OffCAT Introduction

With OffCAT, you can take the following actions to help you detect problems with your Office programs:

  1. Scan and fix known issues in Office programs
  2. Determine if your Office program is up-to-date
  3. Review detailed configuration information for Windows, hardware, the user, the Office and scanned program installation, the registry, and much more
  4. Send feedback to the OffCAT team
  5. Follow the OffCAT team on Twitter @MS_OffCAT

There are many other features and capabilities available in OffCAT. They are discussed in detail in the full version of the OffCAT ReadMe from the Microsoft Download Center.
Getting Started
This section of the document is intended to get OffCAT installed in the shortest amount of time, show you how to scan an Office program with OffCAT, and to help you find solutions to issues identified in the scan.
System Requirements for OffCAT
Before you install or use OffCAT, make sure that your computer meets the following system requirements.

  1. Supported operating systems:
  2. Windows 10
  3. Windows 8 and Windows 8.1
  4. Windows 7
  5. Windows Vista Service Pack 2
  6. Windows Server 2008
  7. Windows Server 2008 R2
  8. Windows Server 2012
  9. Windows Server 2012 R2
  10. Supported Microsoft Office versions:
  11. Microsoft Office 2016 (32-bit or 64-bit) (Click-to-run or MSI installs)
  12. Microsoft Office 2013 (32-bit or 64-bit) (Click-to-run or MSI installs)
  13. Microsoft Office 2010 (32-bit or 64-bit, MSI installs only)
  14. Microsoft Office 2007
  15. Minimum version of the Microsoft .NET Framework:
  16. Microsoft .NET Framework Version 4.5

Install OffCAT
Once you have met all of the system requirements, it is time to install OffCAT using the following steps.
Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista
1. Start the OffCAT installation by either clicking Run when prompted by the Microsoft Download Center or by double-clicking OffCAT.msi (that you downloaded from the Microsoft Download Center).
2. Click Next in the ‘Welcome’ dialog box of setup.

Office Configuration Analyzer Tool (OFFCAT) Introduction

Depreciated – Offcat Office Configuration Analyzer Tool (OffCAT)

With OffCAT, you can take the following actions to help you detect problems with your Office programs:

  1. Scan and fix known issues in Office programs
  2. Determine if your Office program is up-to-date
  3. Review detailed configuration information for Windows, hardware, the user, the Office and scanned program installation, the registry, and much more
  4. Send feedback to the OffCAT team
  5. Follow the OffCAT team on Twitter @MS_OffCAT

There are many other features and capabilities available in OffCAT. They are discussed in detail in the full version of the OffCAT ReadMe from the Microsoft Download Center.
Getting Started
This section of the document is intended to get OffCAT installed in the shortest amount of time, show you how to scan an Office program with OffCAT, and to help you find solutions to issues identified in the scan.
System Requirements for OffCAT
Before you install or use OffCAT, make sure that your computer meets the following system requirements.

  1. Supported operating systems:
  2. Windows 10
  3. Windows 8 and Windows 8.1
  4. Windows 7
  5. Windows Vista Service Pack 2
  6. Windows Server 2008
  7. Windows Server 2008 R2
  8. Windows Server 2012
  9. Windows Server 2012 R2
  10. Supported Microsoft Office versions:
  11. Microsoft Office 2016 (32-bit or 64-bit) (Click-to-run or MSI installs)
  12. Microsoft Office 2013 (32-bit or 64-bit) (Click-to-run or MSI installs)
  13. Microsoft Office 2010 (32-bit or 64-bit, MSI installs only)
  14. Microsoft Office 2007
  15. Minimum version of the Microsoft .NET Framework:
  16. Microsoft .NET Framework Version 4.5

How to install OffCAT
Once you have met all of the system requirements, it is time to install OffCAT using the following steps.
Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista
1. Start the OffCAT installation by either clicking Run when prompted by the Microsoft Download Center or by double-clicking OffCAT.msi (that you downloaded from the Microsoft Download Center).
2. Click Next in the ‘Welcome’ dialog box of setup.

Refer to Microsoft Support and Recovery Wizard for Office 365 (SaRA) Tool. https://support.microsoft.com/de-de/help/4098558/scan-outlook-by-using-microsoft-support-and-recovery-assistant

Granting Access to User Mailbox

Use the EMC to grant Full Access permission for a mailbox
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the “Permissions and delegation” entry in the Mailbox Permissions topic.

In the console tree,
– navigate to Recipient Configuration > Mailbox.
In the result pane, select the mailbox for which you want to grant Full Access permission.

