Appendix B: Advanced Users: Installation Summary of FolderMatic

 Top  Previous  Next

These installation summary instructions are for existing users already familiar the installation process.  If you are new user or are not familiar with the installation process, use the detailed install process in the next section: Step by Step Pre-Installation Instructions.

If you are already using Add2Exchange for Calendars, Contacts and Tasks, use the same account to install FolderMatic.  Since the Add2Exchange Service Account already has the appropriate permissions, you can skip to the installation section located here: Installation of FolderMatic and Upgrade Process Overview.

Important: FolderMatic 1.0 requires the .Net Framework and if it is not installed, it will require a reboot.  In some instances, the installation procedure will require a reboot for the installation to complete properly.  Plan your installation for a service maintenance window as appropriate.

NOTE: Please implement ALL OF THESE PREREQUISITES in the order listed below prior to installation of the software!

Back up your folders before installation to ensure your data.
Ensure the .Net framework 2.x or 3.x or later has been installed and all Service Packs have been done in Add/Remove programs and Windows Update. Use the new Microsoft Update to update all Windows machines and Microsoft products on the server.
Please see section System Requirements to make sure your server has the minimum Hardware and Software requirements.
If not installed on the Exchange Server, the FolderMatic Software can be installed on a server dedicated for other purposes.  Although the server may be used for other purposes such as a Blackberry Server, Backup Server, or File Server, the server should not be used daily as a user's workstation.  It is not recommended that you install FolderMatic on a user's workstation unless Outlook is installed without the optional CDO component, Exchange System Manager is installed.
Some users go against advice and use FolderMatic using Outlook with the optional CDO installed.  This configuration requires the Outlook security warnings to be suppressed with a third part program such as Mapi Labs or Express Click YES.  Since these security warnings are designed for security, eliminating them is not the best configuration to enhance your Email security.  Again, using Outlook with Outlook CDO is possible, but NOT recommended and not supported under the free support policy.
If Exchange or System Manager is installed, then Collaboration Data Objects (CDO) is already installed on your Server correctly.  Please go to next step. If FolderMatic is not being installed on the Exchange Server, we recommend using the same version of Exchange System Manager from the installed Exchange Server located on the Exchange Setup media. 
Log on as the Domain Administrator of your Domain so you can make an account to run "FolderMatic".  READ THE FOLLOWING CAREFULLY!
Open up Active Directory. Make a Global or Universal Security Group. We suggest making a Universal Security Group if it is available or else make it a Global Security Group. Since FolderMatic is a companion product to Add2Exchange, and you may use it someday, in order to be consistent we suggest calling the group something like Add2ExchangeSecurityGroup.  The pictures in the step by step instructions have these as their names since it needs the same power and it made making the manual easier.  Do not make an email address for the group, but do make one for the account.  You will have to open up the Service Account in Outlook or OWA to fully initialize the mailbox in one of the next steps.

Tip: Do not use an existing group for this purpose. Call the Security Group anything you want, but be descriptive and be sure it is a new one. There is no need to make a mailbox for the Security Group. For more information on making a Security Group in Exchange 2000 and Exchange 2003 permissions, please see: http://support.microsoft.com/kb/292509/en-us.

Next, in Active Directory, make a new user to be used as the Service Account.  Make sure the container you make the account does not have any Active Directory Policies on the container.  Since FolderMatic can be used with Add2Exchange, we suggest making the account named something like "zadd2Exchange" or whatever you name your service accounts.  Since the Service Account cannot be hidden from the Global Address List (GAL), we suggest naming it with a "z" in front of the name so it falls to the bottom of the GAL. and is less confusing to users.  Then make an email address for the Service Account. 

Be careful, you will not install the software as the domain admin or administrator account, rather you will log off and back on to the target server as the new FolderMatic Service Account.

Once the Service Account has been made and the mailbox has been authorized to be created, open the properties of the Service Account and select the Member Of tab.  Give the Service Account memberships to ONLY the following security groups:

Administrators

Domain Users

Pre-Windows 2000 Compatible Access

A2ESecurityGroup (or whatever you called your new Security Group)

Use ONLY the account memberships specified above.  There is usually no need for Terminal Service Users or Remote Desktop since the Administrators group inherits this permission.  There is also no need to include it in your custom groups for file system access, since the Service Account only needs local access for synchronization.

IMPORTANT: The Service Account should not be part of the Domain Admins or Exchange Domain Servers Group.  If it is, you must remove those two groups now OR FOLLOW THE MANUAL AND ACTUALLY CREATE A NEW ACCOUNT. Please follow closely the rest of these instructions and make sure your system conforms to our new requirements in order to better support you. 

ESSENTIAL: If FolderMatic is installed on a server other than the Domain Controller or the Exchange Server, be sure to make sure the Service Account is part of the local Administrators group of the server it is installed on AND part of the local Administrator's Group on the Exchange Server.  If the Exchange Server is a Domain Controller, then being part of the Administrator's Group is enough.  The Service Account must have Administrator credentials in order to be able to test to make sure the Exchange Server is up and ready to allow synchronization.  Again, it cannot be part of the Domain Admins group or FolderMatic will fail to log on and clone the folders correctly. 

Next, still logged in as your Domain Admin, open Exchange System Manager (ESM) and go to the top level of the Organization, right-click, and select Properties.  If there is not a Security tab, for your convenience we have included a helper program in the zip file you downloaded called "ExchangeRegistrySecurity.exe".  Run this on the Cloning Server and it will add the necessary registry entry for the current user to be able to see the Exchange Security Page in Exchange System Manager. 

For more detailed information on what this program does, or to add the registry entry manually like some of us geeks do, please refer to Microsoft's instructions :   http://support.microsoft.com/default.aspx?scid=kb;EN-US;264733

Once you can see Exchange System Manager Security tab, refresh the page or right-click the very top level of the system tree, go to properties and add the new Security Group you made in the previous step.  By default, adding the Security Group gives the security group all rights – leave all rights and click Apply.

IMPORTANT: In this step, please DO NOT ADD the Service Account (zAdd2Exchange). If you have the actual Service Account listed in the Account Security Assignment Window at the Organization Level, you MUST remove it now. The Service Account should be a member of the Security Group and only the Security Group should be added.

Tight Security Tip: You COULD add the new Security Group only to the Administrative Group that contains the mailboxes and Public folders and not the entire organization, but adding it to the entire organization is quick and easy, allows for ASP operations, has easier configuration and allows for growth in a multi-server environment.  It also allows this account to manage itself and it's own permissions, which is helpful.

Next, you will need to make sure the Security Group is inherited down through your Organizational Unit, and to your Mailboxes and Public Folders.  Right-click on your Mailbox Store and go to Properties, Security.  The Security Group should be listed there of which the Service Account is now a member with the check boxes "grayed out" to indicate inheritance from the parent.  This is normal.  Go on to the section Initialization of the Service Account Mailbox.

If the Security Group is not there, your organization does not have inheritance turned on in your Exchange Server hierarchy.  You can either add the Security Group there now or enable inheritance.  Caution: For minimal disruption, we suggest adding the Security Group there now.  There was a reason why inheritance was turned off, so the simplest way is to add the Security Group there with full rights.

If you had to add the Security Group, please make a note to discuss with your Exchange Administrator or Computer Service provider why your Exchange Server does not have inheritance, and rectify as part of a completely different, future assignment.