David Underwood’s Professional Blog

There’s a great and useful tool available for quick and easy imports and exports forActive Directory called CSVDE. This allows you to take an excel file of contacts,save it out as a CSV and then easily import into AD under a certain OrganizationalUnit.

This website http://www.computerperformance.co.uk/Logon/Logon_CSVDE.htm hastons of information on CSVDE.

A quick example:

From your DC open a command prompt and type csvde -f output.csv and you will get afull dump of your AD schema to the named csv file. This will also give you all theheaders you can use for importing.

Now lets say you want to import into an OU called “Apple” all the outside contactsfor that OU which you’ll later create an Address List in Exchange 2007 and add themto.

Create a CSV file with the following format:

DN,objectClass,displayName,proxyAddresses,targetAddress,mailNickname,mail,msExchPoliciesExcluded,company
“CN=Jim Smith,OU=Apple,DC=mydomain,DC=local”,contact,Jim Smith,SMTP:jim.smith@apple.com,SMTP:jim.smith@apple.com,JSmith,Jim.Smith@apple.com,{26491cfc-9e50-4857-861b-0cb8df22b5d7},Apple

The 26491cfc just corresponds to a checkbox selection for Exchange.

These will be created as Mail Enabled Contacts in the “Apple” organizationalunit in Active Directory. Save your file as myimport.csv

Open a command window and run csvde -i -f myimport.csv and violla!you’ve got contacts imported!

Now in Exchange 2007 you can go in to the Management Console andunder “Organization Configuration” click “Mailbox” and choose the “Address Lists”tab. Click “Add Address List.” As the selection criteria set it to “Contacts withexternal e-mail addresses” and then after hitting next choose a condition of “recipientis in a company” and click the underlined blue text to add the company name you providedin your csv file (we used Apple). Clicking next, next, and finish will process theaddress list.

I found this neat article on Tech Republic and though I would share:
http://articles.techrepublic.com.com/5100-1009_11-5838360.html

Takeaway: Internet Explorer’s laundry list of vulnerabilities and Firefox’sgrowing popularity have made many users consider their browser alternatives. If you’vehad enough of dealing with IE’s security flaws and decided to make a switch, learntwo ways you can disable IE for your users.

Microsoft’s Internet Explorer (IE) has long been a favorite target of hackers, andthe frequent discovery of vulnerabilities over the years has only offered more incentive.In fact, Microsoft is currentlyresearching a new, unpatched flaw that could put users at risk of a cyberattack.

In addition, the growing popularity of the Firefox browser has offered computer usersa browser alternative—one that millionsof users have opted to try. While not immune to its own security issues, the defaultinstallation of Firefox is rather secure, and it doesn’t support ActiveX controls,a common culprit of security issues.

So if you’ve had enough of dealing with IE’s security flaws, how do you disable orremove Internet Explorer? If you’re running Windows 2000 or XP, there’s good newsand bad news.

The bad news is that you can’t remove IE without crippling your operating system.However, the good news is that you can disable IE for your users and move to a differentbrowser.

Several simple, popular methods exist to disable IE. The easiest way to remove users’ability to browse with IE is to add a bogus proxy server to IE’s Internet Settings.

Follow these steps:

1. In IE, go to Tools | Internet Options.
2. On the Connections tab, click the LAN Settings button.
3. In the resulting dialog box, select the following check box in the Proxy Server section:Use a Proxy Server For Your LAN (These Settings Will Not Apply To Dial-up Or VPN Connections).
4. Enter 0.0.0.0 in the Address text box.
5. Enter 80 in the Port text box, and click OK.

Please note that adding a bogus proxy server to your Internet settings won’t affectAutomatic Windows Update from connecting and updating your operating system.

You can also restrict Internet settings via Group Policy. Follow these steps:

1. On your domain controller, right-click the organizational unit that contains yourdomain users, and select Properties.
2. On the Group Policy tab, click Edit.
3. Expand User Configuration to set restrictions on a per-user basis.
4. Expand Windows Settings, and expand Internet Explorer Maintenance.
5. Select Connection, and double-click Proxy Settings.
6. Select the Enable Proxy Settings check box, add 0.0.0.0 to the HTTP entry, and clickOK.
7. Expand Administrative Templates, and expand Windows Components.
8. Select Internet Explorer, and double-click Disable Changing Proxy Settings.
9. Select Enabled, and click OK.

Remember that Enabled sets a restriction, Disabled prevents a restriction from applyingto a group of users (even if you enable it for a broader category of users), and NotConfigured doesn’t set the restriction.

Before you take any of these steps, download another browser, and test it on yourcurrent configuration. I highly recommend Mozilla’s Firefox. After you install a newbrowser, answer Yes when it asks whether to make it your default browser.

Final thoughts

No matter how many patches Microsoft releases, ActiveX and the Browser Helper Object(a file loaded with Internet Explorer) are all an attacker needs to control your systemand steal your data. Microsoft designed IE for functionality—not security. And antivirussoftware can’t defend your network against IE exploits.

Windows security isn’t about eliminating security holes—it’s about managing risk anduser functionality. All operating systems have vulnerabilities, but Windows’ popularitymakes it the target of choice for most black hats.