed

v1.0 – 09-20-2012

1. Initial version

Description

This function probably doesn’t have a lot of users to most people. But in Lync, adding the Simple URL for the Lync Server Control Panel to the Local Intranet zone resolves the issue of having to enter credentials each time. Of course, I like to automate the configuration of things, so I whipped up this little function, and it will be included in some of my build scripts. The script basically creates the required registry entries under HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains. Immediately after running the function, we can see the new entry in Internet Explorer

Syntax

New-TrustedIESite [[-url] ] [[-zone] ] []

Zones are as follows:

1 Local Intranet
2 Trusted Sites
3 Internet
4 Restricted Sites

example:

New-TrustedIESite -url https://lyncadmin.contoso.com -zone 1

Will add https://www.lyncadmin.contoso.com to the Local Intranet zone

Download

v1.0 – 02-08-2014 – New-TrustedIESite.v1.0.zip

Signs a PowerShell script with a code signing certificate.

Syntax

New-SignedScript [[-path] ] [-Verbose] [-Debug] [-ErrorAction ] [-WarningAction ] [-ErrorVariable ] [-WarningVariable ] [-OutVariable ] [-OutBuffer ] [-WhatIf] [-Confirm]

Detailed Description

One of the concerns about using a PowerShell script is that it often requires the user to change the Execution Policy on the machine the script is running on. This can cause security concerns, because when the Execution Policy is lowered, any script can run, including those with malicious intent. For more information on setting the Execution Policy, see Set-ExecutionPolicy.

Of course, you need a code signing certificate in order to sign scripts. Fellow Exchange MVP Mike Pfeiffer wrote an informative article, Obtaining a Code Signing Certificate and Signing PowerShell Scripts that covers using an internal Certificate Authority. Third party Certificate Authorities (CAs) such as Digicert also provide code signing certificates. I can’t recommend Digicert enough. I have both a standard code signing certificate and an Extended Validation code signing certificate.

But signing scripts manually can be a little cumbersome. This function gets the current code signing certificate, verifies it’s not expired, and then signs the script. The script will only sign .ps1 files, and will not attempt to sign a script that’s already signed.

Example

New-SignedScript -path [path to script]

such as

New-SignedScript -path .\myscript.ps1

You can also pipeline files to this function, for example:

Get-Item *.ps1 | New-SignedScript

Installation

Nothing special here. Once you have a valid code signing certificate installed, the function should work as designed.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

v1.4 – 09-08-2017 – New-SignedScript.v1.4.zip

v1.3 – 09-18-2016 – New-SignedScript.v1.3.zip

v1.1 – 06-10-2014 – New-SignedScript.v1.1.zip

v1.0 – 09-20-2012 – New-SignedScript.v1.0.zip

Changelog

See changelog for info on latest versions, including bug fixes, code tweaks, etc.

This is the changelog page for New-ExpiringCertificatesReminder.ps1. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v1.3 – 02-13-2017

1. added parametersets to param block
2. code optimization
3. updated Remove-Variables to v1.1
4. updated domain name info and comment help block

v1.2 – 01-27-2014

1. -noprofile switch added to install routine
2. minor code tweaks per best practices

v1.0 – 09-11-2012

1. Initial version

Microsoft has released the following update rollup for Exchange Server 2010:

• Update Rollup 7 for Exchange Server 2010 SP1 (KB2743248)

If you’re running Exchange Server 2010 SP1, you need to apply Update Rollup 7 for Exchange 2010 SP1 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Here is a list of the fixes included in Update Rollup 7:

1. 2740358 MS12-058: Vulnerability in Microsoft Exchange Server WebReady document viewing could allow remote code execution.

Download the rollup here.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

Note to Forefront users:

If you don’t disable Forefront before installing a rollup or service pack, and enable afterwards, you run the risk of Exchange related services not starting. You can disable Forefront by going to a command prompt and navigating to the Forefront directory and running FSCUtility /disable. To enable Forefront after installation of a UR or SP, run FSCUtility /enable.

