|
iOS Configuration FilesDid you know that you can create a file to preconfigure all different kinds of settings and restrictions for iPhone, iPad, and iPod touches?
To create this file, you need the iPhone Configuration Utility. This is a free download from Apple that work ... ( More)
iTunes Activation Only Mode
Did you know that iTunes has a special mode to quickly activate iPhone/iPad/iPod Touch devices without having to go through the initial configuration screens?
This is great for businesses and education institutions that need to provide activated ... ( More)
MAC Startup Items
Did you know that, just like on a PC, you can edit your startup items on a Mac?
The main location to check is System Preferences > Users & Groups > Login Items
Here, you can also add an item to startup. A good way to set a Mac to a ... ( More)
iOS / Mac VPNDid you know that all iOS devices (2.0 and above) and Mac Operating Systems (10.6 Snow Leopard and above) support native Cisco VPN connections?
iOS Configuration
Our iOS configuration file has all of the settings pre-baked into it.
... ( More)
iPhone Screen ShotsDid you know that you can take screenshots on your iDevice?
All you have to do is hold down the power/lock button and then push the home button. The screen will flash and the resulting image will be placed on your camera roll. From there, you can syn ... ( More)
Rogue OCS Server CleanupFound a neat little trick to figure out if there are any rogue OCS servers left in the environment.
Logged into a DC and ran the following:
ldifde -d CN=Microsoft,CN=System,DC=contoso,DC=microsoft,DC=com -f Microsoft_Container.txt
Searched for ... ( More)
Make Good use of Virtual Machine Snapshots When Patching
Virtual machine snapshots can be very useful when used properly, for instance, when applying a security update to the OS or an application update, and you want a quick way to roll back your changes if needed.
If a virtual machine has one or more ... ( More)
Moving user data between servers with RobocopyFrequently a systems administrator needs to replace a file server, whether because of aging hardware or mergers and acquisitions. There are many ways to tackle moving user data between systems, but I will focus on Robocop. I like the utility due to ... ( More)
Quickly activate iPhone/iPad/iPod Touch devices
Did you know that iTunes has a special mode to quickly activate iPhone/iPad/iPod Touch devices without having to go through the initial configuration screens?
This is great for businesses and education institutions that need to provide activated ... ( More)
What is behind OS X?Did you know that Mac OS X is just a Unix operating system with a really advanced GUI? It was built on a combination of the NeXTSTEP and BSD code bases and has evolved from there into what you see today.
As a result, many of the same commands a ... ( More)
Lync Mobile - Cloud and On PremiseMicrosoft finally released the mobile client for Windows 7 Phones, Androids, iPhones/iPADs, and the Symbian devices. Finally we can now use Lync anywhere, and those of you out there that have enabled Enterprise Voice have a host of options from dial ... ( More)
Virtualization and Moving to the CloudVirtualization and moving to the cloud are considered to be a great way to decrease the cost of IT. Server virtualization has been widely adopted with about half of all servers now virtualized. The cost savings are significant. There are savings in ... ( More)
|
|
| Manage Document Retention and Governance using SharePoint Server 2010 Information Management Policies
Governmental regulation changes in recent years have created more and more burden on organizations to demonstrate business processes for securing and managing information over extended periods of time. SharePoint Server 2010 provides an important tool for automating the process of how organizations manage and secure documents as they age over time. This feature is the Information Management Policy ("IMP"). IMPs provide a number of features for managing content, but we'll focus on one specific feature; Enable Retention.
Preparing SharePoint for IMPs
Information Management Policies can be put in place on Content Types, Lists and Libraries. Generally, deploying IMPs on Content Types will provide more standardization of how documents are managed across the organization. While IMPs can be created against out-of-the-box Content Types, it's generally a better practice to create custom "Child" Content Types that reflect the characteristics of the organization. In SharePoint, that means creating site columns and workflows that describe the way the organization organizes its information and how that information is reviewed, approved and processed, then adding these columns and workflows to the Content Type.
The SharePoint Server Term Store is a great way to create a hierarchical representation of the terms an organization uses to describe itself, its information and structure. Use Managed Metadata site columns to display specific parts of the Term Store based on the entity a Content Type represents. In this way, updates to how the organization is represented flow through to all SharePoint components associated with the change.
All custom Content Types are based on an existing Content Type. For example, an "Accounting Document" Content Type would use a "Document" content type as its parent. Add site columns to the Content type to identify Characteristics of the entity.
Once you have created your new Content Types you can add them to the appropriate lists and libraries in your Site Collection(s).
Setting up an IMP
In the Settings Page of a Content Type, Library or List there is a link for configuration of the IMP (Content Type shown here as an example) called "Information management policy settings"
Clicking this link brings you to the IMP set up page.
Setting up Retention
The key functionality the IMP brings to the implementation of a retention policy is provisioning a "timer" that automatically starts a series of actions in motion when the item reaches a specific "age". Click the checkbox next to "Enable Retention" to see the configuration settings.
Based on how you configured "Records" in your SharePoint Site Collection, you will see options to set IMPs for records or non-records (We'll discuss Records at another time). The configuration options are the same.
IMPS are configured in "Stages". You need at least one Stage. Click the "Add a retention stage" link to see the configuration settings.
The IMP can be set from any Date/Time field you set up as a column in your Content Type or Library. Using a custom column allows you to define a "starting point" for the timer that is different than the Created or Modified dates. The "Timer" length can be set in days, months or years.
Once you have set the starting point and time period, you can define what the IMP will do when the time period expires. There are several options available:
The "Start a workflow" option is used frequently to start a custom SharePoint Designer or Visual Studio workflow that automates a review or disposition process.
Additional stages can be configured to provide a multi-tier approach to how the document is treated.
Once you click OK, the IMP is saved to the Content Type (List or Library) and you are ready to manage organization information over time! |
| Did you know that you can create a file to preconfigure all different kinds of settings and restrictions for iPhone, iPad, and iPod touches?
To create this file, you need the iPhone Configuration Utility. This is a free download from Apple that works on both PC and Mac. You can download it here - http://www.apple.com/support/iphone/enterprise/.
This is particularly useful in larger deployments, or simply to automatically configure users' devices. You can deploy the file by pointing them to a file hosted on a company's website, through email, or by downloading it through USB on a computer with the iPhone Configuration Utility installed. The only downside to doing it via USB is that the iDevice will require you to encrypt your backups with a password any time you sync the device.
You can configure Passcode requirements, Restrictions, Wi-Fi, VPN, Email, Exchange ActiveSync, LDAP, CalDAV, Subscribed Calendars, CardDAV, Web Clips, Credentials, SCEP, and Mobile Device Management Settings all with this one program/file.
Apple's best practices state that it's best to create a separate configuration file for each payload you wish to configure. Separate ones for wifi, vpn, restrictions, etc. This is good if you have users that already have partial settings already configured and would like more of an a-la-carte way to get additional files. If you roll all settings into one file, and a user already has, say, VPN configured, the install will error out saying there is a duplicate VPN entry. You can install as many profiles on a device as you'd like. Just make sure under General payload configuration you change the identifier for each configuration to read similar to title.com.vpn changing the last part based on which payload you are configuring.
On the other hand, baking all settings into one file is great for large standardized deployments. It's great for setting up device restrictions as well. A few examples of device restrictions are allowing app installation, allowing the camera, allowing screen shots, allow game center, allow siri, allow in-app purchases, allow you tube, accept cookies, allow icloud services, set content rating limits on videos/music, and force encrypted backups. The full list can be found here http://help.apple.com/iosdeployment-ipcu/?lang=en#app665501b0.
The best way, in my opinion, to get these files to users already using the devices is to host them on the company's site and giving the users a link to download the file from. Once the file is opened, all the user has to do is tap Install, then confirm but tapping Install Now.
For larger standardized deployments with devices fresh out of the box, I'd suggest enabling iTunes Activation-Only Mode (http://support.apple.com/kb/HT4335), activating each device, disabling backups, then installing the profiles through the iPhone Configuration Utility itself. This was the devices can still sync, but won't prompt for a password to backup the devices.
More information and configuration help can be found on Apple's Enterprise site.
References:
http://www.apple.com/support/iphone/enterprise/
http://help.apple.com/iosdeployment-ipcu/
http://support.apple.com/kb/HT4335
|
|
Did you know that iTunes has a special mode to quickly activate iPhone/iPad/iPod Touch devices without having to go through the initial configuration screens?
This is great for businesses and education institutions that need to provide activated iOS devices to users.
Before doing this, you need to MAKE SURE to sign out of the iTunes store on whichever machine you are doing this from.
To turn on/off Activation-only Mode on Mac OS X:
Make sure iTunes isn't running and then open Terminal.
To turn activation-only mode on:
defaults write com.apple.iTunes StoreActivationMode -integer 1
To turn activation-only mode off:
defaults delete com.apple.iTunes StoreActivationMode
To turn on/off Activation-only Mode on Windows:
Make sure iTunes isn't running, and then open a Command Prompt window.
To turn activation-only mode on:
"C:\Program Files\iTunes\iTunes.exe" /setPrefInt StoreActivationMode 1
To turn activation-only mode off:
"C:\Program Files\iTunes\iTunes.exe" /setPrefInt StoreActivationMode 0
All you have to do to activate the devices is plug them into the computer. Once you see the home screen on the iDevice, you're all set.
References:
http://support.apple.com/kb/HT4335
|
|
Did you know that, just like on a PC, you can edit your startup items on a Mac?
The main location to check is System Preferences > Users & Groups > Login Items
Here, you can also add an item to startup. A good way to set a Mac to automatically mount a user's share drive is by adding it to this list. Just click the + icon, navigate to the folder you wish to mount, and click Add. Make sure to place a check box next to your newly added item to make sure it won't display every time you log onto the machine.
If there are still things that you wish to remove from startup, you can navigate to /Library/LaunchAgents/ to see the additional system startup items. There might be some leftover startup files from an application that was previously removed.
|
| Did you know that all iOS devices (2.0 and above) and Mac Operating Systems (10.6 Snow Leopard and above) support native Cisco VPN connections?
iOS Configuration
Our iOS configuration file has all of the settings pre-baked into it.
To add it manually;
1. Tap Settings
2. Tap General
3. Tap Network
4. Tap VPN
5. Tap Add VPN Configuration
6. Tap IPSec
7. In the Description field add a display name for your VPN.
8. In the Server field enter the VPN address.
9. In the Account field enter the username.
10. Leave the Password field blank. It should say "Ask Every Time"
11. In the Group Name field enter your group name (Case sensitive).
12. In the Shared Secret field enter your shared secret password.
13. Tap Save
That should be it! You should then test connectivity by tapping the VPN slider to switch VPN on. When you go to connect to the VPN, your username should populate automatically. The password varies on how your company's VPN is configured.
OSX Configuration
If you have previously used the Cisco VPN Client and want to use the native OSX client, you need to un-install all of the Cisco configs, kernel extensions, etc. To do this, just run sudo /usr/local/bin/vpn_uninstall in Terminal.
If you don't, the menu bar VPN control won't work, and will be very sluggish to click around in.
To add the connection;
1. Select the Apple on the toolbar.
2. Select System Preferences
3. Click Network
4. Click the + icon in the lower left corner to "add a new network interface"
5. Under Interface, select VPN
6. Under VPN Type, select "Cisco IPSec"
7. In the Service Name field add a display name for your VPN.
8. In the Server Address: field enter your company's server address.
9. In the Account Name: field enter the username.
10. Click Authentication Settings
11. For Shared Secret: enter your shared secret password.
12. For Group Name: enter your VPN group name (Case sensitive).
13. Click the checkbox next to Show VPN status in menu bar
14. Click Apply
When you go to connect to the VPN, your username should populate automatically. The password varies on how your company's VPN is configured.
References:
http://support.apple.com/kb/ht1424
http://support.apple.com/kb/HT1288
http://docs.info.apple.com/article.html?path=Mac/10.7/en/mchlp2963.html
|
| Did you know that you can take screenshots on your iDevice?
All you have to do is hold down the power/lock button and then push the home button. The screen will flash and the resulting image will be placed on your camera roll. From there, you can sync it back to your computer, e-mail it out, or do anything else you can do with any other photo in your camera roll. This is great for creating documentation, as you can show step-by-step directions exactly as a user would see it.
|
| Problem:
IE 9 Notification bar only showing Save or cancel when accessing .msg files in SharePoint 2010 Document library
Solution:
Open Central Administration > Select "Manage web applications"
Select the application that is hosting the document library.
Once selected "General Settings" on the ribbon should be enabled. Click on "General Settings" then select "General Settings".
Under Web Application General Settings scroll down to the section "Browser File Handling".
From there change the default value from "Strict" to "Permissive"
You should now be able to open .msg files without having to save the file first.
|
| Found a neat little trick to figure out if there are any rogue OCS servers left in the environment.
Logged into a DC and ran the following:
ldifde -d CN=Microsoft,CN=System,DC=contoso,DC=microsoft,DC=com -f Microsoft_Container.txt
Searched for the FQDN (in this case, it was contoso.microsoft.com) and found numerous objects left over from installations in the past that were never cleaned up (old server names or servers that are no longer part of OCS/Lync). Delete the objects.
Ran step 13 from here (run this only if you have existing Lync Servers running in the environment):
The process will fail, but look at the report. It will list your shiny new Lync servers but also any other servers that have OCS attributes tied to them. Find the server in DSA.msc (need to enable the ‘Users, contacts, groups, and computers as containers’ option and then find the server computer object, expand it on the left side, and delete the ‘Microsoft’ tree underneath it (make sure the objects only tie to OCS and not something else).
|
|
Virtual machine snapshots can be very useful when used properly, for instance, when applying a security update to the OS or an application update, and you want a quick way to roll back your changes if needed.
If a virtual machine has one or more snapshots and is left alone, you may end up losing data. As files change and the longer the virtual machine is allowed to run, a virtual machine snapshot will continue to increase in disk space usage. A VM may have multiple snapshots. If so, you can revert the VM state to the point in time when the snapshots were taken.
Helpful tips:
1. Delete your snapshots as soon as possible to commit current changes to the VM.
2. When using Hyper-V you must power down the VM after deleting the snapshot to commit the changes.
3. Take your snapshot with the VM powered down so you don’t have to use additional disk space when taking a snapshot of a running VM’s memory.
4. Do not revert a domain controller.
5. Do not rely on snapshots as a method of backing up your VM.
The following articles have detailed technical explanations of snapshots.
The following articles mention issues when you revert a domain controller to a snapshot.
|
| Frequently a systems administrator needs to replace a file server, whether because of aging hardware or mergers and acquisitions. There are many ways to tackle moving user data between systems, but I will focus on Robocop. I like the utility due to its flexibility (lots of switches) and it is truly robust; no matter how large a data set you throw at it, the process just goes through the files without crashing.
Let’s say we have two systems named oldServer and newServer. If we want to copy all the data and its security attributes we can use the following command on the newServer :
Robocop \\oldServer\share1 s:\folder_on_newServer /copyall /e /v /b /eta /tee /dcopy:T /w:1 /r:1 /MIR /LOG:s:\logs\share1-log.txt
The switches are explained below:
/copyall - Copies all file information, including ACLs (equivalent to /copy:DATSOU).
/e - copy empty dirs
/v - verbose output
/tee - write output to console and log file
/dcopy:T - copies dirs timestamps
/w - wait between retries, in sec
/r - number of retires after failed attempts, default is 1 000 000 000
/log+ appends existing
/mir - Mirrors a directory tree (equivalent to /e plus /purge), essentially removes files from destination that are no longer on source
/b - Copies files in Backup mode
If you are truly paranoid, you can skip the /MIR option on the first pass. As long as you remember to keep the source and destination where they should be, there is really no risk.
Several useful tips:
- You can run the utility prior to the cutoff date (first pass will take considerable amount of time); this will speed things up considerably at cutover
- If you have several shares that you need to sync up, you can run several instances of Robocop at once
- Review the log file to search for warnings/errors; Robocop can’t copy open files
- With regards to the above, you may want to disconnect all open files and disable access to the share (while you leave only the account that will run the Robocop process--probably good to do during final sync)
- Take a file count on the source and destination to compare after final run
- Sometimes you need to keep the legacy UNC path, while pointing to the new server. There may be unknown number of scripts/apps using the legacy name; this allows them to function properly while giving us more time to cleanup. Use DNS and create a cname record pointing to newServer for oldServer name. On newServer create a registry entry of type Multi-String Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters\OptionalNames, add oldServer to the new parameter (requires reboot, this allows you to connect to Windows system with another name than its configured for), lastly disable the source computer object in AD (otherwise you will get Kerberos errors; this can be done during cutover, while giving you the option to “easily” roll back)
|
Compliance Details javascript:commonShowModalDialog('{SiteUrl}/_layouts/itemexpiration.aspx?ID={ItemId}&List={ListId}', 'center:1;dialogHeight:500px;dialogWidth:500px;resizable:yes;status:no;location:no;menubar:no;help:no', function GotoPageAfterClose(pageid){if(pageid == 'hold') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+'/_layouts/hold.aspx?ID={ItemId}&List={ListId}'); return false;} if(pageid == 'audit') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+'/_layouts/Reporting.aspx?Category=Auditing&backtype=item&ID={ItemId}&List={ListId}'); return false;} if(pageid == 'config') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+'/_layouts/expirationconfig.aspx?ID={ItemId}&List={ListId}'); return false;}}, null); return false; 0x0 0x1 ContentType 0x01 898 |
|
|
|
|
|
 |
| Welcome to SharePoint Blogs. Use this space to provide a brief message about this blog or blog authors. To edit this content, select "Edit Page" from the "Site Actions" menu. |
|
|
|
|