Monday, March 24, 2014
Article 12 |Links and information
Article 11 |Links and information
Article 10 | PowerShell
article 007 | PowerShell
article 006 | PowerShell
Article 005 | Exchange Online
Article 004 |Exchange Online
Article 003 | Exchange Online + | Powershell
article 002 | SharePoint Online
Article 001 |SharePoint Online
Sunday, March 23, 2014
Test 005
003
oo2
Before we begin
The Office Configuration Analyzer Tool (OffCAT) is a very useful troubleshooting tools that can help us to detect and solve issues related to office installations and particularly outlook. Regarding issues\problems that related to outlook, there are many symptoms such as: Outlook slow performance, mail that doesn’t send with restarting outlook, re prompt of authentication windows, calendar issues and so on.
When we try to start a troubleshooting process the main challenge is the element or to pinpoint the “factor” that is the case for the problem. For example, the “factor” that could cause outlook problems could be: 3 party outlook add-in\plugins, lack of software updates, corruption of outlook cache file (OST file), antivirus applications, and network problem and so on.
The good news is that we can use the OffCAT tool as a key tool for finding the case (and the solution) in the process of troubleshooting outlook problems.
How does the OffCAT tool work?
The concept of the OffCAT tool is based on an interesting idea: the Microsoft office support team create an “office troubleshooting database” that include a documentation and description of
- Problems and causes related to Microsoft office.
- Solution and recommendation for solving or dealing with this issues.
When we use the “scan” option of the OffCAT tool, OffCAT scan the local workstation and collect information about the “desktop environment” and the selected office component (outlook in our example) that includes: OS settings, registry settings, software updates, outlook database, outlook settings and so on.
Using the information that was collected from the scan, the OffCAT tool access the “office troubleshooting database” and try to allocate “well known issues” or “best practice” solution related to the information that was collected from the local user desktop.
Although the use of OffCAT tool is quite easy and straight forward, I would like to emphasize to workflow processes in an “outlook troubleshooting process”
We need to install the OffCAT tool on each of the user desktops that that report about outlook problems.
The “OffCAT Scan process” will collect information and based on the “unique information” that was collected from the user desktop, provide a comprehensive report that include the information about the local desktop\outlook settings + a suggestion for an optional solutions. Most of the time, the “solution suggestions” include a link to a technical article with details information or link to required software fix that could solve the outlook issue.
In case that the suggested solution helps us to solve the outlook problem, then “everybody is happy”. If not, we can send all of the information that was collected by the OffCAT tool to the office 365 support team for further examination and Analysis ( we will review how to use the option of: OffCAT XML report in the section Reading and exporting the OffCAT report file )
Download and install the OffCAT tool
The download and the install process of Office Configuration Analyzer Tool (OffCAT) are very simple.
Step 1 - Download Office Configuration Analyzer Tool
You can download OffCAT by using the following link: Office Configuration Analyzer Tool (OffCAT) ( http://www.microsoft.com/en-us/download/details.aspx?id=36852)
- Click on the Download option
- In the next window choose the option: OffCAT.MSI
Step 2 - install the Office Configuration Analyzer Tool
- On the Welcome to the Microsoft office configuration analyzer tool setup wizard click on the Next button
- On the license agreement window choose the option: I agree
- On the Select Installation Folder window, Leave the default setting and click on the Next button
- On the confirm installation windows, click on the Next button
- On the installation complete windows, click on the close button
How to start an OffCAT scan
The “OffCAT scan process” collect information about the local desktop (OS environment setting and office product such as: outlook settings) and in the last step, present the "Findings" that include recommendations and solution for existing problems or for preventing future problems.
After the installation is completed, you can find the icon of the OffCAT 1.0 on the start menu.
When we turn on the OffCAT, the best practice is to use the option of: “check for update”. As mention before, the OffCAT uses an “office will know issue database” that include a description of this issues and suggested solutions. This database is updated frequently and this is the reason for using the “update” option.
Click on the option: check for updates now
Click on the option: Start a scan
In the following screenshot we can see that the OffCAT is designed to help us with the troubleshooting process of all office products. In this article we will focus on the “outlook scan” option.
Under the section: select an office application to scan, choose the option: outlook
The OffCAT can execute two types of outlook scans: Full scan, that require to “turn on” outlook and offline scan. The preferred option is the Fill scan because, using this option we can get more detailed information about the specific outlook mail profile (outlook can include more than one mail profile) and additionally we get detected issues that appear only when the outlook mail client is turned-on.
In the following screenshot we can see that the OffCAT recognize that the outlook is not running.
(You can see that the recommendation is: “please start outlook and click here when done, or choose Offline scan in the Task drop-down list).
In the following screenshot we can see the OffCAT windows when outlook is running. We will need to provide a name to the scan. The OffCAT can save all of the scan results that was executed, and we can ask the see the result of a former scans.
- In the Enter the scan label text box enter the name of the scan
- In the Task section, the default scan is: Full Scan
- Click on the: Start scanning option
The scan process could take a couple of minutes. When the scan process end we can choose to see the scan result (and the offered solution) by choosing the option: View a report of this configuration scan or save the result of the scan result by choosing the option: Export this scan.
In the following screenshot, we can see all of the different “sections” that was examined such as: Add-ins (Microsoft and third party) and third-party modules, Application event log and many more (The scan process includes 21 “sections”).
Because of the large number of “sections” that are scanned, we cannot present all of the sections in a single screenshot. For this reason, I attached an additional screenshot that include the rest of the “sections”:
How to read\use the OffCAT scan results
In this part we review the result of the scan. The screen looks a little bit “crowded”, so let examine the different parts:
The upper menu (Number 1) enables us to choose the “style” of the report. The default option is: List reports and we can choose the option of: Tree reports. An additional option that we can use is the: other report, which enable us to see result of a former report (scans).
The second level menu (Number 2) is a “pre defend view” (filter) that enable us to examine specific part of the information that included in the full scan report. The default view is: All issues and we can choose another type of view such as: Critical issues or Informational Items.
The report results includes many important details about existing issues and, we can spend a long time trying to provide detailed information about each of the “finding” but instead, I would like to focus on the subject of: office software updates.
From my experience, in a troubleshooting process, we should always start with the ”obvious thing” before we start to use the “heavy artillery”. The meaning is the most of the times we ignore the issue of: Required software updates but many time, installing this software update will solve a considerable part of the problem that we are dealing with.
In the following screenshot we can see that the scan result presented under the “All issues (8 items) section. One of the most important sections is: Office Updates: Installed Updates.
We can see that the OffCAT recognize that there are important outlook software updates that are missing.
When we click on one of the “information row”, we can see detailed information about the specific software update and a link that will lead us directly to the “download page”.
In the following screenshot we can see another example for an “error” that was detected by the OffCAT. In our example we can see that there is a problem with the OAB (offline address book) that was not downloaded to the local workstation.
How to Download Microsoft Hotfix
In the section I would like to quickly review the subject of: Hotfix. One of the major advantages of the OffCAT scan is the ability to recognize problems that could be solved or fix by installing software updates classified as: Hotfix. This kind of software updates doesn't included by default in the “software update database”.
Microsoft software updates that described as: “Hotfix” are a little bit different from “standard software updates”. Hotfix updates, as the name implies, are “hot” software updates (temporary) that there primary function is to fix some issue\problem, until a “formal update” will be published. I discuss the issue of the “Hotfix” because of two reasons:
- Hotfixes and Windows update
From my experience, software updates that classified as: Hotfix are not downloaded (and installed) automatically by windows update component (or WSUS server). - Manually download and install procedure
The process of: download and install software updates that classified as: Hotfix is different from a “standard software updates” because to be able to download an Hotfix, we will need to provide information about our email address and identification code. Only after the successful completion of this process, we will get a “replay mail” that include the link for downloading the required software update (the Hotfix).
In the following section we review the procedure of downloading Hotfix.
Step 1 - Access the download page
In our scenario, a missing Hotfix was discovered by the OffCAT scan. When we click on the link, we will get to a page such as the following page:
- Click on the: Hotfix download available link
Step 2 - Request for the Hotfix
In the following screenshot we can see that there are two versions for the Hotfix: 32 bit version and 64 bit version. When we dealing with Hotfixes that related to office, 99% of the time, the 32 bit version is the version that we will need. Despite of the fact that most of the modern OS are 64 bit versions, most of the Microsoft office versions are 32 bit.
- Choose the required version of the Hotfix. In our example we choose the 32 bit version.
- Enter your email address
- Type the verification code that appear on the screen and click on the option: request hotfix
The final screen is an: Hotfix confirmation that displays the email address to which the download link will be sent
Step 3 - Download the Hotfix
In the following screenshot we can see an example to a mail that was sent that include a download link for the hotfix.
Reading and exporting the OffCAT report file
In the last section we will review the process of working with the OffCAT scan. Each time we create a scan the report (the results) is saved in a report file using XML format. When we use the OffCAT for displaying the report, we can relate to the OffCAT as “XML viewer”, that enable us to display the information and a “readable” and easy way.
We can use the reports for exam scan results from former scan or we can save the scan result (export the results) to an XML file. The major use of the ability to export the scan results to an XML file is that in a scenario in which we implemented all of the required troubleshooting steps and we still have problems with outlook, we can send the scan result to the office 365 support team for further examination and analysis.
In the following screenshot we can see that at the end of the scanning process, one of the available options is: Export report.
When we choose the option of: export report, the report will be saved as an XML file.
In case that we want to export a “former” OffCAT scan results, we can use the export option by using the main menu.
- Open the OffCAT
- On the left menu option choose the option: select a scan to view
In the following screenshot we can see the name of the available OffCAT scans
We can choose the option of: view a report of this scan. In this scenario the OffCAT serve as a “viewer” for the XML file that include the scan results.
In case that we want to export the scan result, we should choose the option: Export this scan
- Released: Office Configuration Analyzer Tool (OffCAT)
- Office Configuration Analyzer Tool (OffCAT) information
- Microsoft Office Configuration Analyzer Tool 1.0
Download PDF File
You can download a PDF version of the instructions
Download
We really like to know what is your opinion on the Article
001
The mailbox Auditing include 3 levels:
- AuditOwner - information about operations\activities excited by the mailbox. owner. This audit option is not supported in Exchange Online (office 365) in the current time.
Non-Owner Mailbox Access audit
- AuditAdmin - information about operations\activities excited by the administrator for a specific mailbox.
- AuditDelegate - information about operations\activities excited by other recipients (delegated) for a specific mailbox.
The Non-Owner Mailbox Access audit is not enabled by default. The meaning is, that in case we want to use the “audit” option, we will need to “turn on” the audit. The option to audit mailbox is suitable for a scenario such as: when user complain that a mail is “disappearing” from his mailbox, and he have no idea how did this happened. Another scenario could be that we suspect the “someone” try to create unauthorized access to a user's mailbox and so on.
white space
- 1 - Enable/Disable Mailbox Audit ( Non-Owner Mailbox Access Report )
- 2 - Set the Type of Mailbox Audit + the required information
- 3 - Display information about Audit settings
- 4 - Display information about mailbox and folder permissions
- 5 - Search for information in the Audit Log
- 6 - Audit General Settings
- 7 - Download PowerShell menu script
Information and help related to PowerShell
In case that you are a novice in the PowerShell environment, you can use the following link to get more information about the “first steps” such as: downloading the required PowerShell software components, how to use the PowerShell console, running a PowerShell script, etc.Link Table |
PowerShell Naming Conventions & general information
If you want to get more information about the Naming Conventions that we use for this article and get some general tips about: how to work with the PowerShell, read the article: Help and additional information - o365info.com PowerShell articles |
Create remote PowerShell session
Before we can use the required PowerShell commands, we need to download and install the office 365 cmdlets + create remote PowerShell session to office 365 or Exchange Online. If you need more information about how to create a remote PowerShell session read the following articles: Part 2: Connect to Office 365 by using Remote PowerShell and Part 3: Connect to Exchange online by using Remote PowerShell |
