[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] Step 29 - cleaning up the users - THE OFFICIAL BLOG OF THE SBS DIVA
Wed, Jan 26 2011 22:12 bradley

Step 29 - cleaning up the users

By default, user accounts that were migrated from the Source Server do not need to meet the Windows SBS 2011 Standard password policies, which are applied to new user accounts in Windows SBS 2011 Standard. When a user with a migrated user account resets or changes their password, they are required to meet the Windows SBS 2011 Standard password policy. If the Windows SBS 2011 Standard password policy is changed to make it stronger (for example, more complex or longer password length), all users, including users with migrated user accounts, are required to reset their passwords to meet the new password policy.


To help secure your network, we recommend that you delete the STS Worker, SBSBackup, IUSR_SBS, and IWAM_SBS user accounts and any other user account or group that is not used

Map permitted computers to user accounts

In Windows SBS 2003, if a user connects to Remote Web Access, all computers in the network are displayed. This may include computers that the user does not have access rights to. In Windows SBS 2011 Standard, a user must be explicitly assigned to a computer for it to be displayed in Remote Web Access. Each user account that is migrated from Windows SBS 2003 must be mapped to one or more computers.

To map user accounts to computers

1.   Open the Windows SBS 2011 Standard Console.

2.   In the navigation bar, click Users and Groups.

3.   In the list of user accounts, right-click a user account, and then click Edit user account properties.

4.   Click the Computers tab, and then assign one or more client computers to the user account. You can also set the local access rights on each client computer.

5.   Repeat steps 3 and 4 for each user account.

If you want to set default client computers for remote users, click on the Remote Access tab, and in the User Account Properties set a default client computer for each user who needs remote access.


You do not need to change the configuration of the client computer. The client computer is configured automatically.

Filed under: