Skip to main content


Showing posts from October, 2005

restricted groups - adding to members

for a long time, it's been thought that restricted groups in a group policy would only perform a wipe and replace of members of a local group. let's dispel this myth. what seems to be fairly unknown is that restricted groups is capable of adding members to a group without removing the existing members. for instance, let's assume we have a group called MyGroupA that needs to be in the administrators group of a set of workstations. there are two methods we can do this. the first, you're probably familiar with, which is to replace anything in the administrators group with a new set of groups or users. where is this useful? if you want to make sure that any accounts that are mysteriously added to the local admins group are removed and replaced with your set of users/groups, use this method. i won't elaborate on this since this is fairly common and understood. the other method is adding users/groups to local admins without removing the users/groups that exist. back to

exchange mp - check mailbox store availability - mapi logon test

you know, i thought... while i'm on the issue of dumb event rules, this one came up. this rule kicks off the exchange 2003 - mapi logon verification script. there's nothing wrong with the idea of this rule... the problem is wholly in the execution. for example, you probably want to know when an error occurs right? so you leave this on... the logperfdata parameter in the script allows for three different values: "0" - logs success events "1" - logs information into a performance counter "-1" - does not log so what's the problem? if you set this value to something other than 0, the exchange service availability report will not have any data when it runs. nice.

iis management pack - useless rules

i was running a couple of mom sql scripts that generate most common events and most common alerts. (if you're not doing this yet, you probably should make a point of doing this about once a week or so... just to make sure you're not getting any event storms.) anyway, turns out two rules were generating about 80,000 events in a 4 day window on one management group. it generated about 750,000 events on another management group. that's right - 750,000. i would categorize that as a complete and ridiculous oversight when MS was building this particular MP. these were picked up as "informational". i'm going to equate that to useless in this case. if you load up the IIS MP, i strongly suggest disabling the following two rules: All HTTP 400 Errors All HTTP 500 Errors you can locate these rules under this path: microsoft windows internet information services\internet information services x.x\core services\world wide web publishing service. note that the

system center stuff is available...

it's interesting how three different products in the system center suite hit different levels of beta nearly all at once. it's actually pretty cool... unless you're beta testing all of them... got some work cut out for you. mom 2005 summary reporting pack - release candidate system center reporting manager 2005 - beta system center capacity planner 2006 - public beta summary reporting pack aggregates information that exists in your mom warehouse database and essentially improves performance. reporting manager 2005 is an integration of sms and mom data into one warehouse. i don't have much experience with this or the reporting pack yet. i'll post more of my findings as i come across them. i can probably speak to capacity planner 2006 best. i attended the airlift in redmond and saw the product, talked to the product group, and in general had a very good experience over all. this version works for planning mom and exchange deployments. essentially, it comes

Availability MP

so it turns out (sorry been in seattle too long where every sentence starts with "so") the availability mp has some issues. hence it's been pulled from the microsoft website. if you have the exchange mp installed, do not install the availability mp (yet). It's going to be updated soon, though... keep your eyes open. anyway, the current version pulls out the following groups: Microsoft Exchange Server 2000 Backend Microsoft Exchange Server 2003 Backend it replaces it with the following groups: Microsoft Exchange Server 2000 Microsoft Exchange Server 2003 the only workaround right now is to re-import the exchange mp. fun.