News

Premier

OpsVault – Operate and Optimize IT http://www.opsvault.com

Microsoft Premier Support UK – Site Home – TechNet Blogs http://blogs.technet.com/b/mspremuk/

Antigen & Forefront

Forefront Team Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/forefront

Forefront Server Security Support Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/fssnerds

Exchange

Exchange Team Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/exchange/

MCS UK Unified Communications Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/msukucc

1. Demystifying the CAS Array Object – Part 2 http://blogs.technet.com/b/exchange/archive/2012/03/28/demystifying-the-cas-array-object-part-2.aspx
2. Demystifying the CAS Array Object – Part 1 http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
3. Exchange Server Deployment Assistant Update for Exchange 2010 SP2 and Office 365 Hybrid Deployments http://blogs.technet.com/b/exchange/archive/2012/03/21/exchange-server-deployment-assistant-update-for-exchange-2010-sp2-and-office-365-hybrid-deployments.aspx
4. Check out Microsoft Script Explorer for Windows PowerShell (pre-release) http://blogs.technet.com/b/exchange/archive/2012/03/14/check-out-microsoft-script-explorer-for-windows-powershell-pre-release.aspx
5. Exchange Client Network Bandwidth Calculator Beta 2 http://blogs.technet.com/b/exchange/archive/2012/03/09/exchange-client-network-bandwidth-calculator-beta2.aspx
6. Introducing: Log Parser Studio http://blogs.technet.com/b/exchange/archive/2012/03/07/introducing-log-parser-studio.aspx
7. MEC is Back! http://blogs.technet.com/b/exchange/archive/2012/03/06/mec-is-back.aspx

Lync

NextHop – Site Home – TechNet Blogs http://blogs.technet.com/b/nexthop/

DrRez: Microsoft Lync Server Technical Reference Hub http://blogs.technet.com/b/drrez/

1. Lync Server 2010 Updates Now Available: March 2012 http://blogs.technet.com/b/nexthop/archive/2012/03/28/lync-2010-updates-now-available-march-2012.aspx
2. Lync Server Documentation Update: March 2012 http://blogs.technet.com/b/nexthop/archive/2012/03/15/lync-server-documentation-update-march-2012.aspx
3. Lync Wikis—Start a Wild and Wooly Conversation http://blogs.technet.com/b/nexthop/archive/2012/03/15/lync-wikis-start-a-wild-and-wooly-conversation.aspx
4. Deploying and Troubleshooting Lync Server 2010 MSPL Applications http://blogs.technet.com/b/nexthop/archive/2012/03/14/deploying-and-troubleshooting-lync-server-2010-mspl-applications.aspx
5. Lync 2010 Training Release Updates http://blogs.technet.com/b/nexthop/archive/2012/03/09/lync-2010-training-release-update.aspx

Outlook

Outlook Blog http://blogs.msdn.com/b/outlook/default.aspx

Other

The Master Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/themasterblog

Documents

Exchange

Exchange Server 2010 SP2 Help
This download contains a standalone version of Microsoft Exchange Server 2010 SP2 Help. http://www.microsoft.com/download/en/details.aspx?id=28207

Microsoft Exchange Server 2010 Install Guide Templates
You can use these templates as a starting point for formally documenting your organization’s server build procedures for servers that will have Microsoft Exchange Server 2010 server roles installed on them. http://www.microsoft.com/download/en/details.aspx?id=17206

Best Practices for Virtualizing Exchange Server 2010 with Windows Server® 2008 R2 Hyper V
The purpose of this paper is to provide guidance and best practices for deploying Microsoft® Exchange Server 2010 in a virtualized environment with Windows Server® 2008 R2 Hyper V technology. This paper has been carefully composed to be relevant to organizations of any size. http://www.microsoft.com/download/en/details.aspx?id=2428

Migrate from Exchange Public Folders to Microsoft Office 365
This document outlines these considerations, discusses the most common public folder scenarios and how they are represented in Office 365 services. It also provides the information you need to decide whether Office 365 is a good match for you based on your current public folder usage. http://www.microsoft.com/download/en/details.aspx?id=27582

Lync

Unified Communications Phones and Peripherals Datasheets
These datasheets list the phones and peripheral devices that are qualified to display the “Optimized for Microsoft Lync” logo. http://www.microsoft.com/download/en/details.aspx?id=16857

Microsoft Lync Server 2010 Protocol Workloads Poster
This poster shows each workload in Microsoft Lync Server 2010 communications software, describing relationships, dependencies, flow of information, and certificate requirements. Version 5.11 corrects minor errors. http://www.microsoft.com/download/en/details.aspx?id=6797

Microsoft Lync Server 2010 Device Management and Troubleshooting Guide
The purpose of the Microsoft Lync Server 2010 Device Management and Troubleshooting Guide is to provide guidance on how to manage and update devices. It is also intended to answer frequently asked questions. This document identifies supported topologies, configurations, and scenarios described in detail in the Lync Server device deployment and planning documentation. http://www.microsoft.com/download/en/details.aspx?id=16277

Microsoft Lync Server 2010 Mobility Guide
This document guides you through the process of deploying the Microsoft Lync Server 2010 Mobility Service and the Microsoft Lync Server 2010 Autodiscover Service. http://www.microsoft.com/download/en/details.aspx?id=28355

Troubleshooting Microsoft Lync Server 2010 Clients: Help Desk Resource
This resource is for first-level help desk agents who support Microsoft Lync Server 2010 clients. Note: The .zip file contains both the print documentation and the Help file. http://www.microsoft.com/download/en/details.aspx?id=7373

Microsoft Lync Server 2010 Reference: Call Data Recording and Quality of Experience Database Schema
This document describes the call detail recording (CDR) and the Quality of Experience (QoE) databases schemas in Microsoft Lync Server 2010. http://www.microsoft.com/download/en/details.aspx?id=18099

Microsoft Lync Server 2010 Reference: Group Chat Database Schema
This document describes the Group Chat database schema in Microsoft Lync Server 2010. http://www.microsoft.com/download/en/details.aspx?id=21632

Microsoft Lync Server 2010 Security Guide
The Security Guide provides guidelines for assessing and managing security risks to your Lync Server 2010 deployment. http://www.microsoft.com/download/en/details.aspx?id=2729

Migrating from Office Communications Server 2007 R2 to Lync Server 2010
This document provides guidance from migration from Office Communications Server 2007 R2 to Microsoft Lync Server 2010. http://www.microsoft.com/download/en/details.aspx?id=9109

Migrating from Office Communications Server 2007 to Lync Server 2010
This document provides guidance from migration from Office Communications Server 2007 to Microsoft Lync Server 2010. http://www.microsoft.com/download/en/details.aspx?id=7327

Microsoft Lync Server 2010 Supportability Guide
This guide provides a central, high-level reference for supported server topologies and configurations and supported client configurations. It is also intended to answer frequently asked questions. This document identifies supported topologies, configurations, and scenarios described in detail in the Lync Server deployment and planning documentation. http://www.microsoft.com/download/en/details.aspx?id=13148

Enabling Quality of Service with Microsoft Lync Server 2010
If your Windows Server network supports Quality of Service (QoS) management, you can take advantage of this functionality to optimize media traffic in your Microsoft Lync Server 2010 deployment. This guide shows you how. http://www.microsoft.com/download/en/details.aspx?id=12633

Microsoft Lync Server 2010 Monitoring Deployment Guide
This document guides you through the process of deploying Lync Server 2010 Monitoring Server. http://www.microsoft.com/download/en/details.aspx?id=8207

Microsoft Lync Server 2010 Standard Edition Deployment Guide
This document guides you through the process of deploying Lync Server 2010 Standard Edition and configuring dial-in conferencing. http://www.microsoft.com/download/en/details.aspx?id=5317

Microsoft Lync Server 2010 Enterprise Voice Deployment Guide
This download contains two documents: Deploying Enterprise Voice at Central sites and Deploying Branch Sites http://www.microsoft.com/download/en/details.aspx?id=4816

Deploying Lync Server 2010 in a Multiple Forest Environment
This document explains how to deploy Lync Server 2010 in a multiple forest environment. http://www.microsoft.com/download/en/details.aspx?id=11300

Microsoft Lync Server 2010: Deploying Lync Server 2010 Enterprise Edition by Using the Planning Tool
This document describes the how to deploy Lync Server 2010 Enterprise Edition by using the Planning Tool. http://www.microsoft.com/download/en/details.aspx?id=8692

Microsoft Lync Server 2010 Group Chat Deployment Guide
This document guides you through the process of migrating and deploying Lync Server 2010 Group Chat Server and the related components that are required to let organizations set up searchable, topic-based chat rooms that persist over time, allowing geographically distributed teams to better collaborate with one another while preserving organizational knowledge. http://www.microsoft.com/download/en/details.aspx?id=9735

Microsoft Lync Server 2010 Remote Call Control Deployment Guide
This document describes the how to deploy remote call control in a Lync Server 2010 deployment. http://www.microsoft.com/download/en/details.aspx?id=16598

Microsoft Lync Server 2010 Edge Server Deployment Guide
This document guides you through the process of deploying Lync Server 2010 edge servers and Directors. http://www.microsoft.com/download/en/details.aspx?id=11379

Microsoft Lync Server 2010 Response Group Deployment Guide
This download guides you through the process of configuring the Response Group feature for Enterprise Voice. http://www.microsoft.com/download/en/details.aspx?id=6233

