Prevent Remote Desktop Services Interactive Logon but allow RemoteApps to run

When you enable remoteapps to run using Microsoft’s Remote Desktop Services, it is usually desirable to prevent users to logon into their Remote Desktops. A workaround of this issue is to terminate the Remote Desktop session when someone tries to login. To accomplish this, run the “Remote Desktop Session Host Configuration” application, select and right click the properties of the RDP-Tcp connection name.

Remote Desktop Session Host Configuration

Remote Desktop Session Host Configuration

Then go to Environment tab and select the “Start the following program when the user logs on:” bullet, finally type in the path of logoff.exe file, c:\windows\system32\logoff.exe.

RDP-Tcp Properties

RDP-Tcp Properties

Now, try to connect by Remote Desktop Connection to your RDS server.


Microsoft just released Remote Desktop App for iOS and Android

iOS Remote Desktop App

iOS Remote Desktop App

At last, Microsoft Remote Desktop App is available free and provides high quality remote connection to Remote Desktop Services with or without RDS Gateway implementations, RemoteApp support, Network Layer Authentication (NLA), multi-touch experience and windows gestures.

I tested remoteapps via an SSL RDS gateway (Windows 2008 R2 setup) and remote desktop connections via VPN on my iPhone and everything worked flawlessly! Good job Microsoft!

photo 1

photo 2

photo 3

Of course iPhone’s screen is very small for desktops, but iPad’s 10 inches display is ok. There is a usable zoom/touchpad function and a keyboard with windows keys as well. Check out the above pictures.

Get it now at Apple’s App Store or at Google’s Play Store. Have fun!

Reporting Mailbox Sizes on Microsoft Exchange 2010

The useful feature of displaying mailbox sizes is missing from Exchange Management Console (EMC) on MS Exchange 2010, so you cannot quickly estimate mailbox sizes on your Exchange Databases. You need to dive into powershell cmdlets to get this information. I agree that powershell cmdlets are powerful, there is no question about it. But gui is beautiful, Microsoft should have included a gui interface for this!

First of all, I am using Powershell version 2.0, since we host Exchange Services on Windows 2008 R2 platform. Before retrieving exchange information, let’s have a look on some useful utility powershell cmdlets that are extremely useful for pipelining multiple cmdlets.

  • Format-Table (alias ft): formats the output as a table
  • Get-Member (alias gm): get information about the objects that the cmdlets return (methods and properties)
  • Sort-Object (alias sort): Sort objects by property values
  • Select-Object (alias select): Selects objects or object properties
  • Import-CSV (alias ipcsv): Creates table-like custom objects from the items in a CSV file
  • Export-CSV (alias epcsv): Converts objects into a series of comma-separated (CSV) strings and saves the strings in a CSV file

We will use these cmdlets in our examples.

Get-MailboxStatistics is a basic building block to gather information about Exchange mailboxes. It returns several  information per mailbox, per database or per server. Run the following cmdlets using a different scope.

Get-MailboxStatistics -Identity <mailbox name>
Get-MailboxStatistics -Database <database name>
Get-MailboxStatistics -Server <server name>

Now run the following command to check out that mailbox objects that you can retrieve for each mailbox.

Get-MailboxStatistics -Identity <mailbox name> | Get-Member

or using the alias

Get-MailboxStatistics -Identity <mailbox name> | gm

MailboxStatistics objects

MailboxStatistics objects

There is tons of information that you can retrieve here, but usually you don’t need all these. Filter out the display items by using the Format-Table cmdlet

Get-MailboxStatistics -Identity <mailbox name> | Format-Table DisplayName, TotalItemSize

or again using the alias

Get-MailboxStatistics -Identity <mailbox name> | ft DisplayName, TotalItemSize

MailboxStatistics Filtering

MailboxStatistics Filtering

When you run Get-MailboxStatistics -database <database name> or a similar cmdlet, the information will not display clearly, you better sort the data by, let’s say, the mailbox size by running

Get-MailboxStatistics -database <database name> | sort TotalItemSize -Descending | ft DisplayName, TotalItemSize


Get-MailboxStatistics -database <database name> | sort TotalItemSize -Descending | select DisplayName, TotalItemSize –First 5

to display the top 5 mailboxes by TotalItemSize


Get-MailboxStatistics -database <database name> | sort TotalItemSize -Descending | select DisplayName, TotalItemSize | epcsv <path & export filename>

to export the data to a csv file.

Displaying mailbox sizes in bytes is not user friendly, so run the following cmdlet to display sizes in MB.

