• May 7, 2013

    Success! Deploying Office 2013 Click to Run with Windows Intune

    Finally, a concrete solution to a nuisance that has bothered Windows Intune administrators for months: How do I deploy the newest release of Office 2013 with Windows Intune if the only install method I have is Click-to-Run?

    With the latest release of Office 365 bundled with Office 2013, administrators were only provided with one method of deployment for the Office Suite – Click-to-Run. I personally prefer this method of installation because it allows the end-user to start using the program immediately by streaming the content from the moment of install. Users do not need to wait up to an hour for the Office Suite to finish installing anymore. As soon as the installation begins, the bits are streamed for the product you need straight from Microsoft – and that was a great move by Microsoft. Way to go!

    My colleague here at New Signature, Kib Bibens, wrote an article a while back about deploying Office 2010 with Windows Intune, but after rigorous testing the same deployment method did not work for Office 2013.

    After hours of troubleshooting, we’ve discovered:

    •  There is a 30 minute time limit on an installation of Office by Windows Intune
    •  5GB of free space is required

    The problem was that the default configuration file contained in the Office Deployment Tool for Office 2013 Click-to-Run also contained code that enabled the installation of Visio 2013. When Visio 2013 is removed, the full installation process takes less than 30 minutes and can process successfully via Intune.

    Below is the code for the Configuration.XML file that worked properly for our test deployment:

    <Add OfficeClientEdition="32" >
     <Product ID="O365ProPlusRetail">
     <Language ID="en-us" />
    <Display Level="None" AcceptEULA="TRUE" />
    <Logging Name="OfficeSetup.txt" Path="%temp%" />

    This configuration.XML file specifies only the 32-bit installation of the Office365 Pro Plus installation, not including Visio. It is presumed that modifying separate configuration file (and software management package) to only include Visio 2013 could also be deployed via Intune so that the same time thresholds are not crossed.

    After uploading the setup.EXE and correct configuration.XML file (by selecting include additional files/folders in the Intune software deployment applet), and pushing it to a test group of computer, they will download the update and install the product.

    After the installation begins, the users can immediately begin using office after signing in using their correctly provisioned and licensed Office 365 credentials.


  • May 1, 2013

    Office 365 Mailbox Auditing: What You Don’t Know CAN Hurt You!

    Have you ever been unable to find a message you positively know is in your mailbox? Chances are that it’s in there and you misplaced it…that’s what your colleagues tell you. They’re likely right. But what if others have access to your mailbox…could someone else have removed or modified it? Would you be able to tell what happened to it? Can you even tell who else is accessing your mailbox?

    Inciting email paranoia is definitely not my aim here, but I think these are questions that any organization which relies heavily upon email needs to start asking their IT group. If you are the IT group, then I think you should reasonably be prepared to answer those questions, and think about choosing a mail platform that supports a granular level of auditing.

    Enter Office 365. Microsoft’s SaaS email platform allows for a robust level of individual mailbox auditing (there’s the capability for journaling and litigation hold as well), and all you have to do is turn it on! Please note, you can only search for activity after auditing was enabled for that mailbox.

    What you’ll need:

    • An Office 365 Account (you’ll need at least User Management Administrative Rights)
    • A basic knowledge of PowerShell
    • PowerShell connected to Office 365 Exchange Online, see:

    Here’s how you enable mailbox delegate auditing for a specific mailbox (

    Set-Mailbox –identity -AuditEnabled $true -AuditDelegate create,update,move,movetodeleteditems,softdelete,harddelete,folderbind,sendas,sendonbehalf -AuditAdmin create,update,move,movetodeleteditems,softdelete,harddelete,folderbind,sendas,sendonbehalf

    Here’s how you can check to see if auditing is enabled for a mailbox:

    Get-mailbox –identity | select-object audit

    And, here’s how you could enable verbose audit logging for *all* mailboxes, should you so choose:

    Get-Mailbox | Where-Object {$_.recipienttypedetails -eq “usermailbox”} | Set-Mailbox -AuditEnabled $true -AuditDelegate create,update,move,movetodeleteditems,softdelete,harddelete,folderbind,sendas,sendonbehalf -AuditAdmin create,update,move,movetodeleteditems,softdelete,harddelete,folderbind,sendas,sendonbehalf

    Also, if you have a need to see who has permissions who whose mailbox, here’s how you can get that:

    Get-MailboxPermission -Identity | Format-List

    Once you have auditing enabled for a mailbox, you can run audit reports through the Exchange Online admin portal (Roles & Auditing >> Auditing). Refine your audit search accordingly and you’ll be greeted with an easy to read list of actions and modifications made in the mailbox by anyone besides the actual owner. In the image you can see the result, the redaction lines cover actual user, folder, and subject name. With these details you should have a pretty accurate trail of breadcrumbs the next time need arises!

