Friday, 15 November 2013

NTFS permissions , Read-Write-Modify but can't delete .

We had a situation where we had to provide read/write permission on root folder but full permission on sub-folders and its content.
Here is the game begun :-

Scenerio :-
User can read/write root folder but can't modify it however he/she has delete rights to perform read/write/modify/delete action on subfolders and files.

Challenge :-
These permissions were easy to provide but if the user perform delete action on root folder then nothing happen with root folder (as user has only read/write permission on it) but subfolders and files immedietly get deleted automatically. try it and you will be stunned !

Fix :-
There is no way to stop this process with NTFS permission but there is always a way to finish .. unfinished job that too with elegant manner. Here is what i did.
i created a file inside this root folder and named it (!donotdelete.txt) and removed all access rights from it.. you see the file name starts with ! and this is wildcard character, so now, whenever any user perform delete action on root folder .. a command execute to delete all subfolders and files but stuck at !donotdelete.txt because this file can't be deleted by anyone and delete command stop here itself.

Catch :- You can create any file/folder with initial letter ! to stop automatic deletion,it will work Guaranteed !.

Wednesday, 24 April 2013

SMTP Tarpitting !!

Some of you may have heard it before and some of you are asking yourself what is it ?
SMTP Tarpitting is a concept to avoid illegitimate email traffic . Now your are struggling with your mind what is an illegitimate traffic ? Illegitimate email traffic means when spammers send emails to your domain for the purpose of Directory harvest and NDR attacks.

Directory Harvest Attack :- Spammers send lots of bogus email to your domain to know the right email address. If they get NDR (550 5.1.1 User unknown) then they are sure email address does not exist and for those they don't get NDR, they start sending spam to them directly.

NDR Attacks :-  Due to non exit email in your domain , your mail server is victim of Denial of service and mail server queue starts getting filled with thousands of email and server starts responding slow.

To avoid this situation, Microsoft represent SMTP tarpitting feature which starts delay responding on spammers email and Spammers give up and go somewhere else to do same thing for another domain.

How to do this in Exchange 2003 :- You can do it on Exchange 2003 sp2 with the help of registry key.
How to do this in Exchange 2007/2010 :- By default SMTP tarpitting is enabled in both version and can be    checked through powershell command which is                                                                                       Get-ReceiveConnector | select name,tarpitinterval .
And by default 5 sec is set on both servers' Receive connector.  If you set this value 0 sec , tarpitting will be disabled automatically. 

PS:- Recipient filtering is must to be enabled, Else SMTP tarpitting is not going to work.

View Amit Rawat's profile on LinkedIn

Wednesday, 20 March 2013

Do we really need internal MX record to receive e-mail ?

Answer is NO.
There is no need to configure internal MX record to route the email because internal email traffic controlled by Active Directory.
Let’s say your domain name is and you want to know how email is getting delivered from outside world to internal mailbox. Here is the clarification
When somebody send email from internet to .first this query goes to internet DNS to resolve the domain name space and its MX record. If MX record is not exist then email will be bounced (however thru A record you can also get the email but that is no recommended and 99 % times it is not going to work) .
If MX record do exist then DNS query will resolve the name with respective A record and traffic will now move ahead to pointed IP address which is your email server ip.
Once email packet is reached to your Email server, it will get delivered to respective mailbox.
In nutshell, there is no need to configure internal MX record, simply because internal email traffic is controlled by Active Directory. MX record is recommended on External or Public DNS to speed up the DNS query.

Amit Rawat
View Amit Rawat's profile on LinkedIn

Friday, 28 December 2012

Volume shadow copy in Windows 2003 Server.

Once i have faced a challenge to access Volume shadow copy. Lets talk about it that what it is ?
Microsoft provides you a feature called Volume Shadow copy (part of Advanced backup) through which you can recover accidental deleted files and folders.
You have to activate this option on drive and then your all files and folders are safe inside this drive.
Question is how to recover those file.. I will show you what i went thru. There was Volume shadow copy  enabled on client environment as i can see that drive has enabled this feature

However i had to recover a folder inside this drive but when i go to inside this drive , and try to see the previous version option which is generally show you all snapshot backup, and voila there was nothing like that.

Now question in mind was .. how to recover it. Finally i access this drive from UNC path and Voila .. i was able to see that previous version option which provides you facility to recover the snapshots

So i was able to recover deleted folder and its file from this option.

Amit Rawat
View Amit Rawat's profile on LinkedIn

Thursday, 15 November 2012

Exchange 2010 Public Folder is not visible in Outlook and OWA ?

I have faced this issue in one of my reputed client environment. I will definetly share the public folder topology they are using but not client name :).
So client has 2 Exchange Server , 1 is in US which primary Exchange 2010 Server and other is in Australia which is secondary  or DR (Disaster Recovery) site and only comes in picture when primary one is unavailable.
Since few days their DR site was unavailable so synchronization has been stopped between both PF databases which lead to a problem that is Public folder has been inivisible(or not displaying ) from outlook and owa pane.
when user was trying to view it.. the error was , it can't display the same.
To fix the issue we followed below steps :-

a) Go to Exchange Management console .
b) opened Public Folder management Console and created new Public folder.
c) Checked at Outlook and OWA and found that new PF is visible at both place.
d) Checked the Replication tab of PF database from Public folder management console and found that they have added other site database to synchronize and now every public folder database is trying to reach that site. Hence that site was unavailable so that was the reason their public folder had become unavailable.
e) We removed that database and apply the setting.
f) We check at OWA and Oultook now all public folder were visible without any error.

Amit Rawat
View Amit Rawat's profile on LinkedIn

Thursday, 8 November 2012

Exchange 2010 database drive is full due to Transition logs.

Hi Folks,
Today i am going to discuss a scenario which i faced in a client environment, they have single exchange 2010 environment. They are new on exchange 2010 as they did transition 2 week back from Exchange 2007.
They had around 600 + mailboxes and they did moved them over night which lead to geneate heavy numbers of transition logs on Exchange 2010 and soon their exchange 2010 hard drive was full and database got dismounted. At that moment they didn't have solution what to do . Here we come in picture and followed below steps to provide them solution and got them out from this problem without loosing any data.
Before jumping into action , there are few points we all need to take care of as follows:-

a) Always take full backup of source server  before starting the transition.
b) Always take full  backup of target server after moving the mailboxes.
c) Keep thing in mind if your data size is 1 Gig.. then 1 Gig logs will be generated on source and target server.
d) If you think you don't have enough space for logs then please enable circular logging which will overwrite the logs file.(but this feature is not recommended for production

Here are the steps to fix the issue and make database up.
We had moved all logs file in another drive and then try to mount the database. Database got mounted . we immediately restart the IS service and all logs are started creating. All users outlook connections were restored.

Amit Rawat
View Amit Rawat's profile on LinkedIn

Exchange 2007 Vs Exchange 2010.

We had already discussed about Exchange 2003 vs Exchange 2007, Now lets discuss about Exchange 2007 vs Exchange 2010.
Exchange 2010 has some great features and few as same as Exchange 2007 has.
Lets talk about Exchange 2007 features in a glance..
a) 5 new roles. Edge/Hub/Cas/Mailbox/Unified.
b) Clustering CCR/LCR/SCC/SCR.
c) 50 storage capacity.
d) Outlook anywhere.
e) 32 bit for lab and 64 bit for production.
f) Exchange management console and Exchange management Shell.
There so on...

Lets talk about Exchange 2010, what are the best/new features it has.
a) No more clustering.
b) Introduced DAG (Data Availability Group).
c) only 64 bit management tool.
d) No more storage group.
e) Can make 100 databases.
f) 24x7 online defragmentation.
g) Personal Archiving.
h) Enhanceement in OWA features.

Amit Rawat
View Amit Rawat's profile on LinkedIn