Microsoft Lync Server 2010 Active Directory Guide
This document guides you through the process of preparing Active Directory for Microsoft Lync Server 2010 and includes the Active Directory schema reference. http://www.microsoft.com/download/en/details.aspx?id=9448

Backing Up and Restoring Lync Server 2010
This document describes a methodology for backing up and restoring the data that is required for full recovery of Microsoft Lync Server 2010 services. http://www.microsoft.com/download/en/details.aspx?id=3364

Microsoft Lync Server 2010 Enterprise Edition Deployment Guide
This document guides you through the process of deploying Lync Server 2010 Enterprise Edition and configuring dial-in conferencing for Lync Server 2010. http://www.microsoft.com/download/en/details.aspx?id=9596

Microsoft Lync Server 2010 Client and Device Deployment Guide
This download guides you through the process of deploying client software and devices for Lync 2010. http://www.microsoft.com/download/en/details.aspx?id=15985

Microsoft Lync Server 2010 Group Chat Administration Guide
This document guides you through the process of administering Lync Server 2010 Group Chat Server and the related components that are required to let organizations set up searchable, topic-based chat rooms that persist over time, allowing geographically distributed teams to better collaborate with one another while preserving organizational knowledge. http://www.microsoft.com/download/en/details.aspx?id=6126

Microsoft Lync Server 2010 Announcement Deployment Guide
This download guides you through the process of configuring the Announcement call management feature for Enterprise Voice. http://www.microsoft.com/download/en/details.aspx?id=9823

Microsoft Lync Server 2010 Documentation Help File
This download contains a compiled help file (chm) of all the available Lync Server 2010 IT professional documentation on the Technical Library. http://www.microsoft.com/download/en/details.aspx?id=23888

Microsoft Lync Server 2010 Archiving Deployment Guide
The purpose of the Microsoft Lync Server 2010 Archiving Deployment Guide is to guide you through the process of deploying Lync Server 2010 Archiving Server and the related components that are required to support archiving of instant messaging and web conferencing (meeting) content. http://www.microsoft.com/download/en/details.aspx?id=4711

Microsoft Lync Server 2010 Administration Guide & Windows PowerShell Supplement
The Lync Server Administration Guide and the Windows PowerShell Supplement contain procedures and guidance for administering a Lync Server 2010 deployment. http://www.microsoft.com/download/en/details.aspx?id=13161

Uninstalling Microsoft Lync Server 2010 and Removing Server Roles
To maintain any system, you need to modify the deployment over time. An important part of maintenance is the retiring or decommissioning of existing components that you replace with different or newer components. “Uninstalling Lync Server 2010 and Removing Server Roles” includes procedures for removing server roles and decommissioning a deployment. http://www.microsoft.com/download/en/details.aspx?id=18692

Microsoft Lync Server 2010: Using Monitoring Server Reports
This document describes the how to use Monitoring Server Reports in a Lync Server 2010 deployment. http://www.microsoft.com/download/en/details.aspx?id=890

Live Meeting-To-Lync Transition Resources
Resources included in this download package are designed to support your organization’s Live Meeting Service to Lync (Server or Online) transition planning. This download will be updated with additional resources as available. http://www.microsoft.com/download/en/details.aspx?id=26494

Microsoft Lync 2010 Conferencing and Collaboration Training
Learn how to schedule, join, and manage online meetings with Microsoft Lync 2010. http://www.microsoft.com/download/en/details.aspx?id=7606

IM an Expert for Microsoft Lync Server 2010
IM an Expert is an instant messaging question and answer service that you can set up within your organization. With the IM an Expert service, you can use Microsoft Lync or the IM an Expert Welcome page to submit a question to the service. The IM an Expert service will locate an expert for you within your company and initiate an IM session between you and the expert who can answer your question. http://www.microsoft.com/download/en/details.aspx?id=8475

A Microsoft Lync Server 2010 Multi-tenant Pack for Partner Hosting Reference Architecture Case Study
Describes a case study of a real world implementation of a reference architecture for the Microsoft Lync Server 2010 Multi-tenant Pack for Partner Hosting. http://www.microsoft.com/download/en/details.aspx?id=29044

Microsoft Lync 2010 Phone Edition for Polycom CX500, Polycom CX600 and Polycom CX3000
Microsoft® Lync 2010 Phone Edition for Polycom® CX500, Polycom® CX600 and Polycom® CX3000 is the first generation of software designed specifically for the phones from Polycom to interoperate with Microsoft® Lync Server 2010. Lync Phone Edition provides traditional and advanced telephony features, integrated security, manageability and much more. http://www.microsoft.com/download/en/details.aspx?id=23866

