North East Bytes - a Microsoft technology usergroup in North East England.

Powered by Squarespace


It’s almost IT Forum time! (Part 1)

I haven’t posted as much as I might have liked recently – that’s partly because I’m splitting what blogging time I have between here and my team’s blog, but mostly because I’ve been offline a fair amount around the birth of my son! :-) I’m now getting back into work and getting caught up on everything. As well as looking forward to getting home to our new addition every day, it’s that time of year again, to look forward to IT Forum, or to use its “Sunday name”: Microsoft TechEd EMEA 2008 – IT Professionals in Barcelona.

In my opinion there’s no more useful way for an IT Pro, working with Microsoft products, to spend a week (in work terms, of course!). The opportunities to learn about new products, meet with your peers and put your questions to experts is far better value than any training course I’ve been on. Add to that the fact that it’s Barcelona, which is a great city, and you’ve got a brilliant event. Actually, I have been known to say to people that even if you weren’t interested in the technical content, the logistics of the event are pretty breathtaking when you look at it!

This year I’m going with two colleagues who are first timers (this is my 4th TechEd/IT Forum, the first was in Amsterdam, another great city, and this will be my 3rd time in Barcelona). I’ve been talking to the guys about the event and answering their questions and realised that it would be a good topic for a blog post in case other first time attendees are looking for tips.

First bit of advice: arrive the day before the conference starts. If you’re flying in to Barcelona, Microsoft will have event staff at the airport to meet you and transport you to the conference venue. UPDATE: The event FAQs have been updated to state that there won’t be delegate transport to the CCIB from the airport. They have provided good information on travel options from the airport, so be sure to read them or the Joining Instructions page. Then you can register for the conference on the Sunday (between 10:00 and 20:00), avoiding the long lines are the registration desks on the Monday, and pick up your complementary travel pass. This will get you on the metro (underground rail network)/bus/tram into the city and you’ve got the rest of the day to explore and check in to your hotel.

On the subject of hotels, I prefer to get one in the middle of the city, rather than near the conference venue.  If you’re near Placa de Catalunya and La Rambla, you’re only a half hour to the venue anyway, but you’ll be near more restaurants and things to see/do in the evenings. Better to have that journey to the conference in the morning and a short walk back to your hotel after dinner/drinks in the evening, than a short walk in the morning and having to find your way back at night if you decide to venture past the hotel bar.

I was asked whether you need much money (bearing in mind we use a different currency, so have to change it in advance or use cards with their associated charges). Going on past experience, I’d say not. If you’ve arrived the day before you’ll want to eat, but once the conference starts, you don’t need to buy much food, especially if you have breakfast included at your hotel. The conference venue will have snacks available all day: fruit, pastries and others, with refrigerators in every corridor providing Coke, Sprite, OJ, water, etc . Each day there’s a hot buffet lunch served for everyone (this is where the impressive logistics come in!). Even if you intend to attend one of the lunchtime panel sessions, you should still have time to grab a hot meal and I’ve always found the food to be great (considering the scale of the operation to feed thousands of people in 90 minutes).

After the sessions have finished on the first day, there’s usually a drinks reception in the Exhibition Hall, which is the first opportunity to grab free schwag, and you’ll probably get by on canapés that evening. Another evening, you’ll be invited to one of the separate county parties. If there isn’t a party specifically for delegates from your country, you should be able to find your way in to one of them. Last year the UK party took over a pretty cool club and provided drinks and food platters a plenty. Being in UK Higher Education, we’re fortunate enough to be invited to a dinner on one of the other evenings, and last year saw the first PowerShell Dinner (although I’m afraid to say that I missed it, having not checked one of my many email accounts and not seeing the invitation until the day after!). I have heard someone say that’s the best reason to go, so I think invites may be hard to come by this year – if you’re active in a specific technical community, it may be worth checking to see if they’re having any events during the conference.

In Part 2, I’ll talk about making the most of the conference sessions and the time in between…


Pin a HyperText Application (HTA) to the Vista Start Menu

This is probably obvious to anyone who has done any amount of work with HTAs (which I’ve got to say, I haven’t used much, but quite like for some things), but took a little bit of head scratching here…

If you want to pin a shortcut to an HTA to Vista’s Start Menu, you can’t just create a shortcut to the .hta file. The shortcut has to be to the HTA engine (mshta.exe), with the .hta file as a parameter.

If you want to script the pinning, check out the guidance here and here (thanks to Shepy and stahler for tweeting those links).


Enumerate Exchange Public Folder Client Permissions for a User/Group

Today I've been consolidating some AD groups as we've unhelpfully accumulated four different groups for the members of our IT department over the years. Seemingly two of these groups have been used to set permissions on various Exchange Public Folders, so I've been looking at which Public Folders each group had permission on. Fortunately, this is very easy to do in PowerShell...

First I'm setting a couple of variables. The first is the name of the group (or you could do the same for a user) that we're interested in. The second is the point in the Public Folder structure where we're starting searching. If you want to look at the whole structure, just use "\", but if you have a lot of Public Folders that's going to take a while, and if you know, like I did here, that the "IT Staff" group is only going to have permissions on folders underneath the IT department's top level folder, you can just look at that branch of the tree.