    Office 365 Mailbox Auditing

    Special thanks to Ben Pahl and Sean Clowes of New Signature for their contributions to this post.




  • April 30, 2013

    Inside Sales will love Click-to-Call with Dynamics CRM & Lync

    Inside sellers are the most optimistic people in your company. Many will call 100 strangers a day and get rejected by 95 of them — sometimes it is hard to keep an upbeat, positive attitude in the face of daily rejection. Wouldn’t it be great if there was something we could do to help make their day a little easier; a little more efficient? Well, there is. For those inside sellers using Microsoft Dynamics CRM and Lync, you can enable Click-to-Call and make calls directly from CRM by simply clicking on the phone number within a form. As you can probably guess, this makes calling down a list of potential leads pretty seamless.

    There are over 3 million people using Dynamics CRM, over 5 million using Lync Enterprise Voice, and the cross-section between the two is enormous. Yet, very few of our customers are taking advantage of the out-of-the-box integration between their phone systems and their sales and customer service systems.

    It is an extremely powerful tool and here’s how to use it:

    Use Click-to-Call

    1. Open a contact, account, or case
    2. Click a phone number within the form
    3. Click Click to call button in Lync notification
    4. Record description of call
    5. Click OK
    6. Also taste the rainbow of the Lync status skittles

    Setup Click-to-Call

    1. Install Lync 2013 with Enterprise Voice
    2. Open Dynamics CRM Settings -> Administration -> System Settings
    3. Select Lync as telephony provider


    To learn more or to get started, we’re always listening to @NSCRM and Thank you inside sellers!


  • April 29, 2013

    Remotely Access Azure from a Train, Plane or even Spain!

    Microsoft recently announce two large changes to Azure Infrastructure-as-a-Service (IaaS) that will empower customers to be able to access the public cloud from any location with Internet access. They also announced a big addition to Azure Platform-as-a-Service (PaaS).

    The first big addition is point-to-site connectivity, which will allow customers to connect into an Azure Virtual Network from any laptop or slate that has a traditional Windows VPN client installed on it, even when the primary site is down. This is huge, as it enables scenarios to migrate Line-Of-Business and traditional applications to Azure including:

    • File server clusters
    • DFS nodes
    • Internal SharePoint sites
    • Custom developed applications
    • Print servers
    • Apps requiring database access

    In the past, if your primary site went down, and you didn’t have a Remote Desktop Server spun up within Azure, customers weren’t able to easily get access to the files that, while functional within Azure, weren’t exposed to the Internet at large. As an example, if a customer adds a DFS instance into Azure, and enables file replication, if the primary site goes down, all the staff can take their laptops, walk into a coffee shop, fire up WiFi and connect into their network as continue working just as before. While permanent sites will still want to leverage a hardware based VPN into Azure, this new flexibility will certainly help customers during site outages who just want people to be able to keep working.

    Getting access to internal network infrastructure during a disaster is a key win for Azure. But what about when the “disaster” is merely a misconfiguration on your sysadmin’s part? In previous versions of Azure Virtual Machines, it was far too easy to forget to enable Remote Desktop on a server, or to setup remote access via PowerShell or even SSH. With Friday’s other large announcement, Microsoft enabled customer to turn on RDP access after a VM has been published, as well as checkboxes to enable PowerShell remoting and by default, SSH access for Linux VMs across the platform. With these changes, it becomes even easier to spin up machines with small attack surfaces that can be easily managed through PowerShell.

    Finally, on the platform side, the Azure team announced a new SDK for Ruby developers. Ruby devs will be able to run a gem install azure to gain access to the Azure platform, including storage and the service bus. Azure now supports .net, node.js, Java, PHP, Python and Ruby from a language perspective, with targeted offering around mobile devices and media.

