Manage Email Signatures Centrally - For All Users

metropolitanhotel · Just can't stay away Joined: 25 Jul 2007 Posts: 22

I'm having a fairly major problem with my eMailSignature rollout when it comes to Group signatures. Since the release of windows 2003 it has been possible to nest security groups within other groups without complex rules of global groups, local groups etc. As such, we have a tiered group structure that works like this:

- Site 1
--- Department 1
----- Role 1

- Site 2
--- Department 2
----- Role 2

When a user is created the user is added to the appropriate Role group, lets say Accounts Clerk, which then inherits the permissions of the Department group, eg Accounts Dept. This group of course inherits the site group, meaning that our user is effectively a member of the Site group though inheritance.

The problem I'm facing is that eMailSignature's group lookup function only supports group membership, but not inherited membership. This means if I want a default signature for my site I can't define the Site group as it has no user accounts in it. For the users to inherit the right signature I'd either have to add them all to the site group individually (defeating the purpose of tiered groups) or define individual group signatures for each role-level group. This would be a LOT of work!

Any advice of how I might be able to get around this problem? Is there perhaps a way to parse extra switches to the database string to force a certain signature? Is the only option to hold seperate databases for each site and setting the default there? This would require new license keys I'd assume.

Thanks in advance...

David

Jesper Frier

metropolitanhotel · Just can't stay away Joined: 25 Jul 2007 Posts: 22

Hi Jesper,

Thanks for getting back to me Smile

Wow, query based distribution groups are great! I hadn't played around with them until now... thanks for bringing them to my attention, however as you say it is unfortunate they are not supported by emailSignature yet Sad

I've tried Nested Distribution Groups now and unfortunately they don't work either. I created groups as follows:

Grp1
----Grp2
--------User

I then tell emailsignature to apply group settings to Grp1 but it doesn't apply when I log in as the user Sad

Any other ideas? I really don't want to add hundreds of user accounts to new groups specifically to handle email signatures.

Jesper Frier · Posted: Wed Sep 19, 2007 4:29 pm Post subject: Nested Distribution Groups

Hi,

I come to the same conclusion as you ... Embarassed

Works for Admin, but not for User (i.e. Jens Jensen in my test below) where default and reply is blank.

IT Distribution
---- IT Nestet Distribution
-------- Administrator :D
-------- Jens Jensen :cry:

Summary
Group settings are not deployed to users (only admin).
Full Signature Report (found in Available signatures menu) is not executed.
Status Monitor is not executed.

Do you have anything to add before we come up with a solution?

Thanks
Jesper

metropolitanhotel · Just can't stay away Joined: 25 Jul 2007 Posts: 22

Oh, I didn't realise it works for administrator... no idea why though Confused

Anyway, ideally Query-based distribution list support would be the ultimate solution if possible. There is so much scope there!

Don't know if it is worth mentioning but I use the windows tool gpresult to produce a list of effective group membership:

gpresult > C:\gp.txt

This will produce a long file with a section at the end containing:

The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
IT - Metropolitan London
IT Sysadmins - Metropolitan London
IT Managers - Metropolitan London

My accounts in only in the IT Managers - Metropolitan London group, the other 2 IT groups are inheritted. I assume gpresult uses some form of query to AD to lookup these details, perhaps LDAP, but no idea what. Maybe this helps...

Bjarne Mess · Posted: Thu Sep 20, 2007 10:50 pm Post subject:

Hi,

Please get the latest sign.exe 4.9.0 from the download section. This will solve your group deployment issues.

We are considernig support for query based dist lists as well.

Please let us know how it goes.

Thanks.
_________________
</Bjarne> | Test Email Signature | Showcase |

metropolitanhotel · Just can't stay away Joined: 25 Jul 2007 Posts: 22

Sorry it's been so long since I've replied in this thread... My attention was drawn onto other projects.

Unfortunately sign.exe 4.91 is displaying the same symptoms. Here are the tests I have performed on the new version:

My user is in the Global Security group "IT - Sysadmins". This group is a member of "IT Department". I have assigned a specific set of signatures to IT Department, but when the user logs in, sign.exe runs fine but it doesn't apply the IT Department group settings to the user. If I move the user out of "IT - Sysadmins" and into "IT Department" however it works perfectly.

I have tried doing the same test using two distribution groups but the same applies - the user must be in the specific group, not an inheritted group.

Please let me know if I can provide any more information.

Regards,

David

Jesper Frier · Posted: Fri Nov 09, 2007 9:04 am Post subject: Distribution Group

Good to hear from you again ... Smile

In my test nested Distribution groups works.
This is how I tested and please let me have your feedback:

IT Department (Global Distribution)
- David M. Marinoff (Domain user, IT Department)
---- Sig1 (test2) Smile

---- IT-Sysadmins (Global Distribution, member of IT Department)
-------- Administrator (... , IT-Sysadmins)
----------- Sig2 (Office add-on Ltd.) Smile

-------- Jens Jensen (Domain user, IT-Sysadmins)
----------- Sig2 (Office add-on Ltd.) Smile

Status Monitor:

Active Directory setup:

eMailSignature Group setup:

I used:
1) eMailSignature v.4.9.1 (Sign.exe and Cockpit.exe)
2) Active Directory 2003
3) Outlook 2003

metropolitanhotel · Just can't stay away Joined: 25 Jul 2007 Posts: 22

Ah yes, that is indeed working but it's not exactly what I'm after. Using your example, Jens and Administrator pickup the Office add-on Ltd signature because of the group they are direct members of. But what about the IT department group? They are also a member of that group by inheritance, but emailsignature does not give them the test2 signature.

Say you had not defined the Sysadmins in the groups configuration... what would happen then? Jens and Admin would not be recognised as being in a group at all and subsequently would not receive a signature at all.

IT Department <---------- signature defined here
---Sysadmins
------User

In the diagram above, to get User to pick up a siganture you'd either have to put him directly in the IT Department group, or define a signature for the Sysadmins group.

Does that make more sense?

Jesper Frier · Posted: Sat Nov 10, 2007 8:26 am Post subject: Groups

Hi david,

I have no longer this specific setup runing in my test environment. But I shall comment anyway ...