Monday, October 30th, 2006
Ok – my preference for installations of SBS2003 is to do a totally fresh installation. However there are times when this is not possible due to budget contraints or time limitations. I’ve had two such customer scenarios this week that needed to have the inplace done, one for budget reasons, and the other for time constraints. So we’ve used the inplace upgrade method. Before using the in place upgrade method I’d considered a few things.
1. Did I install SBS2000 on this system? I look at this as I want to ensure that it’s a system that I’ve controlled for it’s life. If I didn’t install it then there may be a heap of underlying issues just waiting to bite me.
2. Is the hardware capable to run SBS2003 for the next 2-3 years. In the case of the systems I’ve done this week, both were for 5 user sites, one was a 2.4Ghz system with 1GB RAM which was fine, the other was an 800Mhz system with 1GB RAM which was at the very low end of what I wanted. I advised the 800Mhz customer of this and he was fine – wants to replace the server next financial year anyway.
So here’s the process I followed in these upgrades this week. Both of them had RAID 1 using software mirroring, so we disconnected the mirrored drive before we commenced as our utlimate backup plan, and then later once it was done and we knew the upgrade was 100% we reconnected it and reconfigured the mirror.
Preflight Check these can all be done prior to the day of the upgrade to minimise the downtime
Check workstations if any Win95 or Win ME then upgrade can not proceedCheck SBS2000 Service Pack levels must have SBS 2000 SP1 installedMinimum 2GB Free on C: DriveEnsure ISA SP1 is installed (v3.0.1200.50 if no SP, v3.0.1200.166 SP1)Install hotfix for ISA for W2003 Server (ISAHF255.exe KB331062)Download and unpack the latest supportpaq from HP for the serverClean up drives, delete files not needed and empty recycle binDefrag drives (if time permits do this remotely)Verify backups are good
Rollout ProcessEnsure the Internet NIC is disconnectedDisconnect the mirrored hard drive (if it s a dual drive mirrored system)Remove any UPS cables to the serverRemove Exchange IMRemove Admin toolsRemove AV softwareRemove Scanmail for ExchangeRemove Trend Client from the serverRemove OfficeScan Corporate Edition from the serverRebootNote any specific config options that need to be reinstated later
a. Exchange forward all mail to specific hostCHKDSK /f on all hard drivesSave and clear event logsReboot serverCheck event logs note / decide on action about ANY errorsInsert SBS2003 CD1 and commence setupDuring the W2003 installation portion of setup, if it asks you for drivers for the HP/Compaq server, insert the SmartStart CD as it has the drivers the system needs.Phase 2 of the SBS SetupReboot and complete the To Do listDo not do step 6 of the to do list Import Files as we don t use this optionDetune ISA securityRemove the authenticate all users from the outbound web listenerWindows Update & rebootReview loginscripts to ensure that they are correct and do not have any additional characters in themTest one workstation on LAN verify access to email, files etcInstall ISA FP1, ISA FP1 URLSCAN (isafp1ur.exe), ISA SP2Install Trend AV & configureInstall GZIP Hotfix, E2003SP1 and Post SP1 SBS HotfixModify hardware firewall to add additional ports and protocols443,444,4125Shutdown and configure the mirror the original hard drive
Workstation rollouts Assign applications to all workstations from the SBS console wizardsRemove old AV & rollout the new AVAdd users to be able to logon remotely via RWW on the desktop computers
Verify all AV clients are seen in the AV console
Monday, June 27th, 2005
Most people know about using logon scripts, but few know that you can actually put in place a logoff script which is executed when the user logs off the network. So what can you do with these scripts? Things like using them to delete temporary files various folders etc and clearing out things like that from the computer that the user has used.
The following MS KB articles apply to Windows 2000, but equally apply to Windows 2003 and Small Business Server 2003
How to assign scripts in Windows 2000
Overview of Logon, Logoff, Startup and Shutdown Scripts on Windows 2000
Tags: Administration, SBS 2000, SBS 2000 SP1, SBS 2003 Premium, SBS 2003 R2 Premium, SBS 2003 R2 Standard, SBS 2003 SP1 Premium, SBS 2003 SP1 Standard, SBS 2003 Standard
Posted in FAQs | No Comments »
Sunday, September 7th, 2003
I’ve configured my internal domain as company.com despite Microsoft’s best practices suggesting I call it company.local and now when I attempt to go to our externally hosted website atwww.company.com I get 404 errors. The website works just fine if I connect to it from the outside world. How can I resolve this?
In order to do this you need to add an A record to your internal DNS server on SBS2000 or SBS2003. To do this use the following process.
1. Start the DNS Management console by Start > Programs > Administrative Tools > DNS
2. Drill down into the SERVERNAME, then Forward Lookup Zones and then your domain name.
3. Right click the domain name folder and select New Host from the menu
4. Enter www into the Name box
5. Enter the external IP of the website as provided by your ISP or web hosting company and click Add Host
You should now be able to access your external website located at your ISP.
Tags: Internet Access, SBS 2000, SBS 2000 SP1, SBS 2003 Premium, SBS 2003 R2 Premium, SBS 2003 R2 Standard, SBS 2003 SP1 Premium, SBS 2003 SP1 Standard, SBS 2003 Standard
Posted in FAQs | 3 Comments »
Wednesday, July 9th, 2003
August 17, 2002 – SBS 2000 SP1 http://www.microsoft.com/sbserver/downloads/sp1.asp
July 11, 2003 – SBS 2000 SP1a -http://www.microsoft.com/sbserver/downloads/sp1a.asp
Wednesday, July 9th, 2003
Microsoft released SBS Service Pack 1a shortly after releasing Service Pack 4 for Windows 2000. SP1a includes all the same inclusions as SP1 did, but they have replaced Windows 2000 SP3 with SP4. You can obtain SBS SP1a fromhttp://www.microsoft.com/sbserver/downloads/sp1a.asp
Friday, May 9th, 2003
User password security is always important, but the single most important user account on your network is the Administrators account. For the best security, the password for this account MUST be a combination of upper and lower case letters, numbers and punctuation and ideally 8 characters or more. This will provide a password that is very hard to guess using dictionary lookups or brute force password attacks.
Changing the Administrators password is also relatively simple, but varies depending on the server environment that you have.
Windows NT 4.0 Server
On a simple NT4.0 server network, you can change the administrators password using NT User Manager.
SBS 4.0 and 4.5
These versions of SBS include Exchange Server and the account used to run the exchange server is the administrators account, therefore you can’t simply use the NT User Manager as if you do then it will result in the Exchange Server services not starting when you next reboot your server. Always change the administrators password via the SBS Administrator console – under the covers, the console will also alter the default Exchange Server services to use the new password and you will not have any problems.
SBS2000 and SBS2003
These systems are less reliant on the administrator account password and as such you can change the password using the Active Directory Users and Computers management console.
Other considerations for ALL systems
In addition to actually altering the password, don’t forget that there may be other services in the system that rely on the Administrator password, common programs include;
– Antivirus software for access to the internet via the Proxy or ISA server,
– Backup programs which have the password saved in the backup script,
– SQL Server – if you have altered it’s services to run under an account different from the default LocalSystem account.
– Scheduled Tasks via the inbuilt task scheduler
Wednesday, April 23rd, 2003
When you perform the initial installation of SBS2000, you get to choose the location and size of the ISA Server cache. There is no wizard in SBS to change these post-installation. The following procedure will allow you to manually change the location and size of these files which can improve performance of your ISA server if you access a large number of pages from the ISA Server cache.
1. Run the SBS Administrators Console
2. Expand the Internet Security and Acceleration Server 2000 node on the tree.
3. Expand Servers and Arrays node
4. Expand the Server node
5. Expand the Cache Configuration node
6. Expand the Drives node
7. On the right hand pane you will see your server name along with the total amount of space dedicated to ISA Server caching on the whole server.
8. Right click on the Server name and select Properties
9. Here you can select a drive to put the ISA server cache files on and specify a size for the files on that drive. You need to press the Set button after each entry. You can split the ISA cache files across multiple drives, but you have no real control over what content goes into which drive cache, so the only real benefit here is to give yourself more space for ISA cache in a tightly packed system. After you set the size, then press OK to make the changes complete.
Wednesday, April 23rd, 2003
The default password policy will result in users password expiring every 42 days by default. No other options are set by default. Other options to be considered are minimum password lengths, the number of old passwords the system remembers, the maximum password age and account lockout details. To access this you need to run the Domain Security Policy console which is in the Administrative tools program group.
1. Expand the Account Policies node
2. Expand the Password Policy node – here you will be able to set the following
Enforce password history = this is the number of passwords the system will remember so that users can alternate between 2 or 3 passwords.
Maximum password age = this is effectively the time between mandatory password changes for the user accounts
Minimum password age = this setting will prevent the user from changing their password too quickly – when used in combination with the Enforce password history option above, it will prevent a user from alternating between a series of set passwords.
Minimum password length = this is the number of characters that a password must be at a minimum.
Passwords must meet complexity requirements = use this option if you want to enforce the users to have strong passwords, i.e. with letters and numbers etc.
Store password using reversible encryption for all users in the domain = this option is normally set to disabled, but some applications may require you to use it in the enabled state
3. Once you have set the Password Policy, you may also want to consider setting the Account Lockout Policy which is the node in the tree directly below the Password Policy. Here you can set the number of invalid password attempts within a certain time period will lock the users account either until an administrator unlocks the account or a preset timeout period where it is unlocked by the system.
Friday, March 28th, 2003
In a small office environment there is often the need to see multiple calendars at once. Microsoft have produced a small add-on for Outlook that will allow you to see and combine multiple calendars into one. It’s called the Team Calendar for Outlook. You can download it direct from Microsoft at the following link.http://www.microsoft.com/downloads/details.aspx?FamilyID=3dc677cc-1423-436a-b6f8-333ca9df36e2&DisplayLang=en
Thursday, December 5th, 2002
The default installation of SBS2000 uses an internal IP address of 192.168.16.2. If you want to change it later then you need to make a number of alterations within SBS,
1. Change the IP address on the Internal Network card to the new IP address. Whilst here remove any IP addresses for the DNS server and press OK. You will get a warning and it will point it the DNS settings back to itself (127.0.0.1) – note you can not manually enter 127.0.0.1 into this field.
2. Go into the DNS server properties and change the IP address that the DNS server will listen on to the new IP address (should be listed)
3. Go into the DHCP Server console and review the DHCP scope – the DHCP scope will reflect the old IP address. You need to create a new DHCP scope which reflects the new IP address and the desired range. You will also need to add a number of scope options for the DHCP clients to work effectively. Options that need to be added include the following;
003 Router = New IP address of the server
006 DNS Server = New IP address of the server
044 WINS/NBNS Servers = New IP address of the server
046 WINS/NBNS Node Type = New IP address of the server
4. Run the Internet Connection Wizard and ensure that in thelocations where the old IP addres was are set to the new IP address.
5. If you have setup RRAS for VPN or remote access then you may need to alter any custom settings for the IP addresses given out to.