In the action pane, under the mailbox name,
– click Manage Full Access Permission. The Manage Full Access Permission wizard opens.
On the Manage Full Access Permission page, click Add.
In Select User or Group, select the user to which you want to grant Full Access permission,
and then click OK.

Click Manage, on the completion page, the summary states whether Full Access permission was successfully granted. The summary also displays the Shell command used to grant Full Access permission.
Click Finish.

http://support.sherweb.com/Faqs/Show/how-to-add-another-persons-mailbox-to-your-outlook-2010-profile-exchange-2007

https://technet.microsoft.com/en-us/library/aa996343(v=exchg.141).aspx

Outlook Anywhere Setup

Here are the vital areas that need to be considered.

  1. Autodiscover
  2. Outlook Anywhere
  3. SSL certificate in line with your domain name and this should be installed on the IIS.
  4. RPC over HTTP needs to be added as a feature in your server using the server manager etc. depending on the Windows server you are using https://technet.microsoft.com/en-us/library/dd776122(v=exchg.141).aspx
  5. After configuring all these steps, ensure to text using https://testconnectivity.microsoft.com/ for possible cause of errors in other to find a fix.Note: you can also reach this site via exchange. In the console tree click on tools and on the Toolbox pane select Remote Connectivity Analyser.
    This tool is very vital as it will analyse where all the errors hindering outlook anywhere connectivity.

Described Steps to achieve the above mentioned requirements

Step 1 Auto discover. Check on you Webserver (IIS) on exchange server.
To get here click on the server manager and expand the roles, select webserver and then Internet Information Service (IIS) and ensure you have your Autodiscover and RPC etc. available.

Now click on the DNS manager,
Expand the forward lookup zone,
Create an A record for your Autodiscover in your DNS to resolve both internal and external IP Addresses.
Note: these are the IP address assigned to the internal and external URL (i.e. the IP in which these URL can be reached externally and internally).

Step 2 Enabling Outlook anywhere

Note: You should have your internal and external virtual directory URL (FQDN) in place already in order for users to be able to access outlook/OWA internally and externally, most at times they are the same but can be different as well.

This can be done under the server configuration,
select client access
and on the Action pane select configure External Client and
then click on Enable Outlook Anywhere.
Now click on Properties to select the Authentication type and hostname.

See link and steps below for better understanding.

You would also enable the Client Access server for Outlook Anywhere to work or the external host name must be specified by using the Enable Outlook Anywhere wizard or by using the Power Shell as well. See link https://technet.microsoft.com/en-us/library/aa996902(v=exchg.141).aspx       

Configuring the External hostname

  1. In the console tree,
  2. Navigate to Server Configuration and the click on Client Access.
  3. On the action pane, click Properties.
  4. On the Exchange (Default Web Site) Properties page, click the Outlook Anywhere tab.
  5. In the text box under External host name, enter the external host name to use for this site.

Note: Now select the authentication method you would like to use and this can be done via PowerShell or EMC, see link https://technet.microsoft.com/en-us/library/bb124149(v=exchg.141).aspx

But in my case we chose – NTLM

Step 4. Configure SSL Offloading for Outlook Anywhere. This is usually done the very first time you enable outlook anywhere wizard. Just enable SSL offloading by selecting the check box next to Allow secure channel (SSL) offloading and see link for further information if needed https://technet.microsoft.com/en-us/library/aa998346(v=exchg.141).aspx

Step 4. Note: Without SSL, there is no way we can make use of Outlook anywhere except we have rpc virtual directory configured to use Secure Sockets Layer (SSL).

See link on the configuration steps https://technet.microsoft.com/en-us/library/aa995982(v=exchg.141).aspx

Note: But in my case I had all these configured before but just to fix some basic issues not enabled which might be of help to you.

Step 5: Create a certificate request, create a certificate and install the certificate by completing the certificate request.

Exclaimer Signature Manager

The Exclaimer Signature Manager Exchange Edition is the award-winning signature software solution
for Exchange 2010/2007/2013 as at the time of writing and it automatically adds all company emails for professional
e-mail signatures.
Here are some of the features:

  • Central management of email signatures of your organizations
  • Create different email signatures for different teams and departments

Setup is pretty straight forward.
Contact me should in case you need help!

Changing password feature Outlook Web Access for Exchange

Changing password feature Outlook Web Access for Exchange 2013 and 2016

—-task 1–

Allow Password Resets for Non-Expired OWA Accounts

The first scenario is rather easy and already existed in Exchange OWA since version 5.5, so even in Exchange 2013 this feature is activated by default. It gives the mailbox user the possibility to change a AD password from within OWA – similar to when the end user forces to change a domain password from his or her own PC.