Get-MailboxStatistics -server <server name> | sort TotalItemSize -Descending | select DisplayName, StorageLimitStatus, @{label="Total Size (MB)";expression={$_.TotalItemSize.Value.ToMB()}}, @{label="Deleted Item Size (MB)";expression={$_.TotalDeletedItemSize.Value.ToMB()}}

Checkout the available methods of TotalItemSize by running the following

(Get-MailboxStatistics <mailbox name>).TotalItemSize.value | gm

TotalItemSize Methods

TotalItemSize Methods

If you need to make a mailbox size report for specific users, you can create a new file called c:\input.csv. Type in Mailbox on the first line and insert the specific mailbox names in every separate line. Save it and run the following command.

ipcsv "c:\input.csv" | ForEach-Object -Process {Get-Mailbox $_.Mailbox | select DisplayName,@{n="Size(MB)";e = {$MBXstat = Get-MailboxStatistics $; $MBXstat.totalItemsize.value.toMB()}},@{n="DeletedSize(MB)";e = {$MBXstat = Get-MailboxStatistics $; $MBXstat.totalDeletedItemsize.value.toMB()}},@{n="Items"; e = {$MBXstat = Get-MailboxStatistics $ ; $MBXstat.itemcount}},@{n="DeleteItems"; e = {$MBXstat = Get-MailboxStatistics $ ; $MBXstat.deleteditemcount}}} | epcsv "c:\output.csv"

(the example was taken from Memphis Technical Network site)

Finally, Get-MailboxFolderStatistics cmdlet breaks down the mailbox information per subfolder. Display the available objects by running

Get-MailboxFolderStatistics <mailbox name> | gm

MailboxFolderStatistics Objects

MailboxFolderStatistics Objects

Finally run

Get-MailboxFolderStatistics <mailbox name> | ft Identity, FolderSize, ItemsinFolder

to gather the folder sizes and the item count of a mailbox.

Hopefully these commands will give you a basic idea, how to use various cmdlets to format your mailbox size reports!

Run Exchange 2010 Management Console on Microsoft Windows 8 x64

I’ve got a Windows 8 x64 workstation and after installing the Exchange Management Console, I could not start it. The workaround is to create a new .cmd file, insert the following code

set COMPLUS_Version=v2.0.50727
"C:\Program Files\Microsoft\Exchange Server\V14\Bin\Exchange Management Console.msc"

save it and run it.

The first line prevents the application from requiring User Account Control (UAC) elevation by ignoring the application manifest. In Windows Vista and later, an application can be coded to require UAC elevation. If you try to run it as a non-administrator, you get asked for an administrator username and password, and if you don’t provide them the application doesn’t start.

The second line sets the environment variable called COMPLUS_Version to v2.0.50727, which forces everything after that to run in .NET 2.0.

Create a Shared Mailbox in Microsoft Exchange 2010

A shared mailbox is a common mailbox that a group of users can open to read and send e-mail messages. It allows users to share a common calendar or a shared contact list. But how to create shared mailboxes in Microsoft Exchange 2010, since the Exchange Management Console (EMC) gui does not give you such an option? If you try to create a new mailbox, the only options are: User Mailbox, Room Mailbox, Equipment Mailbox and Linked Mailbox.

New Mailbox Wizard

New Mailbox Wizard

First execute the Exchange Management Shell (EMS) from the Microsoft Exchange Server 2010 menu.

Microsoft Exchange Server 2010 Menu

Microsoft Exchange Server 2010 Menu

The shell environment opens up

Exchange Management Shellvvv

Exchange Management Shell

A. Create a new Shared Mailbox

Type in the following cmdlet:

New-Mailbox -Name <Maibox Name> -Alias <Alias> -OrganizationalUnit "<OU path>" -Database "<Database>" -UserPrincipalName <E-mail Address> -Shared

And give the appropriate permissions to the user

Add-MailboxPermission <Mailbox Name> -User "<domain\username>" -AccessRights FullAccess

Add-ADPermission <Mailbox Name> -User "<domain\username>" -ExtendedRights Send-As

For example, I will create a new mailbox called Info and setup user Secretary to have access.

New-Mailbox -Name Info -Alias info -OrganizationalUnit "mydomain.local/myCompany/myDepartment" -Database "DB1" -UserPrincipalName -Shared
Add-MailboxPermission Info -User "mydomain\secretary" -AccessRights FullAccess
Add-ADPermission Info -User "mydomain\secretary" -ExtendedRights Send-As

Full detailed syntax and parameters are in this Microsoft link.

B. Convert a User Mailbox to a Shared one

Type in the following cmdlet:

Set-Mailbox "<Maibox Name>" -Type shared

And give the appropriate permissions to the user as well

Add-MailboxPermission <Mailbox Name> -User "<domain\username>" -AccessRights FullAccess

Add-ADPermission <Mailbox Name> -User "<domain\username>" -ExtendedRights Send-As

For example, let’s suppose that we have created a user mailbox called Helpdesk and we need to convert it to a shared mailbox and give access right to user Operator.

Set-Mailbox "Helpdesk" -Type shared
Add-MailboxPermission Helpdesk -User "mydomain\operator" -AccessRights FullAccess
Add-ADPermission Helpdesk -User "mydomain\operator" -ExtendedRights Send-As

Full detailed syntax and parameters are in this Microsoft link.

The last two commands about access and send-as permissions can be configured from EMC gui, by selecting the mailbox and clicking on “Manage Send As Permission..” or “Manage Full Access Permission…” at the right pane of the window.

Access and Send-As Permissions

Access and Send-As Permissions