How to use a PowerShell script
Most of the PowerShell articles include a PowerShell script that simplifies the use of the PowerShell commands. If you want to get more information about: How to use a PowerShell script, read the article: Connect to office 365 and Exchange online using a script |
PowerShell command and Script languish in more details
If you are new to the PowerShell world, you can read more information about PowerShell in office 365 environment in the article: The Power of PowerShell |
txt
1 - Enable/Disable Mailbox Audit ( Non-Owner Mailbox Access Report )
Enable Mailbox Audit (Non-Owner Mailbox Access Report) for a specific mailbox
Set-Mailbox <Identity> -AuditEnabled $True
Set-Mailbox John -AuditEnabled $True
Enable Mailbox Audit (Non-Owner Mailbox Access Report) for ALL mailbox’s (Bulk mode)
$UserMailboxes = Get-Mailbox -Filter {(RecipientTypeDetails -eq 'UserMailbox')} $UserMailboxes | ForEach {Set-Mailbox $_.Identity -AuditEnabled $True}
Disable Mailbox Audit (Non-Owner Mailbox Access Report) for a specific mailbox
Set-Mailbox <Identity> -AuditEnabled $False
Set-Mailbox John -AuditEnabled $False
Disable Mailbox Audit (Non-Owner Mailbox Access Report) for ALL mailbox’s (Bulk mode)
$UserMailboxes = Get-Mailbox -Filter {(RecipientTypeDetails -eq 'UserMailbox')} $UserMailboxes | ForEach {Set-Mailbox $_.Identity -AuditEnabled $False}
2 - Set the Type of Mailbox Audit + Non default Audit operations
Set Mailbox Audit – AuditAdmin
Set-Mailbox <Identity> -AuditAdmin <list of operations>
Set-Mailbox John -AuditAdmin Create,FolderBind,SendAs,SendOnBehalf,SoftDelete,HardDelete,Update,Move,MoveToDeletedItems
Set Mailbox Audit – Audit Delegate
Set-Mailbox <Identity> –AuditDelegate <list of operations>
Set-Mailbox John -AuditDelegate Create,FolderBind,SendAs,SendOnBehalf,SoftDelete,HardDelete,Update,Move,MoveToDeletedItems
Enable Audit + Set Mailbox Audit for AuditAdmin and AuditDelegate
Set-mailbox John -AuditEnabled $True -AuditDelegate Create,FolderBind,SendAs,SendOnBehalf,SoftDelete,HardDelete,Update,Move,MoveToDeletedItems -AuditAdmin Create,FolderBind,SendAs,SendOnBehalf,SoftDelete,HardDelete,Update,Move,MoveToDeletedItems
3 - Display information about Audit settings
Display information about Audit logging for a specific mailbox - AuditDelegate
Get-Mailbox <Identity> | Select-Object –ExpandProperty AuditDelegate
Get-Mailbox John | Select-Object –ExpandProperty AuditDelegate
Display information about Audit logging for a specific mailbox - AuditAdmin
Get-Mailbox <Identity> | Select-Object -ExpandProperty AuditAdmin
Get-Mailbox John | Select-Object -ExpandProperty AuditAdmin
Display information about recipient Audit folder
Get-MailboxFolderStatistics <Identity> | ? {$_.Name -eq "Audits" -and $_.FolderType -eq "Audits"} | FT Identity, ItemsInFolder, FolderSize -AutoSize
Get-MailboxFolderStatistics John | ? {$_.Name -eq "Audits" -and $_.FolderType -eq "Audits"} | FT Identity, ItemsInFolder, FolderSize -AutoSize
Display information about all of the mailboxes that are Audited
Get-Mailbox | Where {$_.AuditEnabled -eq “$True”}
View administrator Audit logging settings
Get-AdminAuditLogConfig
4 - Display information about mailbox and folder permissions
Display information about Audit logging for a specific mailbox - AuditDelegate
Get-Mailboxfolder <Identity> -GetChildren | Get-MailboxFolderPermission | Where-Object {-not ($_.AccessRights -like '*None*')
Get-Mailboxfolder John -GetChildren | Get-MailboxFolderPermission | Where-Object {-not ($_.AccessRights -like '*None*')
5 - Search for information in the Audit Log
Display all the Audit information that was collected for a specific mailbox
Search-MailboxAuditLog <Identity> -LogonTypes Admin,Delegate -ShowDetails
Search-MailboxAuditLog John -LogonTypes Admin,Delegate -ShowDetails
Display Audit information for “Send As” activities
Search-MailboxAuditLog <Identity> -LogonTypes Admin,Delegate -ShowDetails | Where-Object {$_.Operation -eq "Sendas"} |select MailboxResolvedOwnerName, LastAccessed, Operation,OperationResult,LogonUserDisplayName,LogonType ,ItemSubject,FolderPathName,InternalLogonType,SourceItemSubjectsList,SourceItemFolderPathNamesList,ClientProcessName,ClientInfoString