    New Signature is part of Microsoft’s Azure Circle: a small group of partners with deep expertise in both Azure PaaS as well as Azure IaaS. Give us a call today to see how your organization can move into the public cloud with Azure.

  • April 26, 2013

    Using PowerShell to Find Packages in App-V 5.0 Client Connection Groups

    Connection Groups is a feature of Microsoft Application Virtualization (App-V) 5.0 that links related packages and enabled them to interact with one another while still maintaining the sandbox style isolation from the system running them. Deploying the connection groups is done easily through a simple and straight-forward graphical user interface. After configuration, the connection group relies on an XML file that is automatically generated by System Center Configuration Manager or the App-V Management Server to retrieve instructions for what packages should be talking to each other, and what connection group they are a part of.

    The creation, configuration, and provisioning of connection groups is simple enough, but packages and package versions can start to pile up in larger deployments without periodic disabling of groups, cleaning, and maintenance. With an ever-increasing list of connection groups and interoperating packages, it can quickly become unclear which packages are members of which connection group. This information can be found either by reading through the XML file or logging into the App-V server as an administrator and using the server console interface to list the connection groups and their associated packages. Depending on your App-V server setup, and how comfortable you are reading through XML files, these methods are less than ideal. There is currently no time effective method to retrieve this information through the client console.

    Below are some PowerShell commands to obtain enabled and disabled connection groups and their corresponding members from the server or client console.

    The following PowerShell command returns all enabled connection groups and their members:

    The following PowerShell command returns the specified connection group and members:
              (Get-AppvClientConnectionGroup -GroupId {group guid} -VersionId {version guid}).GetPackages()
    In the above command, replace {group guid} with a GroupID and replaced {version guid} with a VersionID

    The following PowerShell command returns the specified enabled connection group and members:
              (Get-AppvClientConnectionGroup -Name {cg name}).GetPackages()
    In the above command, replace {cg name} with a group name.

  • April 25, 2013

    New Signature Is Honored As Finalist in Washington Business Journal’s 2013 Jefferson Awards

    New Signature has been named a finalist in the Washington Business Journal’s 2013 Jefferson Awards. The awards recognize local companies where charitable work is integrated into the corporate culture, reflects variety and creativity, and exhibits impact and results in the local community.

    We are honored to receive this prestigious recognition of our efforts to make our community a better, just, and equitable place. At New Signature, we integrate social responsibility into every aspect of the company and empower employees to work with select community partners where they can apply their expertise to help solve societal problems. Our community partners include Year Up, NFTE, Urban Alliance, and Street Sense. These amazing organizations are helping to close the Opportunity Divide for urban young adults and for people experiencing homelessness. They achieve this mission by delivering the skills, experience, and support that will empower their constituents to reach their potential and achieve economic opportunities through professional careers, entrepreneurship and higher education.

    The full list of Jefferson Award Finalists includes:

    • Acuity Inc.
    • Acumen Solutions
    • Advisory Board Co.
    • Capital One
    • CPS Solutions
    • Excella
    • K. Hovnanian
    • MedImmune
    • New Signature
    • Pentagon Federal Credit Union

    Join New Signature on Thursday, June 6, 2013, at the 2013 Corporate Philanthropy Awards to celebrate the philanthropic work of all the finalists!

  • Cloud Copy: Replicating Virtual Machines from System Center Virtual Machine Manager to Windows Azure

    System Center 2012

    Moving your organization’s infrastructure to the cloud can be a daunting task when viewed as a whole. Taking the transition step-by-step will help to facilitate the migration and ensure that the process goes smoothly. Using an off-premise data center facility as an extension of an on-premise deployment is a key element of utilizing a hybrid cloud infrastructure, and an absolute must for any organization looking to adopt the new and exciting standard for enterprise computing.

    The following information details the procedure for using System Center 2012 SP1 Virtual Machine Manger (SCVMM) and App Controller to copy a virtual machine from an on-premise deployment to be hosted completely within the Windows Azure cloud.

    The concept of moving and hosting a virtual machine to Windows Azure is at the heart of using the cloud as Infrastructure as a Service (IaaS). The end-result of an IaaS implementation will demonstrate the employment of an off-premise datacenter for the replication of on-premise data, workloads, back-up, and more without the need to acquire or manage hardware.

