Remove domain sender permissions Exchange 2010

One of the more annoying types of spam is the one that seems to be coming from your own domain; or worse— from your own email address! Of course, users from your own domain don’t generally spam each other— unless you’re using one of the free web-based email services. And most of us don’t spam ourselves.

Obviously, this is coming from a spammer who has spoofed your email address, or that of someone else from your domain. Unfortunately, SMTP— the protocol that allows mail clients and servers to exchange email, allows headers to be spoofed easily.

Thanks to the extensive Transport Permissions model in Exchange 2010, we can easily prevent such spam. Receive Connectors have the ms-exch-smtp-accept-authoritative-domain-sender permission which dictates whether an Accepted Domain can be used in the MAIL orFROM headers. External/internet hosts submit mail to your server without authentication, as anonymous senders. To prevent anonymous senders from sending mail using your domain(s), we need to remove the ms-exch-smtp-accept-authoritative-domain-senderpermission assigned to them.

Use the following command to remove the ms-exch-smtp-accept-authoritative-domain-sender permission from NT Authority\Anonymous Logon on internet-facing Receive Connector(s):

Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

Once this permission is removed, when anonymous senders try to submit mail using your Accepted Domain(s).

You can try to send a fake mail by using this site:




SCCM 2012 & 2007 Boundaries Migration

Time to migrate your 2007 SCCM envoirment to 2012. The first thing you might think of is how to push out the new client and how and when to configure boundaries.

First of all configure the client push settings on the 2012 site.

Then go to Installation Properties and configure the new 2012 site code:

SMSSITECODE=Sitecode and also i added my Fallback Status Point FSP=server.local This will tell the computer/client what site they will assign to.

Configure the boundaries at your new SCCM12 site and assign it to a boundary Group.

At this time you will now be able to push out the new client using client push or GPO. Remember to place the package to your DP.

Remember to uncheck the Auto assigment under Client Push Installation Properties, why? Because you don’t want both sites to auto assign their clients.

Configuration Details
Site assignment Site assignment is used by clients that use automatic site assignment to find an appropriate site to join, based on the clients current network location. After a client assigns to a site, the client will not change that site assignment. For example, if the client roams to a new network location that is represented by a boundary in a boundary group with a different site assignment, the client’s assigned site will remain unchanged.When Active Directory System Discovery discovers a new resource, network information for the discovered resource is evaluated against the boundaries in boundary groups. This process associates the new resource with an assigned site for use by the client push installation method.
Content location Content location is used by clients to identify available distribution points or state migration points, based upon the client’s current network location

Outlook2010 Profile Roaming with Folder Redirection

Ok, i got it to work now with two scripts:

One that activates when user login:

cmd /c regedit /C /S %appdata%\Outlook_Profile.reg
cmd /c regedit /C /S %appdata%\Office_Setup.reg

And one that activates when the user logs off:

cmd /c regedit /E %Appdata%\Outlook_data\Outlook_Profile.reg “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%username%”
cmd /c regedit /E %Appdata%\Outlook_data\Office_Setup.reg “HKEY_CURRENT_USER\Software\Microsoft\Office”

This exports and imports the regfiles of the outlook settings. So that the users settings follows with the user, regardless of what computer they log in to.

How to enable multiply domainjoin depending on default gateway?

Ok so in the environment im working in right now, the SCCM site is working towards two different domains, lets call them “Domain A” & “Domain B”. I would like my Task Sequence to join the computers it the right domain depending on what default gateway they have on the network.

I have tried the following, but im afraid neither works:
Select * from Win32_NetworkAdapterConfiguration where DefaultIPGateway=’x.x.x.x’

This will not work because the adapters are stored in an array.

I also found a way to do this use this query:
Select * FROM Win32_IP4RouteTable
WHERE Destination=’′ AND NextHop=’x.x.x.x’

This queries the routing table, no details about the adapter need to be known. It work’s great just in general and in query’s but it will not work in a Task Sequence.

Looks like i have to install MDT. Thank you for all your answers.

//Karl Wirén

What’s new in SCCM 2012 SP1?

What’s New in Configuration Manager 2012 SP1

One of the most significant changes is support for Windows 8. Configuration Manager SP1 supports Windows 8 in the following ways:

  • You can install the Configuration Manager client on Windows 8 computers and deploy Windows 8 to new computers or to upgrade previous client operating versions. Configuration Manager also supports Windows To Go.
  • Configuration Manager supports Windows 8 features, such as metered Internet connections and Always On Always Connected .
  • You can configure user data and profiles configuration items for folder redirection, offline files, and roaming profiles.
  • You can configure new deployment types for Windows 8 applications, which support standalone applications (.appx files) and links to the Windows Store.

Other significant changes include the following:

  • Support for Windows Server 2012 and SQL Server 2012. Finaly!!
  • Clients are now supported on Mac computers, and on Linux and UNIX servers.
  • Windows PowerShell cmdlets are available to automate Configuration Manager operations by using Windows PowerShell scripts.
  • More flexible hierarchy management with support to expand a stand-alone primary site into a hierarchy that includes a new central administration site, and the migration of a Configuration Manager SP1 hierarchy to another Configuration Manager SP1 hierarchy.
  • Support for multiple software update points for a site to provide automatic redundancy for clients in the same way as you can configure multiple management points.
  • Client notification to initiate some client operations from the Configuration Manager console, which include downloading computer policy and
    initiating a malware scan to be performed as soon as possible, instead of during the normal client policy polling interval.
  • Support for virtual environments that allow multiple virtual applications to share file system and registry information instead of running in an isolated space.
  • Email alert subscriptions are now supported for all features, not just Endpoint Protection.

SCCM2012: Windows Server 2012 & Windows 8 Available to Volume License with SA Customers

If you have Software Assurance on your WS2012 volume licenses then you can start downloading from the Microsoft Volume Licensing Service Center (VLSC).  Those customers can start planning their Hyper-V (see the new features) host upgrades … but hold off if you are using System Center because you will need SP1 for System Center 2012 to continue to manage the upgraded hosts and migrated clusters.


It is not on MSDN/TechNet and is not expected there until after the launch on September 4th.@TechNetUK saw me tweeting on the subject and thankfully cleared up the issue:


I know, it’s very disappointing but that’s how the cookie is crumbling on this one. I’d love to have had it sooner so I could get current screenshots for the new WS2012 Hyper-V book.

Windows 8 is also available to VL w/ SA customers on the VLSC site.


SPLA folks, check your pricelists to ensure you are legit to move up first.

The Microsoft Partner Network download content has not been updated.