1. Open the Exchange 2010 management console

2. Highlight the “HUB Transport” link under “Server Configuration”

3. Right click and create a new receive connector, name the connector “Anonymous Relay”, you want to select Custom under the connection type

4. The local network settings should have the listening IP of the Exchange server

5. Under remote network settings either enter your networks entire subnet or specific IP’s allowed to send, click finish to complete

6. To setup the correct permissions open the Exchange Management Shell and run this command -

Get-ReceiveConnector “Anonymous Relay” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

7. Now we just need to change the permission groups; select the new connector and edit the settings. On the “Permission Groups” tab check the box for “Anonymous users”

8. Thats it, now send a test to confirm settings

1. If this is windows 7, you can actually make this change from it’s recovery console without the OS Installation Disk, If it is XP, you will need the installation disk

2. Boot from the disk (or into the recovery console) and get to a command prompt.  In Windows 7, you simply have to click the button that opens the command prompt, XP requires you to go into “repair” mode after booting and launch it from there

3.  When at a command prompt, simply type in regedit to open up the registry edit program.

4.  This opens up a temporary, non-existent registry hive, you now have to mount the registry from your the windows installation that you want to edit.  Create a new folder under HKEY_LOCAL_MACHINE, the name does not matter, just name it something you can remember, in this example, we’ll call it NEW

5. Highlight the newly created folder and go to the top toolbar and select File > Load Hive and browse to C:\Windows\System32\config (or wherever the offending windows installation is located) and select the software file.

6.  The entire windows registry will be mounted under this temporary folder.  It may not be a bad idea to export a copy of the registry just in case things get messed up even more.  After this, make the necessary changes and prepare to write the changes.

7. Select the Folder we created earlier named NEW and select File > Unload Hive That’s it!  The changes will be written, and hopefully your windows installation can be saved.

To create an archive mailbox database in Exchange Server 2010 start by simply creating a new mailbox database.

Next, use the Exchange Management Shell to disable automatic mailbox provisioning on the new database.

Set-MailboxDatabase “Archive Mailboxes” -IsExcludedFromProvisioning $true

Boot from a Live CD, in my case I used Linux Mint since I had a copy laying around.

First I listed my partitions:

ls /dev/sd*

Now just do where sda1 is the partition you would like to fix:

fsck /dev/sda1

This part comes into play if you have LVM partitions, in my case I did. So I had to grab LVM. Make sure you have the networking setup on your Live disk as well as DNS and then do:

sudo apt-get install lvm2

sudo pvscan

sudo vgscan

The last command should list the at least one volume-group

Enable it or the ones you’re interested in

sudo vgchange -a y groupname

Now list the logical volumes

sudo lvscan

Your drive you’re interested in should now appear under /dev/mapper

Now do an fsck on that drive

sudo fsck /dev/mapper/logical-volume

It should see some errors and fix it.

Go ahead and Reboot, make sure to disconnect the Live disk and you should be good to go!

VMX01: Prevent virtual disk shrinking

This was a very interesting one, and I almost skipped over it, thinking that it’s not really a big deal. Here is the rundown of this issue.  According to VMWare “Shrinking a virtual disk reclaims unused space in the virtual disk. If there is empty space in the disk, this process reduces the amount of space the virtual disk occupies on the host drive.” The problem: Shrinking these disks repeatedly will cause the disk to become unavailable. Well not really a big deal since you as the admin are in control of this, well that is wrong. Disks can be shrunk from within the virtual machine and can be done by ordinary users or processes. That’s a problem; if you have a terminal server the users on that server can cause a DOS by simply doing a lot of shrinking operations, or a malicious piece of software can also cause your server to die. How hard is it to write something that can automatically do this? Not hard at all, the vmtools on the machine provides everything you need.

What about View? Well it turns out that linked clones, parents of linked clones Shrinking is disabled by default. If you created a Full virtual machine instead of a linked clone and the disk is THICK provisioned the user will be able to cause a DOS on the assigned machine.

So Harding Tip #1: Disable Disk Shrinking for your VM’s

To disable disk shrink for a virtual machine:

1. Power off the virtual machine. Do not skip this step.
2. Remove the virtual machine from the inventory.

Edit the virtual machine’s .vmx file and add the following lines:

isolation.tools.diskWiper.disable = “TRUE”
isolation.tools.diskShrink.disable = “TRUE”

So with that we are at the end of Hardening step #1 next; sniffing vMotion traffic.

“By default, the default instance of the Database Engine listens on TCP port 1433. Named instances of the Database Engine and SQL Server Compact Edition are configured for dynamic ports, which means they select an available port when the SQL Server service is started. The SQL Server Browser service helps clients identify the port when they connect.

When configured for dynamic ports, the port used by SQL Server may change each time it is started.”

So if this is your case here is how to fix it:

1. Start > All Programs > Microsoft SQL Server 2005 > Configuration Tools > SQL Server Configuration Manager

2. SQL Server 2005 Network Configuration > Protocols for SQLEXP_INSTANCE

3. TCP/IP > Properties

4. TCP Dynamic Ports

That will do the trick you can now add the SQL Server as your Event Database Server.

* Install the .NET 3.5.1 Framework

* Setup a 32bit DSN for vCenter

Install the .NET 3.5.1 Framework

1. Go to Server Manager.

2. Select “Features”

3. Click “Add Features”

4.  Expand .NET Framework 3.5.1 Features

5. Select only .NET Framework 3.5.1 (do not select WCF Activation as it will install IIS 7.5 which will cause issues with Apache Tomcat that vCenter will install later.)

Setup a 32bit DSN for vCenter

Vcenter will be looking for a 32bit DSN, so when you get to the part of the install looking for your DSN and you cannot see it, then you have created a 64bit one and need to start over by first creating a 32bit DSN.

1. Download the SQL Server Native Client (sqlncli_x64.msi) from Here. Make sure to download the _x64 version, since you are installing the 32bit client on a 64bit OS.

2. Install

3. Go Start -> Search and type “odbcad32″

4. Create the System DSN

Now you are ready to Install vCenter.