There are times when us SBSers are like cockroaches...we are just EVERYWHERE. So I'm listening to geek webcasts which are way more useful than talk radio anyway and someone in the audience chides Steve Riley [and SBS for that matter] for default loading the client desktop into local administrator. Wizard, wizard, click click and there you are as local admin. And while... I guess you can beat up SBS for that... I'll show you my stupid line of business applications that force me into local administrator whether I like it or not. I would argue at this time, the average small business is not ready for running without administrator rights without a lot of guidance from a savvy IT consultant.
In the meantime, as consultants, as consumers of software, we need to seriously start yelling our heads off each time an application we use won't run with restricted user rights.
I do need to correct Mr. Riley for one point he made, the default is INDEED to have SBS 2003 'enable' the XP sp2 firewall on the local machines and this helps our machines join with the ISA 2004 server in a 'fortress' inside the network as well as the outside firewall.
Now many have asked ...”why do I need a firewall on the inside of the firm when I already have __fill_in_the_blank___ firewall on the outside? I'm protected just fine from the bad stuff out there.
Ah..but that's the problem. The bad stuff isn't just out there anymore..it's in here. In the wintertime, when you know you will go out into subzero degree temperature [not that I know what that is living in California as I do, but I can imagine], I don't think you just put on a parka and nothing else. No it's the silk longjohns and then it's the leggings, and then the parka, and then the hat, and the scarf and even feet and hand warmers if need be. It's layers to protect you.
Okay so let's move over to that workstation in your office. Without the firewall helping it to protect itself, it's just sitting there all ooooshy and gooshy just waiting to talk to anyone and everyone wanting to to talk to it. Our networks have been built up like eggshells, with hard outer protection and nothing on the inside at all. And we can't do it that way anymore. It's not working. And I can stand here and tell you that I have the firewalls on the inside of my network and I do not notice any annoyance at all.
Try it with the layers left on. Add your own program exceptions. But try it. You might find like I do, it's no bother at all.