Microsoft Lync 2010 Phone Edition for Aastra 6721ip and Aastra 6725ip
Microsoft® Lync 2010 Phone Edition for Aastra 6721ip and Aastra 6725ip is the first generation of software designed specifically for the phones from Aastra to interoperate with Microsoft® Lync Server 2010. Lync Phone Edition provides traditional and advanced telephony features, integrated security, manageability and much more. http://www.microsoft.com/download/en/details.aspx?id=18390

Microsoft Lync 2010 Phone Edition for HP 4110 and HP 4120
Microsoft® Lync 2010 Phone Edition for HP 4110 and HP 4120 is the first generation of software designed specifically for the phones from HP to interoperate with Microsoft® Lyncâ„¢ Server 2010. Lync Phone Edition provides traditional and advanced telephony features, integrated security, manageability and much more. http://www.microsoft.com/download/en/details.aspx?id=28158

Microsoft Lync 2010 Phone Edition for Polycom CX700 and LG-Nortel IP Phone 8540
Microsoft® Lync 2010 Phone Edition for Polycom® CX700 and LG-Nortel IP Phone 8540 is the next generation of software designed for the phones from Polycom and LG-Nortel to interoperate with Microsoft® Lync Server 2010. Lync Phone Edition provides traditional and advanced telephony features, integrated security, manageability and much more. http://www.microsoft.com/download/en/details.aspx?id=21644

Microsoft Lync Server 2010 Multi-tenant Pack for Partner Hosting Deployment Guide
The Microsoft Lync Server 2010 Multi-tenant Pack for Partner Hosting is an extension of Microsoft Lync Server 2010 software that is designed to allow service providers and system integrators to customize a Lync Server 2010 deployment and offer it as a service to their customers. This guide describes how to deploy and configure a basic architecture. http://www.microsoft.com/download/en/details.aspx?id=28587

Reference Architecture for the Microsoft Lync Server 2010 Multitenant Pack for Partner Hosting
Describes a reference architecture for the Microsoft Lync Server 2010 Multitenant Pack for Partner Hosting. http://www.microsoft.com/download/en/details.aspx?id=29045

Downloads

1. Lync Lync Server 2010 Hotfix KB 2493736 This download includes all available updates for Lync Server 2010. http://www.microsoft.com/download/en/details.aspx?id=11551
2. Lync 2010 Hotfix KB 2684739 (64 bit) This download includes all available updates for Lync 2010. http://www.microsoft.com/download/en/details.aspx?id=14490
3. Lync 2010 Hotfix KB 2684739 (32 bit) This download includes all available updates for Lync 2010. http://www.microsoft.com/download/en/details.aspx?id=25055
4. Microsoft Lync 2010 Training Download Package This zipped folder contains all of the available training and user education resources for Microsoft Lync 2010. The included Lync Training Plans workbook helps you choose the resources that will work best for your users. http://www.microsoft.com/download/en/details.aspx?id=9642
5. IM an Expert for Microsoft Lync Server 2010 Documentation Version 1.5 This download provides documentation for the IM an Expert for Microsoft Lync Server 2010 service http://www.microsoft.com/download/en/details.aspx?id=16104

Events/Webcasts

Core presents An Introduction to the Microsoft Cloud (Office 365 and Windows Intune)

Starts: 18 April 2012 09:30
Ends: 18 April 2012 12:45
Time zone: (GMT) GMT, London
Welcome Time: 09:00

Cloud technology – it’s all you hear about right now! But for many, it can be confusing. Core can help you make sense of it all. Join us at our Introduction to the Microsoft Cloud seminar to learn how your organization can take advantage of Microsoft’s latest cloud offerings to transform your IT infrastructure and drive your business forward! Reduce your capital expenditure and save money by paying only for the computing power you need! https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032502492&culture=en-GB

New KBs

Antigen & Forefront Microsoft Forefront Security for Exchange Server: Some default deletion messages in Forefront Security for Exchange Server may mislead a user or an administrator to assume that an error occurred or that a virus was found http://support.microsoft.com/kb/961385

Exchange

Microsoft Exchange Server 2003 Enterprise Edition

1. Exchange Server experiences performance issues when a PDC emulator is used for DSAccess or ADAcess http://support.microsoft.com/kb/298879

