This project is read-only.

In brief:

This application will not work directly without any modification as it has been created for company I am working for. However, I believe that with a few small changes you can have it running in your environment.

Feel free to contact me if you need help to get it running on your webserver ;-)

To have the best performance for its users, this tool gathers a couple of information from text files. These text files are created by PowerShell scripts which you can also find in the Source code portion of this page.
I recommend to have Scheduled Tasks running those scripts to have current data.

I named the dev-version of my tool delinpocs, the name can change to what you like, it is not hardcoded, just part of the screenshots.


This website runs and was only tested with IIS 7.5 on a Windows Server 2008 R2 machine.
It requires .Net Framework 4.5, Windows PowerShell version 4, Active Directory Users & Computers and
the Exchange Management Console has also to be installed on this web server.

Configuration in DNS:

Create an A-Record named as your application. This name must be the same as the SPN and I recommend also be chosen as application pool name. In this screenshots you find delinpocs, but the name can be changed according your taste ;-)

Configuration in Active Directory:

On the webserver computer object, allow Delegation, choose 'Trust this computer for delegation to any service (Kerberos only)'


Add service principal names on the webserver computer object. For:
- Host: Servername
- Host: Servername (FQDN)
- HTTP: Servername
- HTTP: Servername (FQDN)
- HTTP: otherDNSname <- the one for your application name
- HTTP: otherDNSname (FQDN) <- the one for your application name


Configuration of the .Net:

This tool uses PowerShell through C# classes in order to communicate with Exchange and to set the NTFS permissions for the user's home-drive. To use powershell out of this web application, running as the user who is using this application ( authenticated user) it is a must to change all the aspnet.config files in the following folders:

.NET 2.0 32-bit: C:\Windows\Microsoft.NET\Framework\v2.0.50727
.NET 2.0 64-bit: C:\Windows\Microsoft.NET\Framework64\v2.0.50727
.NET 4.0 32-bit: C:\Windows\Microsoft.NET\Framework\v4.0.30319
.NET 40. 64-bit: C:\Windows\Microsoft.NET\Framework64\v4.0.30319

<legacyImpersonationPolicy enabled=”false”/>
<alwaysFlowImpersonationPolicy enabled=”true”/>

Configure IIS related Kerberos buffer:

Change is important to ensure the tool runs smooth, even if the user is member of several hundred permission groups.

Configure IIS:

1. Add a new we-site and name it like your application.


2. Open it and change to the ISAP and CGI Restrictions, verify that ASP.NET v4.0.30319 is allowed.


3. Configure the ApplicationPool properties for the application as 'Integrated Pipeline' running as managed code with '.Net Framework 4'.


a) Configure Authentication ASP.NET Impersonation and Windows Authentication Enabled, the rest Disabled.


b) Configure Windows Authentication and choose Kerberos Negotiate


c) Choose Extended Protection Off and uncheck Enable Kernel Mode authentication


5.) Change the binding of the website, set the host-header. The port can be any you like. Just remember to set is the same as the A-Record you previously created and it must match the SPN you set on the computer object.


6.) Assign Read-Only NTFS - permission to the ApplicationPool Identity (here: delinpocs) on the directory where the website is located.



Environment configured. - Adjust the source code to enjoy the application :-)

Last edited Feb 13, 2015 at 1:25 PM by Juanito99, version 26