#requires -pssnapin Microsoft.Exchange.Management.PowerShell.Admin
$groupname = "IT Staff"
$publicfoldersearchroot = "\IT"
-publicfolder $publicfoldersearchroot -Recurse |
%{$folder = "$($_.parentpath)\$($";
-PublicFolderClientPermission $_ |
%{if($_.user -match $groupname){"$folder ($($_.AccessRights))"}}}


This results in output like this:


\\IT (Reviewer)
\IT\Admin\Health&Safety (Reviewer)
\IT\Admin\Forms (Reviewer)
\IT\Admin\Forms\Payroll (FolderVisible)
\IT\Customer Services (Reviewer)
\IT\Customer Services\Projects (Reviewer)
\IT\Equipment Bookings (Author)
\IT\General Information (PublishingAuthor)
\IT\Mail Lists (Reviewer)


This might be all you need, although if you're going to do something programmatically with the output (you'll want to format it differently, but...) be careful with that double \ on the first line of the output. It's there because the parentpath is "\". It's easy enough to trap and remove it.


Who needs vowels anyway?!

I am, very openly, a gadget fan - always have been - and for a long time, my preferred online source of gadget news has been Engadget. I'm also very much into listening to podcasts, so the Engadget podcast was definitely on my list of must-listen-to shows until it dried up about a year ago, having been not exactly weekly for a while before that. Seems that hosts Peter Rojas and Ryan Block were just too busy to find a matching slot in both their schedules to record it, which was a shame.

Ever since Pandora was blocked for users outside North America, one of my main sources of music in the office has been Peter Rojas' ad-supported online record label - RCRD LBL. I'm a big fan of the site (and one of my favourite tracks of the last couple of years has come from there - George Pringle's Carte Postale). If you like music, you've got to check out RCRD LBL - it's all free to download, so there's no reason not to!

Following on with the theme of scrapping the vowels, the two guys are back to working together with a new venture called gdgt.

In their own words: "gdgt is the new consumer electronics site by Peter Rojas and Ryan Block -- the guys behind Engadget and Gizmodo. We're still prepping things (no, this isn't the final site!), but we've got a weekly podcast you can listen to in the meantime." Peter says gdgt isn't a gadget blog, so it'll be interesting to see what the site turns into!

I listened to the first episode of the gdgt podcast this morning on the way to work and it was instantly like the last year without the Engadget podcast never happened. :-) Peter and Ryan said that episode 2 will be netbook-heavy, which is great because I'm toying with the idea of getting one - I'm putting off my decision until I've had a chance to listen to what they say.

Glad I didn't miss @Veronica's tweet about this!


Setting AD logon hours in PowerShell

Or "How to disable an AD user account and still allow delivery to their Exchange mailbox"...

I'd meant to blog about this some time ago, but was eventually reminded when Richard beat me to the punch last week with his post about setting AD logon hours in PowerShell - read Richard's post first, then come back here... ;-)

We make extensive use of logon hours on our accounts, but rather than using Richard's method of setting the value, we have a collection of what I call template accounts, and we copy the values from them. We've got one template that's setup for "always allowed", one for "never allowed" and another template for "custom" logon hours.

To use those, I do something like this: (NB. THIS CODE NO LONGER WORKS. SEE THE UPDATE BELOW)

#requires -pssnapin Quest.ActiveRoles.ADManagement
Get template user logon hours
$userLogonHoursEnabled = Get-QADUser enabledtemplate | Select LogonHours
$logonHours = $userLogonHoursEnabled.logonHours
# Set logon hours on user in variable $username
Get-QADUser $username | Set-QADUser -ObjectAttributes @{logonHours = $logonHours}


So, why would we do that? Well, two reasons really...

We never actually disable a user account; instead we'll set the logon hours to never allow logon when we want to block someone's access. The reason for that is that disabling a user in the traditional way stops delivery to their mailbox. That may be desirable in some organisations, but we only disable for disciplinary reasons and they usually get access back pretty quickly, and we don't want them to miss some vital message that was sent in the meantime.

Secondly, by using that third, "custom" template, we can give someone permission to alter the logon hours on that template account using the GUI, so that they don't have to work out the numbers for the bytes and, more importantly, don't need access to change the PowerShell script; they can just run the script to apply the custom template to a collection of accounts.


The PowerShell code above was written with an old version of Quest's AD cmdlets. While I'd noticed this, I hadn't got round to changing my code before Jonathan Medd from the Get-Scripting Podcast contacted me and said that he'd discussed the above example with some of the excellent folk from the PowerShell community on the forums. Together they've come up with solutions that work with the current version of the Quest AD cmdlets ( in both PowerShell version 1 and V2 (as it currently stands at CTP2).


Rather than me re-posting here, check out the thread on the forums so you can see where the credit should lie (with Shay, Aleksandar and Andrey).