Log on to your OWA environment using your company’s OWA URL. In my example, it is https://owa.iamct.org/owa, but it can be about anything in your environment.
Now go to your mailbox settings and click on the gear wheel icon in the upper-right corner of your OWA 2013, next to your mailbox name.
login Outlook Web Access (OWA)

Click on Settings, and a small context menu will open up from which you can select Change Password. This will bring you to the Change Password settings page.

Enter your current Active Directory password, followed by your new password twice. Although the password change should be successful and you expect a confirmation of this, I noticed I was actually immediately redirected to the Outlook Web App logon page again. Not sure if that is intentional or a small bug.
If something goes wrong during the password change process, you’ll receive a notification popup. A common problem is not having a new password according to the company’s security password policy settings.

—task 2—

Block Change Password Feature for All Users

Now, imagine you don’t want to give this feature to your endusers, or maybe not to all of them. In this case, you have to modify certain settings on the Exchange server-side.

Logon to your company’s Exchange Administrative Center with an Exchange Admin account, using this default URL.
From within the EAC, select Servers / Virtual Directories.

From within the list of Exchange Virtual Directories, select OWA (default website).
Open its Properties, which by default looks like the image shown below
From this list, notice the Change Password flag. Remove the flag if you want to turn this feature off for all users. (Note: if you only want to take this feature away from certain users, continue reading!)
Save the changes and done. When logging into OWA with a mailbox user, notice the Change Password option is not listed in the settings menu anymore.
Sponsored

—task 3—-

Block Change Password Feature for Specific Users

The above feature is very useful and most probably used as a security policy in certain companies to prevent AD password resets over the Internet (although all communication is encrypted by SSL-certificates, but hey, who are we to argue with a security officer, right?), you might have a case in which you want to block the change password feature within OWA, but not for all users. In that case, another few settings need to be changed on the Exchange 2013 server.

Create a new custom OWA security policy
Link the new custom OWA security policy to a mailbox / multiple mailboxes
Here’s how to achieve this:

From within the Exchange Admin Center, go to Permissions / Outlook Web App Policies.

Notice the default policy that is already there; when opening its properties, you will see all OWA security features are enabled by default.

Now let’s create a new policy by clicking on the plus sign (+) icon.
Let’s give it a descriptive name of Block Change Password. Remove the flag from the Change Password feature here, and save the policy.
In the next step, we will apply this new policy to a single mailbox as follows:

Go to Recipients and select the individual mailbox you want to get this policy applied.
In the right pane, go to Email Connectivity.
Select View Details.
Notice the field is empty, actually meaning the default policy gets applied. Click Browse… and select the new custom Block Password Change policy.
When logging into OWA for that specific mailbox user, you will notice the change password setting is not available anymore.

In the last step, we will apply this new policy to multiple mailbox users as follows:

Go to Recipients and select the multiple mailbox users for whom you want to get this policy applied. In the right pane, go to Outlook Web App.
Select Assign a policy. This will open the Bulk assign Outlook Web App window.

Notice the field is empty, actually meaning the default policy gets applied. Click Browse and select the new custom Block Password Change policy we created earlier.
Now when your mailbox users go to login to OWA, they will notice the change password setting is not available anymore

How to change Password using Outlook Web Access (OWA) for Exchange 2013/2016/2019

The first scenario is rather easy in Exchange 2013 and this feature is activated by default. It gives the mailbox user the possibility to change an AD password from within OWA. This is similar to when the end user forces to change a domain password from his or her own PC.

Log on to your OWA environment using your company’s OWA URL. In my example, it is https://owa.xxxxx.de/owa

Now go to your mailbox settings and 
click on the gear wheel icon in the upper-right corner of your OWA 
Login Outlook Web Access (OWA)
Click on Settings, and a small context menu will open up from which you can select Change Password. 
This will bring you to the Change Password settings page.
Enter your current Active Directory password, followed by your new password twice. 

Afterwards, the password change should be successful and you expect a confirmation of this. If there is anything short of the success message, you will receive a notification popup.
– Most common problem is not having a new password complying to the company’s security policy settings.

To disable this feature for users, see the associated link here https://techdirectarchive.com/2020/01/28/how-to-disable-password-change-for-all-users-exchange-server-2013-2016-2019/

To have this disabled for selected users only, see the following link https://techdirectarchive.com/2020/01/28/allow-password-change-for-specific-users-in-exchange-2013-2016-2019/