Fri, Feb 10 2006 19:16
Welcome to your SBS 2003 server
In looking at the documentation for my own SBS 2003 OEM box (which can be found online here), it dawned on me why so many OEM DIYers that contact me haven't a clue about Remote Web Workplace..it's because nowhere in those documents is there a "Welcome to your server".
I mean the 15 minute install is fine, and it dumps you to the ToDo list...but no where...not even really on that To Do list..is there a Cliff Notes guide to the SBS box. I mean sure we can all say "yes, it's really best if you have this set up by a professional" and all that, but let's get real.
The good businesses will have it set up by a professional, the others will pick the geekiest person in the office to do it, or call on the friend of a friend who's studying Computer Science in college...which means he's a Napolean Dynamite wannabe or something like that.
So if you've been suddenly handed responsibility for a SBS box...and while ..yes.. I'd recommend a professionally set up one...here's the cliff notes for admining....
- Do read the first bullet point in there about Security. Yes I know it's hard to think about bad guys other than pimply faced kids, but the reality is that the 'bad guys' are a big business. But don't get TOO paranoid. While they are out to get you...they aren't out to get YOU. So don't think that any little time your system hiccups you have a keylogger trojan, nor funky dog files with file sizes of 169K means that you have a hacker on the box. DON'T PANIC. Know your system and know where you've been and where you've surfed. The malware/spyware forum gang tell stories of folks that the spyware is slowing down their downloading of software cracks, illegal music and what not but will not stop the download to go run an antivirus/antimalware scanner on their system. If you are downloading potentially illegal things from questioable sites...don't go blaming me if your computer starts acting up. If you do think that there is something that just cannot be explained 1-866-Pcsafety is Microsoft's security hotline.
- The To Do console is your friend. Click on Users. The place where you will be adding users to your network is right here. Go through the wizard adding all the necessary information and set up the computer here as well.
- The To Do console opens up the ports in your firewall via the connect to internet wizard. The main ones are port 25 for email, port 443 for access to the server/owa/oma/rww, port 4125 access for RWW, port 444 for external access to companyweb, port 3389 (if) you want access to terminal server remotely on the server and port 1723/gre protocol 47 for VPN (pptp anyway). If you have an external router you need to forward these ports to the IP address of your SBS box.
- The connect to Internet wizard (referred to as the CEICW around these parts) is your main wiz' for firewall and remote access to this box. When you run the wizard, select only those items you want to open up for, but it does everything you need on the server side for what that box needs for access. If you have a router on the outside you need to do the port forwarding. But you really want Remote Web Workplace. (more on this later). Also run the Remote access wizard. While I don't VPN into my box, I had funkiness at one time happen on my home server because I forgot to run this wizard.
- While in the To Do list, ensure you run both the backup and the monitoring wizard. These days it's not necessary to backup to tape, you can also back up to harddrive..but backing up to DVD... uh...there's not enough room. And the jury is still out on Iomega REV drives liking Windows 2003 sp1 (and therefore SBS 2003 sp1). The monitoring wizard will spit out a daily email that gives you the overview of how your network is doing. I love it and even can read it remotely on my Audiovox 5600.
- Okay so the dirty little secret of SBS is that as much as we say with a pompous voice that POP is not for servers, the reality is that for small businesses, pop is the nice warm fuzzy way we get email so they all use the pop connector. Let's get a couple of things straight. No. and No..and don't ask me again. (can it get email faster than 15 minutes and can I leave mail on the server at the ISP? are the two biggest questions...there are some hacks floating around and no, don't ask me for them go google them yourself if you want to hack up your clients SBS box and put it possibly in an unsupported condition). Run the CEICW to set up the pop connector to pull in email and then push it out via SMTP. You do not need to open up port 110 to pull in email, nor open up port 25 to send email. You 'may' need to forward your email to a smart host setting. If you forward email out to a smart host you'll need to also enter in the username and password into the smtp connector (open up the Exchange server Management, drill down to the smtp connector, right mouse click on properties, advanced tab, outbound security, click on basic authentication, then on modify and put in the username and password. Keep in mind that with pop you have to figure out some other spam filtering as the Exchange 2003 sp2 IMF doesn't work.
- If you want to grow from pop to "REAL EMAIL" (insert mail grunting noises here), then follow Javier's post on migration from POP to SMTP. You can babystep this and get use to the email coming into the server first before attempting this.
- Okay so here we are at THE killer app of SBS 2003: Remote Web Workplace. RWW is a page...on that page you enter in your username and password...it then authenticates you...offers up to you the menu of items you are allowed to have access to. The button that says "Connect to my Computer at Work" allows you to have access to the desktop of your Windows XP machine "as if you were at the office" (with one exception that it doesn't support dual displays if you have dual displays on both ends of the remote tunnel. It is not a VPN connection...yet many in SBSland argue that it "is" and "can be" more secure than a VPN tunnel since most of the time it's just sending screen shots across the wire.
- To get all this "goodness" automagically set up, once you have run the CEICW on the server, once you have run the "add user" wizard at the server, go to a workstation, log in as the "Administrator" on the box, and place http://servername/connectcomputer as a trusted site in IE's XP sp2 trusted site zone (this ensures that all the active X stuff works. You then go to that web site and voila...you start a wizard that connects you to the network, installs Outlook, sets up the RWW glue connections, and basically does everything you need to be connected to that network.
- To get the goodness of RWW, you need either XP desktops, or.... a separate Windows 2003 server that is set up in a Terminal Server mode.
- I 'disable' (okay so my normal slang word is wack off but naive me apparently doesn't know that it has several meanings...so I'll say disable) the Disk quotas on the server, and Peter had an interesting post on ensuring shadow copies were enabled in a certain spot on your server.
Okay so that's the real quicky overview of your admin duties post for the DIY crowd out there...but folks..truly...if you have a SBS server.... fire up that RWW web site folks! You have no idea what you are missing out on if you don't!
Filed under: SBS Installation, News