Microsoft Exchange Server 2007 Enterprise Edition

1. An Exchange Server 2007 Transport Rule does not work as expected http://support.microsoft.com/kb/2673160

Microsoft Exchange Server 2007 Service Pack 3

1. Exchange ActiveSync does not synchronize some Outlook contact information as expected http://support.microsoft.com/kb/2692134

Microsoft Exchange Server 2007 Standard Edition

1. Message  when you try to open an attachment in Outlook Web Access or Outlook Web App: “Right-click the link, and then click ‘Save Target As’ to save the attachment.” http://support.microsoft.com/kb/2688092

Microsoft Exchange Server 2010 Coexistence

1. Error message when you try to use Outlook Web App to access an Exchange Server 2010 mailbox: “There was a problem opening your mailbox” http://support.microsoft.com/kb/2606268
2. You cannot add mailbox database copies in Exchange Server 2010 http://support.microsoft.com/kb/2627725

Microsoft Exchange Server 2010 Enterprise

1. Event 1000, 1001, or 1002 occurs when SCOM is monitoring Exchange Server 2007 or Exchange Server 2010 http://support.microsoft.com/kb/2681932
2. Chat feature missing in Outlook Web App for Exchange 2010 http://support.microsoft.com/kb/2688771

Microsoft Exchange Server 2010 Standard

1. You cannot synchronize an Exchange ActiveSync device with a mailbox when external URLs are not resolved on an Exchange Server 2010 Client Access server http://support.microsoft.com/kb/2679228
2. Users cannot use Outlook to access their mailbox after migration to Exchange 2010 http://support.microsoft.com/kb/2688982

Lync

Microsoft Lync 2010

1. A user whose display name is in Korean cannot be found in Lync 2010 http://support.microsoft.com/kb/2661952
2. You receive a System.UnauthorizedAccessException exception when you disconnect a call in a Lync 2010 SDK-based application http://support.microsoft.com/kb/2664812
3. The Windows logoff process is delayed when Lync 2010 is started http://support.microsoft.com/kb/2666324
4. A customized Lync 2010 Help URL does not work in Lync 2010 http://support.microsoft.com/kb/2666338
5. A RTF header is displayed instead of the conversation history in the Conversation tab of Lync 2010 http://support.microsoft.com/kb/2666340
6. The time stamp that is displayed in the IM conversation windows is truncated in Lync 2010 http://support.microsoft.com/kb/2666702
7. You cannot use client policy to exclude a folder from contact search in Lync 2010 http://support.microsoft.com/kb/2666704
8. Help with Lync Server 2010 configurations for very small business http://support.microsoft.com/kb/2667699
9. Description of the cumulative update for Lync 2010: February 2012 http://support.microsoft.com/kb/2670326
10. The typing status message is not displayed when you use an IME to type double-byte characters in Lync 2010 http://support.microsoft.com/kb/2672922
11. A contact is displayed with an incorrect picture and incorrect presence information in Lync 2010 http://support.microsoft.com/kb/2672944
12. Double-byte text is transparent in desktop alerts on a computer that is running Windows XP and that has Lync 2010 installed http://support.microsoft.com/kb/2672945
13. Description of the cumulative update package for Lync 2010 for iPad: March 2012 http://support.microsoft.com/kb/2673225
14. The conversation list is not displayed correctly in the chats window after you delete a conversation in Lync 2010 for iPad http://support.microsoft.com/kb/2673304
15. Users have to manually input the user name every time that they sign in to the Lync 2010 client http://support.microsoft.com/kb/2681509

Microsoft Lync 2010 for iPhone

1. A user whose SIP URI address only contains numbers is displayed as a telephone contact in Lync 2010 for iPhone http://support.microsoft.com/kb/2672940
2. Description of the cumulative update package for Lync 2010 for iPhone: March 2012 http://support.microsoft.com/kb/2673223
3. Meetings are not shown in the Meetings tab in Lync 2010 for iPhone http://support.microsoft.com/kb/2673298
4. A deleted contact group is still displayed in Lync 2010 for iPhone http://support.microsoft.com/kb/2673303
5. “Me:” and “Missed:” are translated incorrectly in the chats window in a Korean version of Lync 2010 for iPhone http://support.microsoft.com/kb/2677215
6. Discovery address text strings are translated incorrectly on the sign-in page of the Chinese Version of Microsoft Lync 2010 for iPhone http://support.microsoft.com/kb/2677216

Microsoft Lync 2010 for Windows Phone

1. Lync 2010 for Windows Phone displays Japanese text in the Microsoft Yahei font unexpectedly http://support.microsoft.com/kb/2666321
2. Description of the cumulative update package for Lync 2010 for Windows Phone: March 2012 http://support.microsoft.com/kb/2673226
3. Lync 2010 mobile clients always prompt the user for a mobile phone number http://support.microsoft.com/kb/2685372

Microsoft Lync 2010 Group Chat

1. Description of the cumulative update for the Lync Server 2010, Group Chat Administration Tool: February 2012 http://support.microsoft.com/kb/2672318
2. Description of the cumulative update for Lync 2010 Group Chat: February 2012 http://support.microsoft.com/kb/2672325

Microsoft Lync 2010 Phone Edition

1. Description of a new feature that lets users set or change their presence information by using a telephone in Lync 2010 Phone Edition http://support.microsoft.com/kb/2666706
2. Lync 2010 Phone Edition enabled phones report 10 Mbps network link speed http://support.microsoft.com/kb/2686136

Microsoft Lync 2010 Phone Edition for Aastra 6721ip and Aastra 6725ip

1. The maximum ringer volume is too low on certain telephone products that are running Lync 2010 Phone Edition http://support.microsoft.com/kb/2666323

Microsoft Lync Server 2010 Enterprise Edition

1. “The owner of the object passed does not match the original owner.” error message when a Lync 2010 user calls a CAA access number to join a conference http://support.microsoft.com/kb/2500431

Microsoft Lync Server 2010 Enterprise Edition

1. Error message when you run the “Enable-CsAdDomain” command in a Lync Server 2010 environment http://support.microsoft.com/kb/2672929

Microsoft Lync Server 2010 Software Development Kit

1. A user cannot add a custom location to their contact information by using an application that is developed by using Lync Server 2010 SDK http://support.microsoft.com/kb/2672943

Microsoft Lync Server 2010 Standard Edition

1. “Please verify your logon credentials and try again” error message when a user signs in to Lync Server 2010 http://support.microsoft.com/kb/2637105
2. You cannot add a DFS file share as a file store in Topology Builder of Lync Server 2010 http://support.microsoft.com/kb/2666344
3. Delay processing incoming calls in Lync Server 2010 http://support.microsoft.com/kb/2666349
4. Error message when you run the Set-CsRegistrar command in Lync Server Management Shell in a Lync Server 2010 environment http://support.microsoft.com/kb/2666710
5. Error message when you run the “CsFileTransferFilterConfiguration” command in a Lync Server 2010 environment http://support.microsoft.com/kb/2666711
6. Description of the cumulative update for Lync Server 2010, Conferencing Attendant: February 2012 http://support.microsoft.com/kb/2670540
7. Text that is typed by using the right-to-left reading order is displayed by using the left-to-right reading order in the sent message pane in Lync 2010 http://support.microsoft.com/kb/2672924
8. A global client policy in which the “EnableExchangeContactSync” parameter is set to False does not work in Lync Server 2010 http://support.microsoft.com/kb/2672933
9. Federated users do not receive a meeting invitation in Lync Server 2010 http://support.microsoft.com/kb/2672935
10. A delegate cannot perform operations on behalf of the manager in a Lync Server 2010 environment http://support.microsoft.com/kb/2673299
11. A user cannot call a number that matches a normalization rule that begins with optional digits in a Lync Server 2010 environment http://support.microsoft.com/kb/2673302
12. Description of the cumulative update for Lync Server 2010, Mobility Service: February 2012 http://support.microsoft.com/kb/2675053
13. A Front End Server does not route network traffic to Lync 2010 Mobile clients if the Collocated Mediation Server option is enabled in Lync Server 2010 http://support.microsoft.com/kb/2675221
14. The Address Book service does not synchronize user information when data in the RTC database is corrupted in a Lync Server 2010 environment http://support.microsoft.com/kb/2675222
15. Microsoft Lync Server 2010, Group Chat
16. A user does not receive an invitation when the user is added to a distribution list that is a member of a chat room in Lync Server 2010, Group Chat http://support.microsoft.com/kb/2666341
17. The Channel service stops when a user signs in to a Group Chat client in Lync Server 2010, Group Chat http://support.microsoft.com/kb/2666342
18. Description of the cumulative update for Lync Server 2010, Group Chat: February 2012 http://support.microsoft.com/kb/2670342

Outlook

Microsoft Office Outlook 2003

1. Description of the Outlook 2003 Junk Email Filter update: March 13, 2012 http://support.microsoft.com/kb/2598246
2. Description of the policy for how e-mail is filtered by the junk e-mail filters in Outlook or in Exchange Server http://support.microsoft.com/kb/954199

