Globalize Networks blog

Here are the main problem I see with rolling Google Apps out to Outlook users who are used to Exchange:

1. Access to shared calendars won’t work the same
   1. I guess you could use something like OggSync to sync public and selected private calendars, but that is kludgey compared to Exchange free/busy functionality.
   2. Using the Google Apps web interface is probably almost as good, but there is usually a lot of resistance to this thin client approach.
   3. I played around with Outlook 2003 and iCal/WebDav for free-busy info, but it was a pain to set up.  I should revisit this and see if there is a better way to do it now.
2. No Global Address Book
   1. I’m not sure how to address this.
3. No Public Folders
   1. Does anyone really use these effectively anyway? Most of the uses I’ve seen could have been done a number of different ways.

Well one client recently didn’t see a problem with going down this route.  I would definitely put my money on Google over ZImbra, OpenGroupWare, etc.

After much abuse from my associates, I have finally caved in.  I’m all for using http://Postini.com to filter out spam.  It’s cheap and it works well.  It keeps the spam off the network, and I like how it just sends a quarantine report to the end-users each day.

Of course, now we have to turn off that pesky Outlook junk mail filter:

http://office.microsoft.com/en-us/ork2003/HA011402621033.aspx

To enforce Outlook Junk E-mail Filter user interface options for users

1. In Group Policy, load the Outlook 2003 template (Outlk11.adm).
2. Under User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools | Options\Preferences, click Junk Mail.
3. Double-click Junk E-mail protection level.
4. Click the Enabled radio button to enable configuring the policy.
5. In the Select level drop-down list, select a protection level to enforce.
6. Click OK.
7. Set other policies, such as specifying to permanently delete junk e-mail messages.

(Found this http://www.myitforum.com/forums/m_148505/mpage_1/key_/tm.htm#148505 via google on “disable junk mail outlook” – thanks to kdsrazor)

Many times our clients run into the problem of sharing files with people outside the company.  Sometimes it’s just a simple matter of needing to send large files that cannot be attached to e-mail due to attachment size restrictions.  One simple (not highly secure) way to handle this is http://www.yousendit.com/.  I like this service because it’s the fastest and simplest way to send attachments up to 100 mb for FREE.  (Thanks to Shimi Ben Baruch for letting me know about this service)  You basically fill in the sender and recipient address and then upload the attachment.  The recipient receives an e-mail with an http link to the file.  SIMPLE.

A more challenging scenario is when you need to share an entire folder tree with outside users.  This is especially a problem when the files are being updated on a regular basis.  There are several things to consider here:

1. Transport security – All companies need to always think about security.  It’s just foolish to move unencrypted files over the internet.
2. User and password security – You want to be able to control and log who has access to what files and control that with individual usernames and passwords.
3. End-user Simplicity – If a solution isn’t simple, then it won’t get used.
4. Thin client – Web based solutions don’t require any installation or upgrades which make them cheaper from an admin point of view.

I’ve investigated a bunch of services and my favorite by far is http://Filesanywhere.com.  Here are some of the cool things you can do with this service when you purchase an account:

1. Send large attachments – This is not as simple for the sender as yousendit.com, but there are many more features than yousendit’s free version, such as message tracking, password protection, etc.  (Not an apples-to-apples comparison, I  admit. I might add a full comparison chart at some point.)  To send a large file, the sender logs into their filesanywhere account, uploads the file into their tree, then clicks on the share file link and fills out some parameters (limit number of downloads, limit time file is available, other cool features)
2. Synchronize files – you can even install a thick client on a file server and synchronize files between your filesanywhere account and the file server.  I know what you are thinking, there are several problems with this.
   1. Is this program going to crash and bring down my fileserver? – Probably not: I’ve run it on several systems for almost a year now and it’s never crashed.  Also it has been well maintained and updated several times during that period.
   2. Is this a security hole? – Depends: I usually allow HTTP out from the file server to get windows updates,etc.  This can be a fully encrypted and user/password protected connection, so I like the security.
   3. Will files get wiped by accident? – This is one of my primary concerns: I like to set up staging folders that are used to mirror data.  You can set it up to push only, pull only or synch (based on size, newest, etc.)

Here are some scenarios to consider:

• Data room – share due diligence with investors.  In this case, you can assemble the data to be mirrored into one tree and push to filesanywhere only.  No need to pull and all files are set to read only.  There is very little risk of server files being lost.  (I can’t think of how that would happen.)
• Project teams – share project files with partners and contractors.  In this case, you would want to make the filesanywhere files read-write and the files on the server read-write.  Probably the only way to really do this safely is to implement file versioning (oh, didn’t I mention that was available through Filesanywhere?) as well as performing periodic backups throughout the day.  Also, you can use Windows Volume Shadow Copy if you have the disk space.

You can also use this service as an online backup – but I generally disapprove of online backup and don’t think that this is the best service for this anyway (I hear mozy.com is good, but I haven’t tried it yet).  I will rant about that separately, but for now let me say – differential backups are great – how do you do PST files, SQL databases, or Exchange Information Stores?  Also, what do you do when a real disaster happens and you need to restore EVERYTHING?  How long does 150 GB of data take to download over a T1? anyway – I’ll save it for another time.

Filesanywhere claims to be: HIPAA, SOX, PCI, GLBA, ISO-27002, SAS-70 compliant and is independently audited.  I like the Multi-User Web Advanced workgroup plan.

*As with all services that I promote, I don’t receive kickbacks.  However, I might become an advertising partner at some point just because I like them and don’t mind making a buck here and there.

One problem that I sometimes face is how to help businesses manage their contact information.  This is certainly a large enough topic to warrant many articles, but one tiny step forward is to update the Global Address List with the user contact info.  Problem is that this info is only stored in the user’s AD object, so you would need to set up an admin assistant with restricted rights and teach them to use ADUC, etc. An alternate approach is to script a solution.  Of course, it would be best if the info was added when the user was created, but phone numbers aren’t always available during the initial setup and they can change.

Once the info is in the GAL, BlackBerry and WIndows Mobile users can access it too.

I looked at a bunch of tools to update existing users in AD with contact info. CSVDE, LDIFDE, etc. but it looks like DSMOD is the way to go:

1. First you need your phone list in XLS format
   1. export just the Name (should match CN from next step, for us it is “First name then last name with a space between”), telephone and mobile as a CSV to contacts.txt
2. Export users from AD into a text file
   1. dsquery user  -limit 0 > dn.txt
3. Check out this nice batch file which will find the DN for each user and output the correct DSMOD command
   1. @echo off
      for /f “tokens=1,2,3,4 delims=,” %%a in (contacts.txt) do call :check %%a %%b %%c %%d
      goto :EOF
      :check
      for /F “delims=:” %%a in (‘findstr /C:”%1 %2″ dn.txt’) do echo dsmod user %%a -tel “%3″ -mobile “%4″

More info:

http://technet2.microsoft.com/windowsserver/en/library/3558c421-ba3d-4b8f-a107-b9058cc0f2861033.mspx?mfr=true: