Sunday, April 21, 2013

SM Bus Controller VEN 8086 DEV 1E22

When setting up a new Lenovo X230 for a customer I had problems finding the correct driver for an SM BUS Controller.  The hardware had the following Vendor and Device Id's.

PCI\VEN_8086&DEV_1E22&SUBSYS_21FA17AA&REV_04


After research it turns out that this hardware matches a Intel 7 Series/C216 Chipset Family SMBus Host Controller.

To download the Intel 7 Series/C216 Chipset Family SMBus Host Controller driver please see the following website:

http://devid.info/download/56602/27

Scroll through the ads until you find 56602_Chipset_9.3.0.1019.zip (2.87 Mb)

Friday, April 19, 2013

Icons Do Not Appear in Internet Explorer 10 for RD Web Access

After upgrading to Internet Explorer 10 when accessing a 2008 R2 Remote Desktop Services (RDS) RD Web Access, we noticed the icons no longer display.


Running Internet Explorer 9, the icons display correctly:


However if you switch Internet Explorer 10 into compatibility mode, the icons also display correctly.  To enable compatibility mode click the following page icon next to the address bar.


When it turns blue in colour, this means compatibility mode is enabled and the RD Web Access icons will reappear in RD Web Access.


A bug has been logged with Microsoft on this issue.

Monday, April 15, 2013

Delegate Permissions to Change Permissions on Mailboxes - Exchange 2007

I am currently in the process of a delegation project for one of my customers running Exchange Server 2007.  My customer requires that all service desk staff members have the ability to manage Exchange recipients but can make no other changes within Exchange.  Part of the Recipient Management requires the service desk staff must have the ability to:
  • Manage Full Access Permission
  • Manage Send As Permission
By default the Exchange 2007 Exchange Recipient Administrators group does not provide the ability to manage permissions on mailboxes however this can easily be granted.

To grant Exchange Recipient Administrators the ability to change permissions on mailboxes they must have the ExtendedRights "ms-Exch-Store-Admin" in Active Directory on the Configuration Partition.  This can be granted using the following powershell command:

Add-ADPermission -Identity "CN=Exchange Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local" -User "domain\Exchange Recipient Administrators" -ExtendedRights ms-Exch-Store-Admin -InheritanceType All
Ensure you change the Exchange Org to reflect your Exchange org and the domain\ to reflect your domain's NetBIOS name.

If the permissions are not set right you will get an error similar to:

Domain\username
Failed

Error:
Failed to commit the change on object "a757e5a9-64e0-49cb-ac90-acda685c7f1c" because access is denied.

MapiExceptionNoAccess: Unable to set mailbox SecurityDescriptor. (hr=0x80070005, ec=-2147024891)

Exchange Management Shell command attempted:
Add-MailboxPermission -Identity 'CN=Domain User,OU=People,DC=domain,DC=local' -User 'DOMAIN\account.name' -AccessRights 'FullAccess'

Elapsed Time: 00:00:00

Failed to commit the change on object because access is denied.

Hope this post has been helpful.

Controlling the Auto Shared Mailbox Mapping Feature

From Exchange 2010 SP1 onwards, Exchange Autodiscover now has the ability to automatically add a mailbox to a user account which has full control of the mailbox to Microsoft Outlook.  This was done by changes made to Autodiscover and the addition of a new attribute called MSExchDelegateListLink.

From Exchange 2010 SP1 onwards, whenever you grant a user full access to a mailbox, the user which was granted full access is by default added to an attribute called MSExchDelegateListLink on the shared mailbox.  This tells Autodiscover to automatically add the mailbox to the users Outlook profile.

For example take a look at a shared mailbox called "Spam" which is responsible for holding all spam emails on my Exchange server.  As you see it has 3 accounts associated with the msExchDelegateLinkList attribute one of them being me, Clint Boessen.


 
If I only want myself to receive the spam mailbox by default, I would remove the other two accounts from this attribute.  This can also be done by powershell with the AutoMapping parameter on the Add-MailboxPermission cmdlet.
 
Add-MailboxPermission "Shared Mailbox" -User -AccessRights FullAccess -AutoMapping:$false
 
Hope you learnt something in this post.

Wednesday, April 10, 2013

Warning: Attribute userAccountControl of DC is: 0x82020

When running a DCDiag at a customer site today I had the following error occur.

Warning:  Attribute userAccountControl of DC is: 0x82020 = ( UF_PASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
This may be affecting replication?

It is a bug when we pre-create a computer account in ADUC and then promote it as DC, the UserAccountControl is set to 532512 instead of the default 532480. You need to manually set the vaulue to 532480 in ADSIEDIT.MSC.

UserAccountControl values for the certain objects:
Typical user : 0x200 (512)
Domain controller : 0x82000 (532480)
Workstation/server: 0x1000 (4096)

Change it to represent 0x82000.