Posts

Showing posts from March, 2019

Word experienced an error trying to open the file when accessing a DFS path

Image
I ran into a strange issue today where Word and Excel would not open files on a user's desktop. Accessing them through regular share paths (\\server\share) would work, but DFS paths would not (\\company.com\share).



The fix was adding the domain to the IE intranet sites.


Create a new GPOEnable User Configuration/Policies/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Site to Zone Assignment ListOn the table enter Value name: \\company.com\* Value: 1

Configuring Dynamic Access Control in a Lab

Image
Dynamic access control can be used to simplify security permission management. I mainly use role based access control to control file share access and auditing. However, that could lead to a lot of management overhead and thousands of groups in complex file share structures. 

Dynamic Access Control has a bit of a learning curve, but once you understand the basic concepts it can be fairly easy to configure and deploy. 

I have only tested and configured the following in a lab environment. This purpose of this article to get a better understanding of dynamic access control concepts. I will start out with some basic conditional expressions and work up to central access policies.

Our environment will look similar to the diagram below. Users' access to files will be based on their attributes and the properties of the files.
Pre-requisitesFile server that is Server 2012+ 2012+ schemaThe File Server Resource Manager role must be installed on your file serverApply the following GPO to your Do…

Fix TechNet Forums Thread Order

Image
If you have ever been on the Technet forums you have probably been confused by the order of the responses. They all appear to be in a random order. This is because by default they are not in threaded list view.

To fix it:


Go to any thread and click Quick Access>My settings Under Thread Display select "Threaded list view" Now when you view Technet threads they will not be in a random order.

Folder Redirection permissions and GPO

Image
Folder Redirection allows you to store your users' documents on a file server rather than on their workstations. This results in users being able to easily access their files on any machine.
This guide will show you how to securely configure folder redirection. This configuration will ensure that users only have access to their own folders.
Create Share Create a share with the following settings: Folder Name: RedirectedFoldersSharing permissionsEveryone - Full ControlAuthenticated Users - Full Control NTFS Folder Security permissionsThis script will set the permissions for youCREATOR OWNER - Full Control (Apply onto: Subfolders and Files Only)System - Full Control (Apply onto: This Folder, Subfolders and Files)Domain Admins - Full Control (Apply onto: This Folder, Subfolders and Files)ACL_RedirectedFolders_FullControl - Full Control (Apply onto: This Folder, Subfolders and Files)(Optional) creating this group will allow you(or your helpdesk) to access all of the users' documentswit…

Deploying FSLogix Office 365 Containers

Image
Updated 2019-06-27

If you have dealt with User Profile Disks and Office 365 then you might know about the issues with search indexing. Every time a user signs out of the RDS their index is cleared and it has to be rebuilt the next time they sign in. The index will never fully rebuild once you have 5+ users on the server since it throttles itself.

Recently I discovered FSLogix which resolves this issue with minimal configuration. FSLogix creates its own UPD that it uses to store Outlook, OneDrive, and search index data. It then tricks Windows into thinking that it is stored on the local machine rather than on a UPD. The result is the index working immediately for all users.
This solution also works even if you do not have UPDs. For instance, let's say that you have roaming profiles which is causing a spike in disk usage since the OSTs need to be stored on all of your RDS servers.
With FSLogix you can reduce your disk usage by only having to store the data in one place.
Deployment A…

Configure In-Place Archive in Office 365

Image
In Place archive moves your users' data to an archive mailbox after a set amount of time. This archive mailbox will show up under the user's main mailbox in Outlook.
Before going further into this guide you need to understand the following: Retention tags:These are tags that can be applied to mail. This includes thing like "Delete draft items after 10 days", "Move Data to Archive after 5 years"Retention tags get applied to Retention policies, they are not directly applied to usersThere are three types of tagsDefault policy tags (DPTs)    These are default retention tags for the entire mailbox.Automatically gets appliedRetention policy tags (RPTs)    These are for default folders. The only valid action is to delete or delete permanently.Automatically gets appliedPersonal tags    These tags become available in Outlook and Outlook Web App. Users can use the…