When you use redirected folders in SBS (or in any Windows server) by default (unless you check the box) it’s limited to only the user having access to the folder.  So if you are the admin you are prompted with a “I’m sorry, Hal, I won’t let you do this”. Now you can click through the prompt or take ownership of the folders but you might want to do this like Gerhard wanted to do.

 Using this blog post as a guide  —

How to restore Administrators’ access to redirected My Documents folders « My PKB:

The first thing you do is to download the PsExec from the PSTools.  You don’t have to download Powershell as it’s already on the box.


Copy the script below and change two things:

$StartingDir= “E:\Users\shares

The location of the redirected shares


The name and domain of the Domain admin account you want to give rights to.

Now save the file as permissions.ps1 (that’s a number 1 not a L by the way)

So download the PsExec and extract it on the box.  Then here’s the trick you have to remember.  Right mouse click on the command line icon and “run as administrator”

Now type in the command window to run the script

psexec -s -i powershell -noexit “& ‘C:\Path\To\ChangePermissions.ps1′”

And then the permissions/ownership will be changed.

And now you won’t get the “I’m sorry I won’t let you do that” when clicking on the folders.

Proactively you can change the group policy setting to not be as restrictive.

Right mouse click and edit

Under the SBS folder redirect policy (drill down under User Configuration, then Policies, then Windows Settings, the Folder Redirection

And then uncheck the “Grant the user exclusive rights to the Desktop”


The permission script is below:

====copy from here ====

# CACLS rights are usually
# F = FullControl
# C = Change
# R = Readonly
# W = Write

$StartingDir= "E:\Users\shares"



$Verify=Read-Host `n "You are about to change permissions on all" `
"files starting at"$StartingDir.ToUpper() `n "for security"`
"principal"$Principal.ToUpper() `
"with new right of"$Permission.ToUpper()"."`n `
"Do you want to continue? [Y,N]"

if ($Verify -eq "Y") {

foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
#display filename and old permissions
write-Host -foregroundcolor Yellow $file.FullName
#uncomment if you want to see old permissions
#CACLS $file.FullName

#ADD new permission with CACLS
CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL

#display new permissions
Write-Host -foregroundcolor Green "New Permissions"
CACLS $file.FullName

===== to here======

Dell Precision M90 Laptop Product Details | Dell:

Interesting issue, I had upgraded my Sister’s laptop from Vista to Windows 7 and afterwards while the wireless card driver was there and enabled, it wouldn’t connect to the interest.  I upgraded the driver to the latest and ran the diagnoses and it said that the hardware “beacon” wasn’t enabled.  Booted into the bios and disabled/reenabled the wireless and then it worked.


I’m reblogging this as even though I blogged it before, I forgot to install this hotfix on a Vista workstation we have

After you disconnect from a remote desktop session to a destination computer that is running Windows Vista or Windows Server 2008, the default printer is changed when you log on the destination computer from the console:

You disconnect from a remote desktop session to a destination computer that is running Windows Vista or Windows Server 2008. When you log on the destination computer from the console, the default printer is changed on the destination computer. For example, you may notice that there is no default printer or that the default printer is changed to another printer.

Annoying little issue.

Want to know what Mark Minasi takes in his coffee?  Milk, cream or sugar?  Want to know what Security guru  Roger Grimes really would like to do to a hacker if he met them in person?  Has Active Directory expert Laura Hunter secretly run a peer to peer network at any time in the past?  Have Exchange gods Nathan Winters and Michael B. Smith ever screwed up PowerShell commands and lived to tell about it?

Want to go to an intimite conference where you can rub elbow and buy beers of the experts, not get overwelmed by the vendor swag booths.  Want to go to a conference where you come away with your head exploding of ideas that work, not vendor promises?  Want to come back from a conference with your email contact list multiplied ten fold?  This is the conference for you.  Lurk out on the Minasi forums and you’ll see the brain power in action.  http://web2.minasi.com/forum/  It’s these folks that build a conference that they want to attend.  Check it out.  It may be one that YOU want to attend for that reason.

(not to mention there’s SBS and EBS session to boot)


Mark Minasi is proud to announce the 5th Annual Minasi Internet Forum being held in Virginia Beach, VA May 2nd – May 5th 2010.

The Minasi conference is unlike any other tech conference you’ve attended before due to its intimacy, favorable student:lecturer ratio, variety of topics and quality of instructors. The conference is organized and staffed by volunteers from Mark Minasi’s forum and includes well known veteran lecturers like Mark Minasi, Rhonda Layfield, Todd Lammle, Roger Grimes, Microsoft MVP’s and author’s such as Aidan Finn, Nathan Winters and Eric Rux and forum members who just want to share what they’re doing.