    Some of the operations required for the copy of the virtual machine can be completed in the App Controller of System Center 2012 SP1. Before getting started on the copy, you will need two connections established in the App Controller. The first is a connection to SCVMM which manages the target virtual machine. The second is a connection to an established Windows Azure subscription. With both of these connections configured, both on-premise and cloud-based virtual machines can be managed through a single portal, in this case, the App Controller interface.

    Within the SCVMM Administration console, the deployment in which the virtual machine is located must be configured with a stored-VM path in the Cloud properties. A machine that will be copied must first be “stored”, which puts the machine in a saved state and exports the machine and configuration to the “stored-VM” path location.

    The COPY VM operation can be invoked and carried out within App Controller. With the connection to both the on-premise and off-premise deployments configured, the majority of the workload will be performed under the hood, and requires relatively little user interaction.

    In App Controller, choose to “Store” the target virtual machine via the right-click contextual menu. The state of the virtual machine will change to “stored” when the operation completes. Once the state reflects the change, choose to “Copy” the target virtual machine via the right-click contextual menu. This Copy operation will associate the virtual machine with a service and storage account in Windows Azure This process copies and uploads the storage VHDs and virtual machine to the cloud, and will take some time. Upon completion, the virtual machine will be brought to a running state and authenticated users will see the copied machine listed within the Azure portal.

    The jump to an IaaS cloud model is the final step in advancing your infrastructure from a private cloud to a hybrid cloud. IaaS in Windows Azure can then be utilized as an off-premise site and seamless extension of your organization’s deployments, and allow for centralized management of both on-premise and off-premise resources.

  • April 24, 2013

    Get Up To Speed On the Updates and Hotfixes Released for System Center 2012 SP1

    2013 is proving to be a very busy year so far in terms of Microsoft’s commitment to its System Center product line.  With MMS 2013 just a few weeks behind us now, it can get a little daunting to try to grasp all of the exciting changes Microsoft has been making, but amidst all of this excitement, one thing you should be asking yourself is, “Am I running the newest available updates within my System Center implementation?”

    The answer may not be an easy one, as Microsoft has released a service pack, cumulative updates, and update rollups for the various System Center products.  While it may be easy to tell if you are running System Center 2012 SP1, what may be less obvious is what additional updates beyond the service pack have been installed, and this question can become even harder to answer if you have multiple products of the System Center family installed in your environment.

    I spent some time today to answer this question to make things easier for you.  To find the answer to this question, I started at the following Microsoft support page: “Description of Update Rollup 2 for System Center 2012 Service Pack 1“. This support page lists the details for System Center 2012 SP1 Update Rollup 2.  UR2 is the newest update rollup available for System Center 2012 SP1, and covers all of the System Center products except for Configuration Manager.

    UR2 was just recently updated yesterday to include updates to Virtual Machine Manager as Microsoft has described by Travis Wright in his TechNet post, “Update on System Center 2012 SP1 Update Rollup 2 (UR2) for Virtual Machine Manager“.

    So as of today, 4/24/2013, all of your System Center products besides Configuration Manager should be running on System Center 2012 SP1 Update Rollup 2.  Configuration Manager is a different story, as it has not been included within any of Microsoft’s update rollups to date.  However, there is an additional update available separately for Configuration Manager, which is known as System Center Configuration Manager 2012 SP1 Cumulative Update 1.  More information on this update can be found in “Description of Cumulative Update 1 for System Center 2012 Configuration Manager Service Pack 1“.

    The thing to be aware about for the Configuration Manager update is that it is a hotfix, and as such per Microsoft’s recommendations, should only be applied to systems that are experiencing the problems described in the KB article.

    The Update Rollup 2 for System Center 2012 Service Pack 1 update packages for App Controller, Service Provider Foundation, Operations Manager, Data Protection Manager, and Virtual Machine Manager are available from Microsoft Update.  To receive the Cumulative Update 1 package for System Center 2012 Configuration Manager Service Pack 1, you must request the download from Microsoft.

    Now that you know what patches you should have installed, what are you waiting for?  Start updating! Of course, after coming up with plan first!

  • Office 365 and Office 2013: Cloud Licensing Made Easy

    The activation pane of Office 2013
    The days of having two disparate installers for volume licensed and subscription-based Office are over!

