Posts Tagged ‘SBS 2003 SP1 Standard’

How to put a recycle bin in Companyweb / Sharepoint Services v2.0

Friday, January 19th, 2007

A question from a fellow SBS MVP today made me realise that I’d not posted here about the fact that you can add a Recycle Bin to SBS’s Companyweb even while it’s running Sharepoint Services v2.0.

http://msdn.microsoft.com/msdnmag/issues/05/02/RecycleBinforWSS/default.aspx

Alternate methods also exist to recover information from Companyweb such as restoring the site from backup (but that overwrites the existing site), or using the stsadm command line to create a scheduled backup of Companyweb to a flat file and then restoring that to an alternate WSS site called Companyweb2. I’ll document the later shortly and post back here when done.

Tags: , , , , , , ,
Posted in FAQs | No Comments »

SBS2000 to 2003 Upgrades – a checklist for success

Monday, October 30th, 2006

Ok – my preference for installations of SBS2003 is to do a totally fresh installation. However there are times when this is not possible due to budget contraints or time limitations. I’ve had two such customer scenarios this week that needed to have the inplace done, one for budget reasons, and the other for time constraints. So we’ve used the inplace upgrade method. Before using the in place upgrade method I’d considered a few things.

1. Did I install SBS2000 on this system? I look at this as I want to ensure that it’s a system that I’ve controlled for it’s life. If I didn’t install it then there may be a heap of underlying issues just waiting to bite me.
2. Is the hardware capable to run SBS2003 for the next 2-3 years. In the case of the systems I’ve done this week, both were for 5 user sites, one was a 2.4Ghz system with 1GB RAM which was fine, the other was an 800Mhz system with 1GB RAM which was at the very low end of what I wanted. I advised the 800Mhz customer of this and he was fine – wants to replace the server next financial year anyway.

So here’s the process I followed in these upgrades this week. Both of them had RAID 1 using software mirroring, so we disconnected the mirrored drive before we commenced as our utlimate backup plan, and then later once it was done and we knew the upgrade was 100% we reconnected it and reconfigured the mirror.

Preflight Check these can all be done prior to the day of the upgrade to minimise the downtime
Check workstations if any Win95 or Win ME then upgrade can not proceedCheck SBS2000 Service Pack levels must have SBS 2000 SP1 installedMinimum 2GB Free on C: DriveEnsure ISA SP1 is installed (v3.0.1200.50 if no SP, v3.0.1200.166 SP1)Install hotfix for ISA for W2003 Server (ISAHF255.exe KB331062)Download and unpack the latest supportpaq from HP for the serverClean up drives, delete files not needed and empty recycle binDefrag drives (if time permits do this remotely)Verify backups are good
Rollout ProcessEnsure the Internet NIC is disconnectedDisconnect the mirrored hard drive (if it s a dual drive mirrored system)Remove any UPS cables to the serverRemove Exchange IMRemove Admin toolsRemove AV softwareRemove Scanmail for ExchangeRemove Trend Client from the serverRemove OfficeScan Corporate Edition from the serverRebootNote any specific config options that need to be reinstated later
a. Exchange forward all mail to specific hostCHKDSK /f on all hard drivesSave and clear event logsReboot serverCheck event logs note / decide on action about ANY errorsInsert SBS2003 CD1 and commence setupDuring the W2003 installation portion of setup, if it asks you for drivers for the HP/Compaq server, insert the SmartStart CD as it has the drivers the system needs.Phase 2 of the SBS SetupReboot and complete the To Do listDo not do step 6 of the to do list Import Files as we don t use this optionDetune ISA securityRemove the authenticate all users from the outbound web listenerWindows Update & rebootReview loginscripts to ensure that they are correct and do not have any additional characters in themTest one workstation on LAN verify access to email, files etcInstall ISA FP1, ISA FP1 URLSCAN (isafp1ur.exe), ISA SP2Install Trend AV & configureInstall GZIP Hotfix, E2003SP1 and Post SP1 SBS HotfixModify hardware firewall to add additional ports and protocols443,444,4125Shutdown and configure the mirror the original hard drive
Workstation rollouts Assign applications to all workstations from the SBS console wizardsRemove old AV & rollout the new AVAdd users to be able to logon remotely via RWW on the desktop computers
Verify all AV clients are seen in the AV console

Tags: , , , , , , , ,
Posted in FAQs | No Comments »

What exclusions should I use for Antivirus software with SBS 2003?