The conference has enjoyed some prestigious special guest lecturers and this year is no exception. The chance to rub elbows and ask questions in such a small environment is found only at the Minasi conference. Previous years special guests have included:

-Cisco Guru and all around nice guy, Todd Lammle
-All things Security (now featuring the Cloud), Steve Riley
-Group Policy Experts Jeremy Moskowitz and Darren Mar-Elia
-Super Scripter, Don Jones
-Internet Fixer, Roger Grimes

We invite you to join us both online and in person. Please use the navigation at the top of the page for more information about accommodations, speakers, schedule, and registration.

Still Not Convinced? Check out what our previous attendees have to say.


Sunday – May 2nd 2010

Pre-Conference event with Todd Lammle

08:30 – 12:30

12:00 PM – Conference Registration Begins

1 PM – Opening Session led by Mark Minasi

2 PM – Session 1: Mark Minasi – 10 (or more) things that you don’t know about Windows Server 2008 R2

3:15 – Break

3:30 – Eric Rux – “So, you want to be a writer, eh?:  Tips, tricks and other thoughts on getting into the writing game – with open discussion with the other authors in the audience”

4:00 – Mini Session – TBC

4:30 – Break

4:45 – Roger Grimes – Fighting off Malware, the latest attacks and ways to resist them!

6:00 – Welcome Reception in the Hunt Room

Monday  – May 3rd 2010

9:00 – Ultan Kinahan – Disaster Recovery With VMware SRM

10:15 – Laura E. Hunter – Active Directory Federation Services

11:30 – Break

11:45 – Aidan Finn – Using Virtual Machine Manager 2008 R2: How to manage Hyper-V

1:00 – Lunch (Provided)

1:45 – Claus Neilsen – Digging into PowerShell V2

3:00 – Mark Minasi – The Active Directory recycle bin.

4:15 – Break

4:30 – Expert Panel:  Project Planning, Design and Documentation (Bring Your Own Questions)

5:45 – Offsite Dinner Organized with Transportation

Tuesday – May 4th 2010

9:00 – Eric Rux – Using Windows in your Home! –  “More fun with Windows Home Server: How to use this versatile product for small business and home entertainment”

10:30  – Mini Session – TBC

11:00 – Roger Grimes – Server 2008 PKI – Certificates are becoming increasing critical – learn how to use them!

12:30 – Lunch (Provided)

1:00 – Nathan Winters – Protection and Compliance with Exchange 2010

2:15 – Break

2:30 – Michael B. Smith – Part 1 – Migrating from 2003 AD and Exchange to 2010 Exchange and 2008 R2 AD – Hands on Demonstration

3:45 – Break

4:00 – Michael B. Smith – Part 2 – Migrating from 2003 AD and Exchange to 2010 Exchange and 2008 R2 AD – Hands on Demonstration

5:30 – Dinner (on your own) at a local restaurant. Last chance to rub elbows.

Wednesday –  May 5th 2010

9:00 – Stacy Hein – SQL Server troubleshooting

10:15 – Short Session

10:45 – Break

11:00 – Joe McGlyn – A look at SBS and EBS – Doing IT right for the SME

12:15 – Closing and Lunch

1:30 – Unofficial Round Table

Robert in the comments points out a known issue with Exchange 2007 sp2 update rollup 2 that folks may need to be aware of:

“As a FYI, there was a bug in Update 2 where if you had a public folder retention setting, Exchange misinterpretted the value by a factor of 86400 (days instead of seconds) and if you value was large enough Exchange would be a integer overflow which caused all kinds of problems”

Keep in mind on a bog standard SBS 2008 migrated from a SBS 2003 this bug has no impact http://technet.microsoft.com/en-us/library/ff383368(EXCHG.80).aspx as there’s no setting for msExchOverallAgeLimit

The issue is discussed here:

Issue Exchange Server 2007 SP2 Update Rollup 2 Item Retention Period “TimeSpan overflowed because the duration is too long:

Robert / Mike – Here is some more information about the problem and some workarounds

A bug in E12 pre-SP2 RU2 saved the public folder database item retention limit in AD as number of seconds.  Store expects this value to be number of days so messages end up never expiring (technically they will expire after 100s of years).  This is fixed in SP2 RU2 (KB 969230) by using days instead of seconds but any server that had previously set this value (in seconds) will now get an overflow exception. Internally this uses the System.TimeSpan structure and hence the maximum allowed value becomes 10675199 seconds or ~123 days (Reference: http://msdn.microsoft.com/en-us/library/system.timespan.maxvalue.aspx)

If you had initially set the retention period to something greater that 123 days, OWA will not startup after applying RU2. To fix this you will need to go to the Active Directory and change the value in msExchOverallAgeLimit from seconds to days (i.e. divide the value by 86400). This change has to be made for each public folder database. There are several tools which allow you to modify the AD including ADSIEdit (http://technet.microsoft.com/en-us/library/cc773354(WS.10).aspx)

 We will be updating the required KB article with this information soon.

For about a two week period we were suffering from an annoying issue where early in the morning and late in the afternoon/evening, random workstations would suffer a tiny little drop in network connectivity.  Not enough to freak out Outlook or Word or Excel but enough to really impact any database application on the network.  That meant any Quickbooks, or major database app would drop, indicate it had a problem connecting to the network/reading the hard drive and need to be relaunched.  It was never consistent, very very random.  The needle in the haystack type of issues that you need an Information Technology partner to debug.

I may be the “SBS Diva” (the nickname given to me/stuck to me by David Coursey when he reviewed SBS 2003 in an online journal and mentioned me in the contents as Susan the “SBS Diva” in case you are wondering about the tag line on the top of the blog), but when it comes to hardware, and you start talking about back planes and raid controllers and intel mobos and model numbers of the latest HP models and I start glazing over.  I’m not the hardware diva at all, that’s for sure.  So I’m lucky that I know a local technology partner firm of Federico.net led by Jim Federico that is that trusted partner in the hardware department. 

After I had:

  • Upgraded the network firmware driver
  • Updated the bios
  • Disabled RSS and TOE in every GUI window I saw
  • Followed this http://support.microsoft.com/default.aspx/kb/951037 and disabled the NetDMA in the registry
  • Entered these commands — /netsh interface tcp set global autotuning=disabled
    netsh interface tcp set global chimney=disabled
    netsh interface tcp set global rss=disabled
  • Changed the cable to the Server
  • Changed the server to another jack
  • Saw that the existing switch was showcasing drop packets on three locations so moved them to the second switch (we had two 24 port managed switches)

  • Stuck pins in a voodoo doll of the person who invented the Internet 

I then emailed Jim and went down the list of all the things I tried and he said “let me loan you a switch we have in stock so you can rule that out”.  Knowing that this is our busy season he arrived on the next day (a Saturday) and waited patiently while we got to a time where people could easily and safely be “kicked off” the network (lunchtime) with no impact to the network.

Knock on wood, it’s now been an entire week and not a single drop.

The moral of this story is that no matter how technically savvy you think you are, every small business needs a technology partner that they count on and can trust.  Even as (or perhaps even more so) as we move to the cloud, having someone to know what works, cut through all the marketing and hype and to guide you to the proper solution is needed.

Joe comments:

  Aside from being necessary to remote into the server when the DNS service isn’t operating, do you ever find that using DNS names for devices is a bit more managable than IP addresses?  I mean, there’s a few ways you can address devices:  a)  static IP address on the device, b)  DHCP-reserved IP address, or c)  DNS name specified on the device.  I find using DNS names for printers seems to be preferable, because it pretty much dead simple to add a printer into the network, let SBS pick it up by the DNS name, and not have to preconfigure an IP port driver or set it up in DHCP.  Likewise, it doesn’t matter if SBS reassigns a new IP to it when the lease expires.

I have a wireless access point that acts as a DHCP “guest” obtains an IP address from SBS, and connected wireless PC’s get IP’s from SBS also.  I use the same option for it – specify a DNS name in the device, so I don’t have to remember if I set up an IP address on it or in SBS, and what it would be.  Names are just easier.

YMMV though.

FYI:  I have never found an instance where I needed to specify an additional DNS entry on SBS for name resolution for any device that supports specifying it in the firmware.  I once saw an old printer that did network printing but didn’t have a built-in print server that needed additional configuration though, but it was about 8 years old.

In SBS 2003 I always made sure that computers had an identifying name of the person who RWW’d into it because they never knew what they were remoting into.  So to make it easy I would name the computer a variation with the name of the person.  Now with SBS 2008 it makes no difference because you can ‘mask’ the computer so the person remoting in never ever sees the list of the workstation, they just immediately go to the computer they are assigned. 

When you VPN in from the outside on SBS 2008 one thing you’ll find is that you need to put in computername.domain.lan in the remote desktop windows.  Computername alone no longer cuts it.  I still find that I reserve IPs for computers printers and set them up with IP addresses.  I also find that I don’t remember which server is on what IP with the exception of the main SBS box.  That one I have the IP address burned into my brain, but the rest of the servers, I know them more by name than IP.  Not to mention in the Active Directory Users and Computers, which is the tool I typically go to view remotely the  event logs of the workstations, I see the servers and computers by name, not by IP.

So for me…. computers and servers I know by name

Printers, managed switches and the main SBS box I know by IP.

This hit me today.. couldn’t get the outlook mail enabled public folder contacts to show up in the contact section if my life depended on it….

Found this post:

Know this is a bit old post.  But as i just had the same problem, and no one here got a solution to why the favorites did not show up under the contacts.

After digging a bit around, i found this page http://www.outlook-tips.net/howto/commandlines.htm


Clears and regenerates the Navigation Pane for the current profile. Removes all Shortcuts and Favorite Folders. Has the same effect as deleting profilename.xml in your user directory.

Start Outlook with a switch > Start > Run > Outlook /resetnavpane

It removed the previous ‘favorites’ and when added again, it now shows the other contacts. 


 Reset the navigational pane and voila.  There’s my public folder contacts in their proper spot as favorites.

From the sometimes you just want to kill Outlook moments