Security hardening for your servers

It’s been a little while since I added a new post so I thought I would add some details of what’s current for me.

Working for a retail based company with several websites, we have to comply to PCI-DSS requirements. This essentially means we have to structure our network and servers in a ‘secure’ manner, essentially to protect any unscrupulous types from accessing our customers payment card details. Now of course not everyone has to conform to the same standards, but it’s definitely worthwhile learning a little and implementing some of the recommendations into your infrastructure as standard practice. If nothing else it will stand you in good stead in case your business does ever need to comply.

This leads me onto some handy documentation that may help you on your path to either compliance or just general good standards. This isn’t PCI-DSS specific but CIS security benchmarks have some excellent guides for server/application hardening and can be used as a great baseline for your server installations. Whether you’re using Windows, OS-X, Free-BSD or Oracle, SQL, Office. These guys have recommendations for most things and the best thing is it’s all FREE!

Let me know your thoughts and recommendations, I’m interested to hear from you.



Export multiple mailboxes with a powershell script

Need to take a copy of multiple mailboxes? I’ve had to do this in the past for various reasons such as audit/investigations etc. You’ll need to create a .csv file with the list of mailboxes you want to export. Then save the script below in a .ps1 file and store it in the same location as the .csv. You can then simply open Powershell and execute the script.

$Date = Get-Date -format “yyyyMMdd”

foreach ($user in (Import-CSV “export-mailboxusers.csv”)) { Export-Mailbox “$($user.Username)” -PSTFolderPath “M:\MailboxBackups\$($user.Username)_$($Date)_Mailbox.pst” -Confirm:$false }

This will work through the csv file and export the mailbox to the path specified (M:\Mailboxbackups in this example). The name of the file is formed from the mailbox name, date and the word mailbox i.e. Peter Egerton_20110802_Mailbox.pst. The date format can be amended as required in the first line.

List all your smtp addresses from powershell

Another one of those things that you might use once in a blue moon. I had to retrieve a list of all smtp addresses from our Exchange 2007 environment for validation. We had multiple smtp addresses for each recipient so this could have been quite a daunting task but is actually straight forward. Here’s the powershell…

Get-Mailbox | select -expand EmailAddresses | %{$_.SmtpAddress} > emailaddresses.csv

Simple really!

List all your mailbox sizes with powershell

This is one of those things that you may not use often but you are almost guaranteed to need at some point. Below is an easy powershell script/command for you to use which will export a list of all your mailboxes and their sizes, into a CSV file.

Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | ft DisplayName,@{label=”TotalItemSize(MB)”;expression={$_.TotalItemSize.Value.ToMB()}},ItemCount > MailboxSizes.CSV

This is sorted by largest mailbox first and includes the name of the mailbox, the size of the mailbox (in MB) and the number of items in each mailbox.

No cluster.log on your Windows 2008 cluster?

If you’ve been wondering where your cluster.log file is on your Windows Server 2008 cluster then you may be disappointed to find out that it no longer exists in 2008. Don’t be disheartened though as you can still generate a log file for your troubleshooting.
In an elevated command prompt (if using UAC) type the following command…

  • cluster.exe log /generate /copy:”c:\logs”

This will generate you a log file for each cluster node in c:\logs. You will then get a “Server1_Cluster.log” in the location you specified. You can change this location and/or node as you please by using the various commands supplied below. Hey Presto! You now have a log file to troubleshoot from.

This is the full list of available switches when you the “cluster.exe log” command.
C:\>cluster log /?
The syntax of this command is:

CLUSTER [[/CLUSTER:]cluster-name] LOG <options>
<options> =
/G[EN[ERATE]] [/COPY[:”directory”]] [/NODE:”node-name”] [/SPAN[MIN[UTE[S]]]:min] ]

The /SIZE must be between 8 and 1024 MB
The /LEVEL must be between 0 and 5


ConfigMgr Remote Tools problems

If you are experiencing some issues trying to use the remote tools feature of System Center Configuration Manager 2007 on some machines and also deploying to some machines, check All Status messages in ConfigMgr.

If you see the errors…

“The ConfigMgr Advanced Client received policy that could not be verified. For more information see PolicyAgent.log on the client machine.”


“The ConfigMgr Advanced Client rejected the site server signing certificate due to a trust related failure (0x800b0109).”

Try this…

On the computer in question you need to edit the registry. To do this remotely you must ensure the ‘Remote Registry’ service is running on the machine, this is started by default in Windows XP.

Open regedit on your machine, click File, Connect Network registry…

Browse the registry (of the remote machine) to the following location…

For an x64 machine – HKLM\Software\WOW6432Node\Microsoft\CCM\Security

For an x86 machine – HKLM\Software\Microsoft\CCM\Security

You will need to compare the values in the AllowedRootCAHashCode an the SigningCertificate key with a known working machine. You can then simply copy the values from the known working machine into the keys on the faulty one.

Once you have done this you will need to re-install the client ConfigMgr as normal (right click the system in All Systems collection, Install Client, Next, tick Always Install, Next Finish).

Once this is is complete you should now find your remote tools works. If the client is Vista/Windows 7 then don’t forget to stop the remote registry service again.

SCOM: An object of type MonitoringAlert with id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx was not found

I came across this one recently and found it was a pretty simple fix so I thought I should share it as it’s one of things that would annoy you otherwise.

I’ve been working with Microsoft Systems Center Operations Manager 2007 R2 to replace our existing monitoring system and I haven’t touched it for a weeks due to other work. When I came to view the Active Alerts I received the following message upon selecting some alerts:

An object of type MonitoringAlert with id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx was not found

When you access the SCOM/OpsMgr console, you cache the alerts in your profile in a file called momcache.mdb. This error relates to this cache file – the fix is to clear it.

There are 2 ways to do this:

  1. Start the OpsMgr console with the /clearcache switch.

     “C:\Program Files\System Center Operations Manager 2007\Microsoft.MOM.UI.Console.exe” /clearcache

  2. Simply delete the momcache.mdb file which can be found in the following location:

    Windows 7/Vista, Server 2008/R2


    Windows XP, Server 2003

    C:\Documents and Settings\%username%\Local Settings\Application Data\Microsoft\Microsoft.Mom.UI.Console

This should sort your problem.