How to install Active Directory Rights Management Services

One of the best features of Active Directory in Windows server 2008 is a security tool called Active Directory Rights Management Services (AD RMS). AD RMS allows organizations to secure content such as word documents, excel spread sheets, email’s and even can be integrated in SharePoint. A user would need to be authenticated before they could access the data from any of those content sources. I know this topic has been covered before but I wanted to post the steps from my deployment of AD RMS.

A Windows Server 2008 domain is required before you begin.

On the server you will deploy AD RMS on:

  • Open Server manager
  • Expand Roles
  • Right click and select Add New Roles
  • Click Next
  • Select AD Rights management Services and click next

clip_image001

The following roles will need to be added as well.

  • Click Add Required Role Services.

clip_image002

  • Click Next

You can explore more about AD RMS on the next window by clicking any of the links. When done click next.

clip_image003

Read more

Publish a users Desktop as a RemoteAPP on RD Web Access

Have you ever needed to give a user access to their desktop on a Remote Desktop Services Server?  In my situation I had a user that was accessing an application via Remote Desktop Web Services. This user would also use Excel and pull reports from the applications database. These Excel reports would save locally on the server not the end users desktop.

I needed a quick and easy way for the user to access these reports in the event he needed to pull them back up. I also needed a way to accomplish this without confusing the user about being on his local desktop or the servers desktop. One of the requirements was also that the user was not allowed to log onto the server directly so having him access the desktop that way was not possible.

What I did was created a simple batch file that puts the user right into his desktop and then I published this batch file to the user via the RD Web Access interface. The end result is that he would get a Windows Explore window with all of his Excel files listed when he clicked on the app.

Here are the steps I took to set this up:

I created a batch file called USERNAMEDESKTOP.bat The file contained this syntax:

explorer.exe C:\Users\USERNAME\Desktop

I placed this in a central location in this case I created a folder called: example C:\RemoteAPP Scripts. I made this folder in case we need to create more scripts like this in the future.

I then went into RemoteAPP Manager and published the app to the user.

clip_image002

I then went into the properties of this app and changed the icon from the standard command prompt icon to the desktop icon.

Here is the path to the Windows icons: C:\Windows\system32\imageres.dll

clip_image003

Read more

How to manually remove AD RMS

There may be a time when an AD RMS install goes bad or you have to remove it for whatever reason. In my case this was deployed by someone else and it needed to be removed because it was not deployed correctly. RMS was not working properly to the point where you could not get into the console.

Because it was not working I could not use the traditional way to de-commission it. I had to force a removal of RMS which should always be a last resort. Here are the steps to do this:

Go and download the AD RMS toolkit from here:

http://www.microsoft.com/download/en/confirmation.aspx?id=1479

Install the AD RMS toolkit

  • Open an elevated command prompt
  • CD out to %systemdrive%:\Program Files (x86)\RMS SP2 Administration Toolkit\ADScpRegister\
  • ADScpRegister.exe unregisterscp https://rms.domain.com

image

Read more

Configure Windows to Automatically connect to VPN

I recently had a need to setup a server that would automatically connect to VPN on Windows startup. On this remote site I did not have a router with VPN tunnel capability. You will need to perform 3 tasks.

1. Create the VPN connection

2. Write a batch file to connect to VPN

3. Create a scheduled task in Windows task scheduler that will kick off the batch file at Windows start up

Here are the steps in detail:

1. Create your VPN connection

I am not going to go through all the steps of creating a VPN connection in Windows. I assume that you would not be reading this post if you did not already know how to create a basic VPN connection. However there is a setting in the VPN connection that you will want to set. This setting is:

  • On the VPN connection Options tab set the Redialing options. Select Redial if the line is dropped. This will attempt to reconnect the VPN connection if it detects that it has lost the connection. This is helpful if the internet connection drops and comes back.

clip_image001

2. Create a VPN auto connect batch file.

It should consist of

cd C:\Windows\System32\

rasdial.exe “MY VPN” “DOMAINNAME\USERNAME” “PASSWORD

Replace “DOMAINNAME\USERNAME” “PASSWORD” with your own. Save this batch file on your %systemdrive%. When you are done you should have a AUTOVPN.bat file.

Read more

Restore Exchange 2007 using Windows Backup

When I first started working with Exchange I could not find any information that lays out step by step or in an easy to follow format on how to backup and restore mailboxes in Exchange 2007 that have been backed up by Windows backup that comes with Server 2008. I went through the hassle of figuring out these steps. I want to share these 5 steps through this blog post. In this post we are working on Small Business Server 2008 so everything is on the same server.

1. RESTORE THE STORAGE GROUP FROM BACKUP

  • Launch Windows Backup. Click on Recover and restore your Exchange data to an alternate location. Be sure to document the location you restore to. This is going to restore your Exchange .edb and all the log files. The steps in the wizard are below in the form of screen shots.

Read more

Setup & configure a certificate authority on Windows Server 2008

So you host a bunch of internal SharePoint sites, Websites and other internal web applications. You want to secure them with SSL but you cannot afford a certificate from a third party certificate authority right now.  I am going to walk you through installing a new CA, request a certificate, approve a certificate and then install a certificate.

CA Install:

 

Go to start and click on “Server Manager”

Select ”Roles”

 

Click on “Add Roles”

 

Select “Certificate Services” and click next

 

I typically choose “Certification Authority” and “Certification Authority Web Enrollment” and click next

NOTE: I choose the web enrollment so I can request certificates and download them from the web browser.

Read more

How to setup VPN Access on Server 2008

In this post I will cover how to setup and configure a Windows 2008 server as a VPN server. There are several different steps and configurations that need to be done. There are 4 parts to this setup that I will walk through.

Part #1 Installing NPAS and RRAS:

Open Server Manager and open roles

 

 

Click on add roles and add the Network Policy and Access Services role (NPAS)

Click next on the informational screen

On the role services screen choose Routing and Remote Access Services (RRAS) and click next

 

On the next screen click install

When it is done it will give you a screen telling you if it installed successfully or failed

If it was successful click close and choose to restart when it prompts you

Read more

App crashes on Vista/Server 08

So I have had certain software crash under Vista or 2008 Server while other applications on the same machine work just fine. Here is one of the errors I see:

Problem signature:
Problem Event Name: BEX
Application Name: EXECUTABLE.exe
Application Version: 1.7.1.0
Application Timestamp: 4896b682
Fault Module Name: StackHash_3884
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Offset: 002ca978
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6001.2.1.0.16.7
Locale ID: 1033
Additional Information 1: 3884
Additional Information 2: b68e6d6fa0c9967afbd16b6d0b9e4ef4
Additional Information 3: 6276
Additional Information 4: a9fd8ecff73ec5510247cf946efdd405

This could be caused by copy protection. Here is how I resolved it:

Read more