The Exchange Server Best Practices Analyzer Tool is a new analysis tool for administrators to use to check their Exchange deployment. It will identify problem areas and generate a report listing the problems as well as other configuration information. ExBPA reads the configuration data from the Active Directory, the registry, the IIS metabase, perfmon, WMI, and other files, checking over 1200 settings against some 1000 rules. ExBPA can be installed on any workstation running Windows 2000 or Windows XP and retrieves information from Exchange 2003, Exchange 2000 or Exchange 5.5. Note that while less information is available when you use the older versions of Exchange, it provides administrators with enough information to make it worthwhile to use.

ExBPA uses an XML configuration file that tells it exactly what settings to look for and what rules to use to analyze them. For at least the first few months, Microsoft expects to update the configuration file every few weeks and to insure the configuration file is up-to-date, ExBPA checks the web for the latest version of the configuration file each time you use it. If a newer configuration file is found, it’s downloaded automatically.

ExBPA uses the Active Directory to discover your deployment topography and access each server. The default settings will scan an entire organization or you can configure it to scan just a subset of servers, or only one specific server. The tool does use a lot of CPU and memory on the machine it's running on when it's analyzing a large organization and preparing the reports, but it should not affect system and network performance, so the administrator can use it at any time. It takes a few minutes per server to complete a scan, generating about a megabyte of data per server. In a small organization, the network is completely scanned within minutes, but in larger organizations, ExBPA may need a couple of hours to completely scan all of the exchange servers.

Two types of reports are generated; the first contains all of the critical issues ExBPA discovered. A link to a web page containing more information about the problem and how to fix it is included with each critical issue reported. Note that many of the issues it reports, even the critical ones, are probably not new to your configuration and if they haven’t caused problems yet they won't need immediate attention, but you should work on correcting those issues in the near future. The second report is in the form of a tree view that shows the issues found as well as all of the data that was gathered as part of the analysis, providing you with a snapshot of an Exchange configuration. By keeping copies of these snapshots, you can track changes to your network over time.

You can use ExBPA to do a proactive health check of an entire deployment, allowing you to identify issues that are not yet causing problems or you can use it when troubleshooting a specific issue. ExBPA has the potential to eliminate the need to call PSS by identifying the problem for you and Microsoft will eventually make the reports a standard part of a support call, so you should take the time to become familiar with it now.

Download the Exchange Server Best Practices Analyzer Tool
http://www.microsoft.com/exchange/downloads/2003/ExBPA/default.asp

Peer to peer support for ExBPA on the Microsoft newsgroups:
http://www.microsoft.com/exchange/community/NewsGroups/default.mspx?dg=microsoft.public.exchange.tools

Upcoming TechNet webcast on the Exchange Server Best Practices Tool, Thursday, October 07, 2004 8:00 AM (GMT-08:00) Pacific Time (US & Canada)
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032259581&Culture=en-US

Effective earlier this week, Microsoft discontinued HTTP (WebDAV) access to Hotmail and MSN accounts. The HTTP protocol allowed users to download their mail using Outlook or Outlook Express in much the same manner as an IMAP account. Unfortunately, it's also much easier to script the WebDAV protocol than the web interface, making HTTP access popular for use by spammers.

New Hotmail and MSN accounts will not be able to use the HTTP protocol to access to their accounts unless they subscribe to Hotmail plus or an MSN account. Existing free accounts will be transitioned away from HTTP access and those currently using HTTP access will be able to use it until Spring 2005.

What does this mean for users? Since only about 5% of all Hotmail users accessed their mail using the HTTP protocol, most won’t miss it. The 5% who use it will have several months to decide if they want to upgrade to Hotmail plus, use a third party 'pop' program, or use web access only. Some may decide to switch to another free email provider, although now that calendaring is once again included in the free Hotmail accounts, users may want to stay with Hotmail.

Like the Hotmail plus customers, MSN Premium subscribers will retain HTTP access, however, for subscribers who use Outlook 2002 or Outlook 2003, the MSN Outlook Connector is a better option--it not only downloads the email, but also syncs the local Calendar, Contacts, and Tasks with the online version. The calendar can be shared with other Hotmail account holders, making it useful as a shared calendar for small workgroups.

Users attempting to access free Hotmail accounts using HTTP access will receive an error which is explained in the following KB article: You receive an error message when you use Outlook Express to access your Hotmail account

Link to third party programs that can be used to download Hotmail and MSN, including IzyMail, Web2Pop, and Hotmail Popper, are at http://www.slipstick.com/addins/services/online.htm#hotmail.

"Is there a way to add a group of selected junk e-mail from the inbox to the blocked senders list all at one time instead of one junk e-mail at a time?"

The short answer is simply No. The long answer is that while it seems like a really stupid move by Microsoft not to include this functionality, or the often requested ability to train the filter, they have an excellent reason for not including these options.

Microsoft believes that users should not have to touch the filters period. Any antispam solution should be automatic and good enough to catch most spam, because as we've learned over the years with antivirus software and Windows updates, users aren't very good at keeping their programs updated. It also takes time to tinker with antispam settings and filters, time better spent doing anything but configuring the filters.

If the filter is designed right, only a few addresses will need to be added to any of the lists - such as addresses belonging to people you don't want to correspond with or whose messages are mistakenly classified as spam. In fact, adding every address that is used the send spam to the list will result in a long list of names, many of which will never send you another message. In addition, you are limited to approximately 2000 names on all of the lists combined and would need to spend a lot of time culling the list. (See Outlook 2003's Safe and Blocked Senders Lists for more information on the size of the lists.)

Your goal should be to have a Safe senders list longer than your Blocked senders list. If you need to spend minutes each day (or following each mail pass) adding addresses to your Blocked list, then your Junk Email settings are too low, you don't have the latest filter update, or you need a better spam filter than the one provided with Outlook. Businesses should filter out the spam on the email server, removing spam long before the messages are downloaded to their users desktop.

How long are my lists? My Safe Senders and Safe Recipients lists contain 24 addresses and domains, while the blocked senders list contains just two addresses. Using the newest junk filter update for Outlook 2003, almost all of the spam I receive is removed from my Inbox.

Outlook 2003 Junk E-mail Filter update: September 14, 2004
http://support.microsoft.com/?id=870765

Following a series of Internet Explorer exploits, many security experts recommended users switch to a different web browser and many users took their advice, often choosing Mozilla's Firefox. Unfortunately it doesn't work as expected with hyperlinks in email messages. While the links open in Firefox, the File, Open dialog is also displayed, indicating that you need to locate firefox.exe. After you do this, clicking once on a link opens two browser windows.

This is caused by an incorrect DDE setting for the HTTP file association. To correct it:

1. Open Windows Explorer and select Tools, Folder Options, File Types tab.
2. Browse the list of extension and locate the extension labeled '(NONE), File Type: HyperText Transfer Protocol'.
3. Click on the Advanced button at the bottom of the dialog to open the Edit File Type window.
4. Select the entry named 'open' and click on the Edit button.
5. Remove the checkmark from the Use DDE dialog and click OK to return to the File Types dialog.

Repeat for the HTTPS (HyperText Transfer Protocol with Privacy) and FTP protocols.

Outlook will now correctly use Firefox to open hyperlinks contained in messages.

For more information, see https://bugzilla.mozilla.org/show_bug.cgi?id=246078