Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Exchange

198K

Solutions

71K

Contributors

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Share tech news, updates, or what's on your mind.

Sign up to Post

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
0
New feature and membership benefit!
LVL 10
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
0
 
LVL 25

Expert Comment

by:Brian B
Comment Utility
For mass mailbox backups in Exchange, you should be using a proper backup and recovery system. See my post, PSTs are not reliable for that purpose.
0
 
LVL 15

Expert Comment

by:Ajit Singh
Comment Utility
Thanks for sharing this post.

I will definitely give try to your tool. However, I have tried few solutions but one which works i.e. Kernel: https://www.nucleustechnologies.com/edb-to-pst.html.

Usually, I always give preference to manual procedures specially script and I would like to share an informative article through which you can export Exchange 2010, 2013 and 2016 mailbox to PST using PowerShell cmdlet New-MailboxExportRequest: http://expert-advice.org/2017/09/export-exchange-mailboxes-pst-file-using-powershell-cmdlet/
0
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
0
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
0
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
0
Exchange Server 2016
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
2

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and, as I said, I am not an expert in the cryptography field, I asked other experts on Experts Exchange to allow me to include some of their thoughts on the matter. Thanks to btan and McKnife for all their input (I edited some out for readability, left some out for technical reasons, and included some in various places in the article). 

 

Let me preface this by saying the best prevention when it comes to any malware is up to date AV/AM software, well tested backups (yes you must test them), and safe computer usage habits. I have also incorporated some suggestions specific to ransomware prevention and more general suggestions on enhancing your computer security.

 

Encryption programs of the ransomware type are usually not virii, but rather trojans that encrypt your computer files and then the writers (thieves) demand a ransom to decrypt them. If you catch it early, there is a slight chance of decryption, but once you get the Ransomware pop-up, it is generally too late. This is because most ransomware works by silently encrypting your files and when finished it displays the ransom popup. If you either pay the ransom (not recommended) in a timely manner or restore from backup, you will probably be okay.

  

You CANNOT really trust that you will receive a working decryption key if you do pay the ransom, although it is in the financial interests of those who encrypted your files to decrypt them. Let me be clear though, I am NOT advocating paying. Generally, the cost of decrypting your files will not be worth it, nor a good idea, for several reasons:

 

  1.  In my opinion, you will NEVER be able to trust the computer again unless you do a complete reinstall of the operating system and any software. The files are not trustworthy either.
  2. The cost of buying a decryption key may be more than your files are worth (going rate, last I looked, was 10 bitcoins, you can do the conversion at preev.com, but as of this writing it is $2,752.00 -- it changes VERY frequently).
  3.  Morally it is wrong to support crooks.
  4.  Finally, although there are plenty more reasons even if you decide to pay, users have not reported that they received a working decryption key 100% of the time. As a matter of fact, many users have reported that they had trouble decrypting some files.

 

So what can you do?

  

Prevention

  

Like location in the real estate market, prevention is everything. Since, if you are successful at preventing anything from happening in the first place, you won't need to worry about anything else. I will deal primarily with methods of prevention. It has become abundantly clear, even before I spoke to others about it, that the cryptography employed in these schemes, although not impossible to break, is difficult in the extreme. So let's look at some measures you can take to protect your computer. 

 

A. BACKUP

 

First and foremost, and not only for this reason, keep good backups and test them regularly. The best backup in the world is useless if you can't restore from it when it is needed. See my article on backups and cloud backups for more information (I especially recommend versioning backups). It is essential that part of your backup routine should be to turn on previous versions/Shadow copy. This is not a difficult task, just follow these steps in Windows:

 

  1.  Click on the Start ball in the lower left corner of your screen (Windows 8 users start at step 3)
    0001---start-ball.PNG
  2. Right click on "Computer" and select properties (alternately, you can just type in system and choose the system control panel from the list). For Windows 7 users, skip to step 8.
    0002---system-search.png
  3.  For Windows 8, hover over the top right corner or swipe from the right of the screen to get the search bar.
    0010---bring-up-search-bar.jpg
  4. Click or tap on the magnifying glass symbol to open search
    0020---search-bar-opens.jpg
  5.  Click or tap on the down arrow next to Everywhere to change that to Settings
    0030---in-searrch-bar-change-to-settings
  6.  Type the word System in the search box
    0040---type-in-the-word-system.jpg
  7.  Click or tap the System control panel (in this instance the fourth one down)
    0050---choose-system-control-panel-optio
  8.  The System control panel will come up (Windows 7 or Windows 8)
    0003---system-control-panel.png
  9. Click on the "System Protection" link on the left-hand side of the control panel
  10. If you are not already there, click on the System Protection tab
    0010---system-properties-system-protecti
  11.  Look down at the Protection Settings section, all your internal hard drives and USB drives should be listed here
  12.  Click on each one you want to have system restore points and/or previous versions/Shadow Copy for and then click configure
  13.  On the next screen you will see a section for Restore settings -- there are three options. I suggest the first one
  14.  In the Disk Space Usage section, give it as much as you can afford.  The more room allotted to this, the more restore points and previous versions you will have available to you.
  15.  When you are finished click okay, okay again, save any work and reboot your computer
    0020---system-protection---system-proper
  16.  You have now enabled system restore and previous versions/shadow copy.

 

In Windows 8, turn File History on. This backs up selected directories in a Time Machine like fashion. Note that it will only work when the external drive that you designate as the file history drive is connected. And since it will only backup some directories, other measures are called for. A micro tutorial on starting and using File History can be found here. I also recommend using CrashPlan for Windows 7 or Windows 8

 

Although CrashPlan used locally is free, the cloud option is an excellent value. Another free option is DriveImageXML for Windows 7 or Windows 8. And if you are using Windows 7 don't forget to enable and use the Native backup options. I have said more than once that you can never have too many backups, or to put it more bluntly, files you don't have backed up in two other locations, are files you don't care about. (That is two locations other than your computer, at least one of these should be physically in another geographic area -- that is why cloud backup is helpful.)

  

B. NETWORK SHARES

 

This applies to the question of what to do once you have discovered the infection as well. Cryptography infections such as the ones discussed here CAN encrypt network shares that are mapped as a drive on your computer (assigned a drive letter), but they do not encrypt network shares that are either mapped using a UNC path (\\myserver\myshare) or connected to by using a shortcut.  UPDATE: It was pointed out to me that a new variant of ransomware - CryptoFortress - WILL encrypt network shares that use a UNC path.  See this article (also linked to below in the comments). Thanks to Rob Hoffman for the heads up!  So the only real defense is prevention!

  

So, the best way to be nice to whomever is taking care of the network share and, at the same time, prevent your files stored on it from being encrypted, is to NOT map it as a drive (assign it a drive letter). Either use the UNC path, or create a shortcut to the drive in question and use that. At this time it behooves me to remind system administrators and anyone else in charge of network shares that the most important part of protecting yourself and everyone who uses the share is to set permissions properly.

  

Follow the Principle of least privilege. The link will take you to explanations and best practices (if you still need them). In this way, if a user does get infected, only the directories they have write permissions to will be encrypted. If policies are set correctly, either using GPOs or the bulk version of CryptoPrevent, you will have a lot less to worry about. Also, your backup routine should be significantly more robust and incorporate better testing than the ones I have outlined here.

  

C. ANTIVIRUS/ANTIMALWARE

 

Second, have up to date AV/AM software. This will help but don't count on it. Make sure you have heuristics turned on. You also should look into EMET. EMET (Enhanced Mitigation Experience Toolkit) will help protect you from various malware and should be an integral part of your security setup.