Search-MailboxAuditLog John -LogonTypes Admin,Delegate -ShowDetails | Where-Object {$_.Operation -eq "Sendas"} | Select MailboxResolvedOwnerName, LastAccessed, Operation,OperationResult,LogonUserDisplayName,LogonType ,ItemSubject,FolderPathName,InternalLogonType,SourceItemSubjectsList,SourceItemFolderPathNamesList,ClientProcessName,ClientInfoString
Display Audit information about a mailbox from specific date range
Search-MailboxAuditLog <Identity> -LogonTypes Admin,Delegate –StartDate <mm/dd/yy> –EndDate <mm/dd/yy> –ResultSize <Number>
Search-MailboxAuditLog John -LogonTypes Admin,Delegate -StartDate 05/20/2013 -EndDate 05/25/2013 -ResultSize 2000
Display Audit information about a mailbox from specific date range for “HardDelete” activities
Search-MailboxAuditLog <Identity> -LogonTypes Admin,Delegate –StartDate <mm/dd/yy> –EndDate <mm/dd/yy> –ResultSize <Number> | Where-Object {$_.Operation -eq "HardDelete"}
Search-MailboxAuditLog John -LogonTypes Admin,Delegate -StartDate 05/20/2013 -EndDate 05/25/2013 -ResultSize 2000 | Where-Object {$_.Operation -eq "HardDelete"}
Display the content of the administrator audit log (show all events)
Search-AdminAuditLog
Search the contents of the administrator Audit log
Search-AdminAuditLog – Cmdlets <cmdlet 1, cmdlet 2, ...> –Parameters <Parameter 1, parameter 2, ...> –StartDate <Start date> –EndDate <End date> –UserIds <user IDs> –ObjectIds <object IDs> -IsSuccess <$True | $False >
Search-MailboxAuditLog John -LogonTypes Admin,Delegate -StartDate 05/20/2014 -EndDate 05/25/2014 -ResultSize 2000 Search-AdminAuditLog -Cmdlets Set-Mailbox -Parameters ProhibitSendQuota, ProhibitSendReceiveQuota, IssueWarningQuota, MaxSendsize, MaxReceiveSize -StartDate 05/20/2014 -EndDate 05/25/2014 -UserIds John,Alice,Bob -IsSuccess $True
Search the contents of the administrator Audit log - look for specific user
Search-AdminAuditLog -UserIds <Identity>
Search-AdminAuditLog -UserIds John
6 - Audit General Settings
Configure Outlook Web App to allow XML attachments
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AllowedFileTypes '.rpmsg','.xlsx','.xlsm','.xlsb','.tiff','.pptx','.pptm','.ppsx','.ppsm','.docx','.docm','.zip','.xls','.wmv','.wma','.wav','.vsd','.txt','.tif','.rtf','.pub','.ppt','.png','.pdf','.one','.mp3','.jpg','.gif','.doc','.bmp','.avi','.xml'
Set Audit retention number of days
Set-Mailbox <Identity> -AuditLogAgeLimit <Days>
Set-Mailbox John -AuditLogAgeLimit 30
Suppressing Audits for Specific Mailboxes
Set-MailboxAuditBypassAssociation <Identity> -AuditBypassEnabled $True
Set-MailboxAuditBypassAssociation John -AuditBypassEnabled $True
Mailbox Auditing: Export Audit information to XML File + Send the result to Email address
New-MailboxAuditLogSearch –Name <String> -LogonTypes Admin,Delegate –StartDate <mm/dd/yy> –EndDate <mm/dd/yy> –StatusMailRecipients <Email Address>
New-MailboxAuditLogSearch -Name "Audit information for all mailboxes" -LogonTypes Admin,Delegate -StartDate 05/20/2014 -EndDate 05/25/2014 -StatusMailRecipients John@o365info.com
Administrator Auditing: Export Audit information to XML File + Send the result to Email address
New-AdminAuditLogSearch –Name <String> -LogonTypes Admin,Delegate –StartDate <mm/dd/yy> –EndDate <mm/dd/yy> –StatusMailRecipients <Email Address>
New-AdminAuditLogSearch -Name "Audit information for all mailboxes" -LogonTypes Admin,Delegate -StartDate 05/20/2014 -EndDate 05/25/2014 -StatusMailRecipients John@o365info.com
Script Box
For your convent, I have “Wrapped” all of the PowerShell commands that was reviewed, In a PowerShell Script named: Audit.ps1
Download
- Search-MailboxAuditLog
- Export the Administrator Audit Log
- Use Audit Logging to Record User Actions
- Use Auditing Reports in Exchange Online
- Understanding Mailbox Auditing Reports in Office 365
- Run a Non-Owner Mailbox Access Report
- Export Mailbox Audit Logs
- Mailbox Auditing in Exchange Server 2010
- Search the Administrator Audit Log
We relay like to know what is your opinion on the Article