Forefront Protection for Exchange

#Exchange #Exchange2010

So it’s been annoying me, when Forefront sends you an email, the from address it is a bit pants, and I want to change it.  By default it’s ForefrontServerProtection@servername.server.

I looked around the PowerShell add in for Forefront and drew a blank so after a bit of googling I found this:

Essentially …

Changing the From address for notifications

FPE utilizes SMTP messaging for notification purposes, placing the message in the SMTP service Pickup folder and resolving the Exchange name with the Active Directory directory service. By default, the server profile used for identifying notifications is: ForefrontServerProtection@servername.server. However, you can change this server profile by modifying the FromAddress registry value.

To modify the FromAddress registry value

Open the Registry Editor and navigate to the following registry key:

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftForefront Server SecurityNotifications

Modify the default value of FromAddress to the sender name you would like. Alphanumeric characters are acceptable. You may also use the at sign (@) or a period (.), but these characters cannot be the first or last character. Any illegal characters will be replaced with an underscore (_).

You must restart the relevant Microsoft Exchange and Microsoft Forefront Server Protection services in order for this change to take effect.

What computer locked me out

So following on my other two posts Who locked me out? and AD Account Lockout is what is probably the last on this subject .. What computer locked me out.

Found this and its shweet:

My problem today, was that some donkey was logging on to server using a service account, and getting the password wrong Disappointed smile and so locking the service account out!

So you can check on the server itself in the security log for event id 529.  The hope is that this will show a Source Network Address.

What you can then do is use the following command with the Source Network Address to find the donkey that is using the computer and so locking the account out!


This should return the username currently logged!  How cool is that?!