    With Office 2013 the capability now exists to easily switch between your volume and subscription Office licensing. In fact, the setting is conveniently located in the Office activation area of your Office apps (File>>Account). From there you can enter a key, or select “Sign in with an active account instead” to authenticate with your Office 365 (E3 and above licensing) credentials.

    The immediate benefit is two-fold for IT Administrators—you can deploy and maintain one installer regardless of the licensing topology in your organization; secondly, you no longer have to perform a FULL uninstall and reinstall of Office if you move from volume licensing to subscription licensing (or vice versa).

    With this functionality, Microsoft has made another stride towards unifying the desktop experience and their cloud service. If you’re an IT Administrator this will undoubtedly lead to fewer headaches down the road—and hopefully reduce licensing overhead and waste.

  • “Open with Explorer” Errors in SharePoint

    Microsoft SharePoint 2007 or greater has included an option allowing you to open Document Libraries with Windows Explorer. This feature allows the user to open and interact with files and folders in SharePoint with Windows Explorer, just as they have done in the past with local and network files and folders. It’s not uncommon for this feature to be grayed out, or give an error when a user first tries to use it.

    Below are some simple steps to ensure the system is set up to successfully use this feature, as well as troubleshooting steps in the event it give an error.


    • Windows XP SP3 or greater with User Account Control (UAC) disabled or set to low
    • Internet Explorer 7.0 or greater (Open with Explorer will not work with any browser but Internet Explorer)
    • WebClient Service must be started (Desktop Experience feature enabled for Windows 7 or 2008)


    1. Ensure you are logged out of SharePoint completely
    2. In Internet Explorer, navigate to your SharePoint site
    3. Log in, ensuring you select the ‘Keep me signed in’ checkbox (This is required to allow Internet Explorer to pass the session credentials to Windows Explorer)
    4. Navigate to your Document Library
    5. Under the  tab, select  and you will see the ribbon of actions for the Library (if you navigate to a Library or Folder from within a WebPart, you will have to select an item in the Document Library for the Library Tools tab to appear)
    6. Click 
    7. Windows Explorer should open up displaying the contents of the Document Library (it may take a few moments to open)


    There are two very common issues when attempting to use the Open with Explorer feature. The first is the easiest to solve.

    Grayed Out Open with Explorer Button

    To solve this, make sure you are using Internet Explorer. It’s as simple as that.


    The more common and difficult issue encountered when attempting to ‘Open with Explorer’ is the following:

    “Your client does not support opening this list with Windows Explorer”

    This error can be received for many reasons, and sometimes no reason at all. Below are several troubleshooting steps which can be taken in an attempt to resolve this issue. After completing the steps in teach fix, retry the  button.

    1.      Try Again

    In some instances, when you click the  action will give an error on the first attempt, but will work the second time. Simply try clicking the  button again and confirm whether it opens or not.

    2.      Restart WebClient Service

    a)       Click Start > Run

    b)       Enter ‘services.msc’

    c)       Find the WebCient service and select Restart

    3.      Check Internet Explorer Version

    Windows XP – 2008R2: Make sure you are using Internet Explorer version 7.0 through 9.0, in 32-bit mode. The 64-bit mode will not work with the  feature.

    Windows 7: Internet Explorer 10 is not yet compatible with the  feature. You will need to revert to Internet Explorer 9.

    Windows 8: Internet Explorer 10 is compatible, so you should not have an issue with this OS and browser version combination.

    4.      Add to Trusted Sites

    a)       Open Internet Explorer and click ‘Tools’ or  to get to ‘Internet options’

    b)       Select the ‘Security’ tab

    c)        Click on ‘Trusted Sites’

    d)       Ensure  is unchecked

    e)       Click ‘Sites’

    f)        Add the below sites:

    1. https://*
    2. https://*

    5.      Lower UAC Setting

    The User Account Control must be set to the lowest setting in order for  to function. Instructions for modifying the UAC are available here:

    6.      Set Internet Explorer to Automatic Logon

    a)       Open Internet Explorer and click ‘Tools’ or  to get to ‘Internet options’

    b)       Select the ‘Security’ tab

    c)        Click on 

    d)       Scroll to the bottom, and change the ‘User Authentication – Logon’ setting to: