Showing posts from March, 2019

Word experienced an error trying to open the file when accessing a DFS path

I ran into a strange issue today where Word and Excel would not open files on a user's desktop. Accessing them through regular share paths (\\server\share) would work, but DFS paths would not (\\\share). The fix was adding the domain to the IE intranet sites. Create a new GPO Enable User Configuration/Policies/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/ Site to Zone Assignment List On the table enter Value name: \\\* Value: 1

Configuring Dynamic Access Control in a Lab

Dynamic access control can be used to simplify security permission management. I mainly use role based access control to control file share access and auditing. However, that could lead to a lot of management overhead and thousands of groups in complex file share structures.  Dynamic Access Control has a bit of a learning curve, but once you understand the basic concepts it can be fairly easy to configure and deploy.  I have only tested and configured the following in a lab environment. This purpose of this article to get a better understanding of dynamic access control concepts. I will start out with some basic conditional expressions and work up to central access policies. Our environment will look similar to the diagram below. Users' access to files will be based on their attributes and the properties of the files. Pre-requisites File server that is Server 2012+  2012+ schema The File Server Resource Manager role must be installed on your file server Apply the

Fix TechNet Forums Thread Order

If you have ever been on the Technet forums you have probably been confused by the order of the responses. They all appear to be in a random order. This is because by default they are not in threaded list view. To fix it: Go to any thread and click Quick Access>My settings Under Thread Display select "Threaded list view" Now when you view Technet threads they will not be in a random order.

Folder Redirection permissions and GPO

Have an issue you can't solve? I offer consulting engagements and can be reached here: consulting[а 𝐭 ]amorales[․]org Folder Redirection allows you to store your users' documents on a file server rather than on their workstations. This results in users being able to easily access their files on any machine. This guide will show you how to securely configure folder redirection. This configuration will ensure that users only have access to their own folders. Create Share Create a share with the following settings: Folder Name:  R edirected F olders Sharing permissions Everyone - Full Control Authenticated Users - Full Control NTFS Folder Security permissions This script will set the permissions for you CREATOR OWNER - Full Control  (Apply onto: Subfolders and Files Only) System - Full Control  (Apply onto: This Folder, Subfolders and Files) Domain Admins - Full Control  (Apply onto: This Folder, Subfolders and Files) ACL_ RedirectedFolders_FullControl  

Deploying FSLogix Office 365 Containers

Have an issue you can't solve? I offer consulting engagements and can be reached here: consulting[а 𝐭 ]amorales[․]org Updated 2020-04-27 This search portion of this guide does not apply to Server 2019 since it  should roam the Windows search out of the box . However, you can still configure FSLogix to store Office 365 data.  In my experience it is best to avoid mixing FSLogix and UPDs. My recommendation is to go with FSLogix Profiles and FSLogix ODFC. If you have dealt with User Profile Disks and Office 365 then you might know about the issues with search indexing. Every time a user signs out of the RDS their index is cleared and it has to be rebuilt the next time they sign in. The index will never fully rebuild once you have 5+ users on the server since it throttles itself. Recently I discovered FSLogix which resolves this issue with minimal configuration. FSLogix creates its own UPD that it uses to store Outlook, OneDrive, and search index data. It then tricks Windows in

Configure In-Place Archive in Office 365

In Place archive moves your users' data to an archive mailbox after a set amount of time. This archive mailbox will show up under the user's main mailbox in Outlook. Before going further into this guide you need to understand the following: Retention tags: These are tags that can be applied to mail. This includes thing like "Delete draft items after 10 days", "Move Data to Archive after 5 years" Retention tags get applied to Retention policies, they are not directly applied to users There are three types of tags Default policy tags (DPTs)     These are default retention tags for the entire mailbox. Automatically gets applied Retention policy tags (RPTs)     These are for default folders. The only valid action is to delete or delete permanently. Automatically gets applied Personal tags     These tags become available in Outlook and