Microsoft Office Outlook 2007

1. Description of the Outlook 2007 hotfix package (Outlook-x-none.msp): March 7, 2012 http://support.microsoft.com/kb/2597964
2. Description of the Outlook 2007 Junk Email Filter update: March 13, 2012 http://support.microsoft.com/kb/2597970
3. Outlook Anywhere cannot be disabled in Outlook 2007 and in Outlook 2010 http://support.microsoft.com/kb/2686042

Microsoft Outlook 2002 Standard Edition

1. You cannot use Outlook to complete a Microsoft Word Mail Merge http://support.microsoft.com/kb/2149769

Microsoft Outlook 2010

1. An email message body contains text that is added from previously opened email messages when you access a mailbox by using an IMAP4 client in Outlook 2010 http://support.microsoft.com/kb/2597991
2. Description of the Outlook 2010 hotfix package (x86 Outexum-x-none.msp, x64 Outexum-x-none.msp): February 28, 2012 http://support.microsoft.com/kb/2598024
3. Outlook 2010: Leave a copy of the message on the server is missing http://support.microsoft.com/kb/2671941
4. How to deploy a default email signature in Outlook http://support.microsoft.com/kb/2691977

 

While planning a rebranding effort for a client as part of a massive divestiture, we looked at how the end-user S/MIME certs would get handled once their workstations were migrated to a new forest/domain. Outlook has a nice feature built-in to publish existing certificates to the GAL. This makes it easy for users to send encrypted messages to coworkers without having to first send a digitally signed message back and forth. This is quite important to this particular client due to trade secrets and regulatory compliance.

To see the button, open Outlook, go to the Backstage, then Options>Trust Center>Trust Center Settings>E-mail Security. You can see the Publish to GAL button:

The button is visible regardless of whether the user actually has a certificate installed.

However, some users were not seeing the button, as seen below:

It turns out that in Outlook 2010, if a user has multiple MAPI accounts configured in the same Outlook profile, the button erroneously disappears. Multiple MAPI accounts is a key feature in Outlook 2010, and is real handy for people who want access to different accounts, say for administrative use, or for work and private email accounts. Outlook even supports having dedicated S/MIME certificates for each account.

I reported the issue to Microsoft, and a bug report has been created. Hopefully, this will be resolved with a hotfix soon. This isn’t the only issue I’ve found with multiple email accounts in Outlook 2010. The archiving feature takes messages from ALL of the accounts, and puts them in the SAME archive .pst file. Not good.

Microsoft has released the following update rollup for Exchange Server 2010:

• Update Rollup 5 for Exchange Server 2007 SP2 (2407132)

If you’re running Exchange Server 2007 SP2, you need to apply Update Rollup 5 for Exchange 2007 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Here is a list of the fixes included in update rollup 5:

1. MSRC 10-024 Vulnerability in Microsoft Exchange Server could allow denial of service

Download the rollup here.

Microsoft also announced that there are no plans to release further updates for Exchange Server 2007 SP2. Customers are advised to upgrade to SP3.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

Also, the installer and Add/Remove Programs text is only in English – even when being installed on non-English systems.

Note to Forefront users:

If you don’t disable Forefront before installing a rollup or service pack, and enable afterwards, you run the risk of Exchange related services not starting. You can disable Forefront by going to a command prompt and navigating to the Forefront directory and running FSCUtility /disable. To enable Forefront after installation of a UR or SP, run FSCUtility /enable.

A while back, I wrote a series at Daniel Petri’s site about Security Configuration Wizard (SCW) and Exchange 2007. The series talks about importing the files in order for the SCW to be Exchange ‘aware’. Those files, which reside in the \scripts folder, are:

1. Exchange2007.xml
2. Exchange2007_WinSrv2008.xml
3. Exchange2007Edge.xml
4. Exchange2007Edge_WinSrv2008.xml

Since that time, Microsoft has released Windows Server 2008 SP2. The SCW files that are included with Exchange won’t install on Windows Server 2008 SP2 due to a hard coded prerequisite check.

If you’re going to import the SCW files in Windows Server 2008, open each one that ends in ‘_WinSrv2008.xml’ and look for the 2nd line – which looks like this:

<SCWKBRegistrationInfo OSMajorVersion="6" OSMinorVersion="0" ServicePackMajorVersion="1" ServicePackMinorVersion="0">

Change the ServicePackMajorVersion value to “2” instead of “1”. Save the file, and you should be able to import the file using the info in my original value. Microsoft is aware of this, and working on resolving the issue.