  

D. SAFE COMPUTING

 

Third, practice safe computing (especially since crypto type trojans use social engineering to get people to download and execute them), that means

 

  •  Be very suspicious of any link that simply says "Click here." If you can't get the exact link by putting your mouse over the link, use extreme caution!
  •  DON'T ever click a link in an email -- if you trust the sender and know their account has not been hacked, type the link directly into your browser's location bar. Even better maintain a virtual machine with a browser installed for this purpose. In that way if it is a malicious link, all you need to do is exit the VM and either delete it or restore it to a previous save point (what is extremely disturbing to me, is that many times the subject line in an email is something you are expecting. One common subject, that carried an infected payload, was "Scan from a Xerox WorkCentre" -- see the most common subject lines that Cryptolocker used in the cryptolocker guide from BleepingComputer linked to at the end of this article. I immediately changed the message sent to users when they scan a document on finding this out.).
  • DON'T click links in any document or webpage unless you know exactly where it will take you. Many sites will have multiple download links. Usually the software you are looking for is linked to in smaller type and/or near the bottom of the page. I have seen several reputable sites which use Google AdWords and have ads with large download buttons that look like the download you are looking for; do not be fooled! These tend to download either download helpers you do not need or Browser helper Objects (BHOs) that purportedly help you download. Either can contain adware and may contain malware. Always look for the real link to the download you are looking for by hovering your mouse over the various download links to see where they will take you.
  •  DON'T ever click a shortened URL in Twitter or the like if you do not know the sender or it appears all by itself (such as a shortened link tweeted to you with no explanation -- if I receive one of these I automatically report the tweet as SPAM). You can often see many examples of these on Twitter.com (e.g., @yourname bit.ly/01234 or @yourname Check this out! bit.ly/01234).
  • DON'T visit websites that harbor malware, that being said, know that many websites subscribe to advertising bots that may send out something known as malvertising (malware advertising). You can get easily infected through malvertising on a legitimate site. Use a browser that protects against this, such as using an adblock plugin, or something like Cocoon for Firefox or WOT for Chrome, or best of all browse in a Virtual Machine).
  • DON'T download software from warez sites (illegal sites -- this includes illegal video and audio). I know this sounds restrictive, but weigh it against having all your most important files encrypted and essentially lost forever (think wedding pictures, birthday pics, or if you're like me and keep all your tax documents scanned in and on your computer -- those as well).

 

E. MULTI-LAYERED SECURITY

 

Fourth, use a multi-layered approach to security. You may ask, isn't this what everyone advises against? What you need to understand is that advice against using more than one AV solution means don't use more than one solution that ACTIVELY scans your files. Some applications call this on-access scanning. As long as only one application is allowed to do on-access scanning, multiple applications can run on your machine. For instance, on one of my machines I have Malwarebytes Anti Malware Pro with on-access scanning running and Microsoft Security Essentials with on-access scanning turned off (it doesn't like that, but tough). So to best protect your computer I suggest the following:

 


In terms of CryptoPrevent (free or Premium), the software is built upon the ideas in the post on CryptoLocker at bleepingcomputer.com. The CryptoPrevent program makes the necessary changes as outlined in the guide at bleepincomputer; the difference is that the program doesn't require the user to deal directly with the registry. It not only locks down execution of programs from certain directories, you can also create a whitelist of programs that are okay to run (a whitelist is a list of something that has been approved in some way -- in this case if your computer is clean the whitelist contains the names of the programs that AREN'T malware).

 

This is in comparison to a blacklist, in which you would have to list all the programs you don't want to run (for an example of a blacklist check out the host file mentioned earlier). A whitelist is not only easier to create and maintain, it is also more likely to protect you. If you use CryptoPrevent to its best advantage, you will add all current applications (assuming your system is clean -- CryptoPrevent is just that a preventative measure -- it will NOT decrypt files that have been encrypted) to a whitelist. The program will prompt you to do this. Note that the free edition does not automatically download definition updates, as stated on the bottom of the CryptoPrevent page. The author of CryptoPrevent has created several videos to show it in action. Just remember that these were made by the author:

  

CryptoPrevent vs CryptoLocker 2

CryptoPrevent in action

CryptoPrevent 2.01

 

