Wednesday, April 23rd, 2003
When you perform the initial installation of SBS2000, you get to choose the location and size of the ISA Server cache. There is no wizard in SBS to change these post-installation. The following procedure will allow you to manually change the location and size of these files which can improve performance of your ISA server if you access a large number of pages from the ISA Server cache.
1. Run the SBS Administrators Console
2. Expand the Internet Security and Acceleration Server 2000 node on the tree.
3. Expand Servers and Arrays node
4. Expand the Server node
5. Expand the Cache Configuration node
6. Expand the Drives node
7. On the right hand pane you will see your server name along with the total amount of space dedicated to ISA Server caching on the whole server.
8. Right click on the Server name and select Properties
9. Here you can select a drive to put the ISA server cache files on and specify a size for the files on that drive. You need to press the Set button after each entry. You can split the ISA cache files across multiple drives, but you have no real control over what content goes into which drive cache, so the only real benefit here is to give yourself more space for ISA cache in a tightly packed system. After you set the size, then press OK to make the changes complete.
Wednesday, April 23rd, 2003
The default password policy will result in users password expiring every 42 days by default. No other options are set by default. Other options to be considered are minimum password lengths, the number of old passwords the system remembers, the maximum password age and account lockout details. To access this you need to run the Domain Security Policy console which is in the Administrative tools program group.
1. Expand the Account Policies node
2. Expand the Password Policy node – here you will be able to set the following
Enforce password history = this is the number of passwords the system will remember so that users can alternate between 2 or 3 passwords.
Maximum password age = this is effectively the time between mandatory password changes for the user accounts
Minimum password age = this setting will prevent the user from changing their password too quickly – when used in combination with the Enforce password history option above, it will prevent a user from alternating between a series of set passwords.
Minimum password length = this is the number of characters that a password must be at a minimum.
Passwords must meet complexity requirements = use this option if you want to enforce the users to have strong passwords, i.e. with letters and numbers etc.
Store password using reversible encryption for all users in the domain = this option is normally set to disabled, but some applications may require you to use it in the enabled state
3. Once you have set the Password Policy, you may also want to consider setting the Account Lockout Policy which is the node in the tree directly below the Password Policy. Here you can set the number of invalid password attempts within a certain time period will lock the users account either until an administrator unlocks the account or a preset timeout period where it is unlocked by the system.