Monday, July 24th, 2006

This question is asked regardless of the AV software that you use. Below I’ve compiled the standard exclusions that you should use for SBS 2003. These are the ones that we use on our clients.

Server Folder Exclusions
The exclusions listed here should be applied to your SBS server, and where applicable to other servers that host similar applications in your domain.

Exchange related Exclusions
First up you need to be aware, that the default installation of CSM for SMB v3.0 will exclude the Exchange database folders from file level scanning. Therefore I am NOT recommending including these in your exclusions. However there are some other Exchange related exclusions that you need to add to ensure that things operation smoothly.

Listed below are the items and their default locations – your installation may be different.

Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (see note above)
Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata
Exchange Message tracking log files = C:\Program Files\Exchsrvr\server_name.log
Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot
Exchange working files = C:\Program Files\Exchsrvr\Mdbdata
Site Replication Service (not normally used in SBS but should be excluded anyway) = C:\Program Files\Exchsrvr\srsdata
C:\Program Files\Exchsrvr\Conndata

IIS related Exclusions
IIS System Files = C:\WINDOWS\system32\inetsrv
IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files

Domain Controller related exclusions
Active Directory database files = C:\WINDOWS\NTDS
SYSVOL C:\WINDOWS\SYSVOL
NTFRS Database Files = C:\WINDOWS\ntfrs

Windows SharePoint Services
Temporary SharePoint space = C:\windows\temp\Frontpagetempdir

Additional Exclusions
Removable Storage Database (used by SBS Backup) = C:\Windows\System32\ntmsdata
SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail
Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore
DHCP Database Store = C:\WINDOWS\system32\dhcp
WINS Database Store = C:\WINDOWS\system32\wins

Desktop Folder Exclusions
These folders need to be excluded in the desktops and notebooks clients.

Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore

If you want more information on how to configure Trend CSM Suite v3.0 for SMB on SBS 2003 then check out our subcribers section.

Tags: , , , , , ,
Posted in FAQs | No Comments »

Should I use the /3GB switch in my boot.ini with SBS 2003?

Saturday, July 1st, 2006

This discussion has been going for many years now and at times has almost reached epic proportions due to the conflicting information available from Microsoft. Recently the SBS MVPs were in a conference with the SBS CSS team and we raised just how confusing this was for the average person. In response one of the leads for the CSS team – Mark Stanfill has posted the “definitive” answer for us. Long story short is that by and large, you should NOT use the /3GB switch unless you are experiencing very specific messages in the event log. Check out their post here http://blogs.technet.com/sbs/ for more information.

Tags: , , , , , ,
Posted in FAQs | No Comments »

How does Remote Web Workplace work?

Tuesday, June 13th, 2006

The attached article is one I wrote some time back now. Since then I also wrote Chapter 8 in the SMB Nation Press book Advanced SBS 2003 Best Practices. You may find that this gives a fair understanding on how RWW works and the ports needed to be open for it.

Tags: , , , , , ,
Posted in FAQs | 1 Comment »

What is a logoff script and how can I use one?

Monday, June 27th, 2005

Most people know about using logon scripts, but few know that you can actually put in place a logoff script which is executed when the user logs off the network. So what can you do with these scripts? Things like using them to delete temporary files various folders etc and clearing out things like that from the computer that the user has used.

The following MS KB articles apply to Windows 2000, but equally apply to Windows 2003 and Small Business Server 2003
How to assign scripts in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;322241

Overview of Logon, Logoff, Startup and Shutdown Scripts on Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;198642

Tags: , , , , , , , ,
Posted in FAQs | No Comments »

Is Remote Web Workplace with RDP more secure than VPN?

Monday, June 13th, 2005

One of the killer features of Small Business Server 2003 is the Remote Web Workplace – RWW for short. Within it you can access many internal resources using nothing more than a simple web browser. One of the key features that most people use is the “Connect to my computer” feature – often in fact many people call THIS single feature RWW which only serves to confuse issues at times. For the purposes of this FAQ – we’ll call it RDP/RWW

Many people have asked the question of is RDP/RWW more secure than a VPN with RDP. My response is a big YES.

RDP/RWW is more secure than a VPN/RDP combination for many reasons. I’ve tried to highlight a few below.

1. No VPN required – means there is no chance of data coming back up the VPN from the remote computer (a computer you don’t control) and then into your SBS network.

2. No configuration required on the remote computer – means that nothing of value is left behind – a VPN or SSH connection will leave something on the PC that others may use to gain access to your office LAN.

3. SBS2003 does a few additional things too before it opens up port 4125 (the default for RDP over RWW). You will need to have entered the RWW portal by entering your user credentials and password AND you’ll need to be a member of the Remote Web Workplace users group. Once you’ve passed these few tests then port 4125 opens

4. When connecting via RWW to a computer in your office, the SBS server does a check of two additional things before connecting you to your desktop PC in the office. It checks your source IP address before allowing you in via the RDP connection. If the source IP address for the RDP connection is not the same as the source IP address for the RWW/SSL connection you’ve used to authenticate thus far, then it drops the connection – more secure than a simple VPN connection.

So you can see that even simply using RDP over RWW interface is more secure than a VPN + RDP combination.

I’ve documented this even more in the chapter I wrote for the Advanced Windows Small Business Server 2003 Best Practices available fromwww.smbnation.com Check out Chapter 8 if you want more technical info.

Tags: , , , , , ,
Posted in FAQs | No Comments »

Changing the Company Name in the RWW Display Screen

Sunday, March 27th, 2005

I have used this modification on our demonstration SBS 2003 server. Prior to going out to demo SBS to a new customer, I alter the displayed name to be that of the customer I am going to see. This gives the customer a degree of ownership even before they get the quote for the new system.

1. Run Regedit.
2. Navigate down the tree to the following key: HKLM\Software\Microsoft\Windows NT\CurrentVersion
3. Right click the entry called RegisteredOrganization and select Modify.
4. Enter the new Company name you want to see and press enter.

Tags: , , , , , ,
Posted in FAQs | 1 Comment »

Changing the Port for RWW to Something Other than 4125

Sunday, March 27th, 2005

In some circumstances we have changed the port that the RDP session runs over the internet to the SBS 2003 server from 4125 to something else to get around specific limitations of a firewall or other device. Altering the port number is quite simple:

1. Run Regedit.
2. Navigate down the tree to the following key: HKLM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\
3. Right click the entry called Port and select Modify.
4. Select the new port number you wish to use.

A word of caution: altering the port number here will also require you to open the corresponding port on your external hardware firewall. In addition, if you are running SBS 2003 Premium, you will need to create an additional packet filter to allow the inbound traffic to be able to reach the SBS 2003 server.

Tags: , , , , , ,
Posted in FAQs | No Comments »

Modifying the Public Timeout Values for RWW

Sunday, March 27th, 2005

I mentioned earlier that the default of 20 minutes on a public computer is way too long. Therefore, I recommend that you change this value to 5 or 10 minutes to provide increased protection for your system in case a user walks away from a public kiosk without logging off.

1. Run Regedit.
2. Navigate down the tree to the following key: HKLM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\
3. Right click the entry called PublicTimeOut and select Modify.
4. Enter the new timeout value you want to have and press OK.

Tags: , , , , , ,
Posted in FAQs | No Comments »