There is also a silent video here that shows CryptoPrevent installation (latest version) on a Windows 7 64-bit machine. Another tool, released by SurfRight (now owned by Sophos), is CryptoGuard.  It should be noted that this is trialware. The software will scan your computer, tell you what needs to be deleted (you can choose what to do with each entry or take the defaults), and will then delete the various occurrences, at least until the trial runs out. CryptoGuard is more intrusive than CryptoPrevent. They work differently, assuming you are using the free version of CryptoPrevent. CP free makes some basic registry changes and enables and changes local or group security policies. CryptoGuard is more of a monitoring application. Learn more on how CryptoGuard works here.

 

I can't emphasize enough that CryptoPrevent/CryptoGuard or similar software should be just ONE facet of an overall security plan to prevent any malware infection.

 

For more general cryptography information (and a more technical bent), check out this article by Giovanni Heward: http://www.experts-exchange.com/Security/Encryption/A_12460-Cryptanalysis-and-Attacks.html

  

User MASQ has an excellent post on CTB-Locker as an answer to a question here.

 

If you are familiar with security blogs, you will be familiar with Krebs on Security. I highly suggest reading Brian Krebs' articles/posts. At any rate he has a post about how to avoid Cryptolocker here. There is also a good article on the Malwarebytes website. And there is a tool to search for and list encrypted files here (the page is also another excellent reference).

 

Bev Robb, the person who mentored me into E-E, wrote a great article about ransomware on her security blog: https://teksecurityblog.com/4-ransomware-lessons-you-need-to-learn-before-it-snags-you/. There are some great guides if you need further help located here, here, here or here.

 

It has been pointed out that this guide may give a good preventative solution.  Also, It is worth taking a look at Umbrella by OpenDNS.  They have a blog located at https://blog.opendns.com.  If you are interested you should especially check out this blog on Umbrella: https://blog.opendns.com/2013/11/06/umbrella-msps-protects-networks-cryptolocker/.

 

I have been a subscriber to the windows secrets newsletter for over a decade (possibly two), and recently their lead article was about Ransomeware and how to defend yourself against it, I received permission to link to it - ou can read it here.  Note that you may have to answer a question before reading the article.  The article was written by Susan Bradley, who is a Small business Server and Security MVP.

 

User btan pointed me to this page with a bunch of toolkits to help out.  And user Eirman suggested this article in the comments below. The article is about how harmless looking attachments might bring down certain doom. It is a must read. Btan's suggestion is also a must for anyone who has already been bitten.  Another tool for those who have been bitten was pointed out by user btan - check out the locker unlocker tool.

5
 
LVL 15

Expert Comment

by:Ajit Singh
Comment Utility
The title stated everything.

What a great piece of article! Seriously I really did enjoyed it! Well described.

Simple things you can do to protect against ransomware attacks:
http://expert-advice.org/2017/07/ways-to-protect-yourself-from-ransomware-attack/
https://www.lepide.com/blog/what-can-you-do-if-youve-become-the-victim-of-a-ransomware-attack/

Stay safe and don’t forget the best protection is always a backup.
0
 
LVL 17

Expert Comment

by:Kyle Santos
Comment Utility
Great article, Thomas.
0
New style of hardware planning for Microsoft Exchange server.
1
 
LVL 12

Expert Comment

by:Andrew Leniart
Comment Utility
Hi Abraham, I had to leave for a few days unexpectedly so apologies for the delay in editing.  I should be back in the next few days, however if you would like to have it edited sooner, please use the Request Attention option to contact a moderator who may be able to assist. Other than that, I'll get back on it first thing once I've retuned.

Regards,
Andrew
0
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP server was unavailable.
0
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
1
 
LVL 9

Author Comment

by:Sunil Chauhan
Comment Utility
0
 

Expert Comment

by:sankara parameswaran
Comment Utility
still inbox rule executing and did not provide any result. Hope it will complete and some results. we are running for office365
1
Learn Veeam advantages over legacy backup
LVL 1
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External URLs the same. IV. Addressbook download issue.
0
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
2
 

Expert Comment

by:Robinsan Shaw
Comment Utility
Thanks for the great article, Your article covers all information related to Outlook OST Files.
As Microsoft offers different Outlook version, hence to find OST file in Outlook 2010  & other Outlook Versions can be a difficult task. A User can prefer this article that can help to find Offline Storage file in various Outlook version.
0
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
4
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and External URLs the same. IV. Address book download issue.
1
 
LVL 8

Expert Comment

by:Senior IT System Engineer
Comment Utility
This is a very helpful post, thanks for sharing this great article.
0
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations using CodeTwo Exchange Rules 2010.
0
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
0
EDB Viewer
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
0
 
LVL 15

Expert Comment

by:Edwin Hoffer
Comment Utility
Hi,

Well after analyzing the write-up carefully I figured out it is framed in a brilliant way. It made me curious and I started my search on the topic. After calculating every parameter, I just found a platform where the comparison of tool was done keeping every single pre requisites in mind. So, i reckon you all should visit the site Best Exchange EDB Viewer

Thanks
0
 
LVL 10

Expert Comment

by:Marshal Hubs
Comment Utility
You can also try Stellar Phoenix Mailbox Exchange Recovery If your edb file is corrupt. The software helps you to repair corrupt edb in few easy clicks. For more information about the software, Please check this link: https://www.stellarinfo.com/edb-exchange-server-recovery.htm
0
In-place Upgrading Dirsync to Azure AD Connect
0
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
0
Are your AD admin tools letting you down?
LVL 6
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

This article explains how to install and use the NTBackup utility that comes with Windows Server.
2
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
2
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or import-export function also failed to fix the issue.
4
 

Expert Comment

by:john write
Comment Utility
<a href= "www.edbmails.com/#">EDB to PST Converter </a> repairs corrupt or damaged Exchange EDB files and restores the mailboxes into Outlook PST file. You can easily view Mailbox data from the PST files using MS Outlook application. It supports MS Exchange Server Recovery for 2003, 2007, 2010, 2013 and 2016 corrupt and unmounted database.

Recovers Calendar, Attachments, Drafts etc., from the damaged EDB files

EDB to PST Exchange server Recovery tool helps you to recover mails, images, attachments, drafts, calendar, journals, appointments, tasks, notes, etc. from the damaged EDB files. Its ease of use GUI enables you to preview recovered mail items.

– Recover / Restore only required Mailboxes
– EdbMails capability of granular / brick-level mailbox EDB to PST conversion support, will help you to recovery any desired Mailboxes data.
– Automatic handling of PST file size limit
– If the Outlook PST file reaches size limit then, EDB to PST Converter will automatically split the PST file into multiple files based on the size limitation of the Outlook PST.
– Recover Deleted Mailboxes
– Edb to PST converter can easily recover mailboxes, which have been deleted knowingly or unknowingly.
– Recover and Save as EML, MSG format
– In addition to saving the recovered data as PST file, it also allows you to save the recovered data as MSG, EML formats.

For more information please click the link: https://www.edbmails.com
0
 
LVL 15

Expert Comment

by:Ajit Singh
Comment Utility
0
Read this checklist to learn more about the 15 things you should never include in an email signature.
0
 

Expert Comment

by:Jeffry Gunawan
Comment Utility
You havent mention about giving refferal link in email signature
0
Find out what you should include to make the best professional email signature for your organization.
0
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
3
 
LVL 3

Author Comment

by:james snow
Comment Utility
Hello
Thanks for the valuable suggestions. I will definitely edit my article as per your guidelines.
Thank You
0
 
LVL 3

Expert Comment

by:Virat Singh
Comment Utility
Hey thats a nice read, i must say.
I am endorsing you.
Btw, If anyone is looking for any Outlook Tips & Tricks.
Then you might checkout this above link.
0

Exchange

198K

Solutions

71K

Contributors

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.