THE OFFICIAL BLOG OF THE SBS DIVA

http://www.nasa.gov/multimedia/nasatv/

When I was a little girl we watched the Apollo missions from our classroom TVs.  Everything in our classroom came to a standstill as we watched on that - what is now a small size tube - what was considered the unthinkable - humans on the moon.  Today as an adult I'm watching on the Internet one of the last Space Shuttle missions.

We may be changing how we explore space, we may be changing how we watch space missions but hopefully we will never change the need to learn, to explore, to do things that are deemed impossible.

Disk Cleanup option on drive’s general properties and cleanmgr.exe is not present in Windows Server 2008 or Windows Server 2008 R2 by default:
http://technet.microsoft.com/en-us/library/ff630161(WS.10).aspx

I went to run diskcleanup on a server and realized it wasn't there...well it was but it wasn't.  To get the gui you have to install desktop experience - which I didn't want to do.  But finding that, I found that if you just plop the files in the folders on the server you can run it via command line.  Pretty cool!

Indexing Adobe PDFs in SharePoint Foundation 2010 
http://supportweb.ciaops.net.au/blog/archive/2011/05/31/indexing-adobe-pdfs-in-sharepoint-foundation-2010.aspx

Post courtesy of Robert Crane

We're starting to see more and more of what I'm going to call the "cloud effect" in operating systems.

Annoying but ignorable errors that make it hard to figure out what's really going on.

If I don't reboot my SBS 2008 production server once a month - I will get this annoying error message in my backups

Speaking of errors that everywhere you turn are told to ignore this that the system is running fine is this one that pops up on my server if I haven't rebooted in 30 days.

Doesn't occur on Server 2008 R2 mind you.  And if you dig around you are told to ignore:

Error message when you perform a Volume Shadow Copy Service restore operation: "0x80042409":
http://support.microsoft.com/kb/978773/en-us

That's nice folks but it makes it hard to see if you are really having issues or not.  You kinda can't ignore what you are told to ignore.

To all of those folks that think that other stuff we're told to ignore in SBS 2011 is a little bit annoying to be told to ignore all of these in SBS 2011 - http://support.microsoft.com/kb/2483007 keep the faith.  We have an open bug and am hoping to come to a better resolution - so stay tuned.  You have to be careful not to adjust too much as one of the "workaround" to get the VSS error in SBS 2011 to shut up - by removing the SharePoint in the VSS registry section - turns out it has a nasty side effect - it removes the SharePoint from the application backup section so it's not as easy to restore.

Be careful when you start mucking around in there that you make inadvertently cause a side effect you weren't thinking of.

Why do I call this the 'cloud effect' btw?  It's because once all of this stuff is in the cloud then someone else is ignoring this and it's their problem to deal with. 

http://technet.microsoft.com/en-us/library/cc732275.aspx

So you want to do folder redirection on your SBS -Essentials and you've heard of this Win7 plug in thingy but you don't want to wait for it?

No problem, just use plain old group policy.

Go to start, then to group policy management console,

Do a new group policy object

Now this is where the group policy purests will argue for how they set up group policy, SBS did them at the root of the domain.

My main thing is label it what you want.

Now right mouse click and edit

Now drill under - \User Configuration\Policies\Windows Settings\Folder Redirection

Now see all of the settings you can redirect?  Now you are probably looking at me and going.. okay but how do you turn it on?

Right mouse click on the folder name of what you want to redirect and click on properties.

In the properties tab you have the option to do basic redirection or advanced

You then get the option of redirecting to a specific location

You then pick a folder on the server (or set one up)

On the settings tab, you can choose to let the admin have access to the folder and allow the folder to move back to the local machine should the policy be removed.

The last little bit tricky step is to set up a WMI filter so that Vista/Win7 machines get more granular redirects then XP by setting a WMI filter.

About now if you are thinking - man I need a safety net -- you do.  In the form of an existing  SBS 2008 or SBS 2011.  You can export out the group policies from a demo box of SBS 2008 or SBS 2011 standard and import it into Essentials - http://msmvps.com/blogs/bradley/archive/2010/08/30/a-bit-of-group-policy-for-aurora.aspx

In fact I'll bet that gives you more control than the Win7 folder redirect plug in since it's reported to only work with Win7.  (I haven't seen it yet but I'll betcha it's just the wmi filter controlling it to work on Win7).

In SBS 2011 standard in fact there is no wmi filter at all, the redirection just dumps into a folder.

Documents are redirected:

Desktop is redirected:

Pictures is set to follow the documents folder

Music is set to follow the documents folder (you may want to not have that follow)

Videos is set to follow the documents folder

Bottom line, sometimes it's easier to look at a policy someone else has set up and steal ideas from it.

So as a fyi the test I'm doing on Multipoint isn't really a good test, it's just a proof of concept.  Why do I say that?  Because it's in a hyperV server and not on real hardware.

To really see Multipoint shine you have to see it on real hardware.

http://www.youtube.com/user/msmultipoint#p/u/8/32GQAUBTKps

But when you want to play/test/just get an idea of how software works, stick it in a HyperV or vmware.  In this case you ultimately want this on real iron, not in a HyperV to get the best results.

You could also have the Multipoint act as the HyperV host (but I'll admit when I first went - oh how cool - I wasn't thinking of how if you domain join the MultiPoint to the SBS you will have a tough time with it being the host of a sbs domain.)

So when you are learning - I'd strongly suggest looking to have some sort of virtualization platform to test and play.

So far the multipoint server looks easier to know where/how to enter the cals for the RDS/Multipoint sessions.  Remember you need multipoint cals and Windows server cals IF you are in a normal network, but in a SBS Standard one, the Windows cals are covered by the SBS standard cals.

Don't forget to watch this video as well:  http://www.youtube.com/user/msmultipoint#p/u/4/tftu_AqcCgI

http://www.microsoft.com/windows/multipoint/

So when the multipoint finishes the wizard we're now set to set up the multiple workstations.

We then get to log in

And now on a Win7-ish background the console loads up

This is where you start to see the MAJOR bling of the Multipoint server.. this is where it's the Las Vegas glitz version of Remote Desktop Services

For those of you with SBS-Standard and Essentials that console showcases that MultiPoint is a cousin of the family.

It's here in this console that you get to control all the workstations/Remote Desktop/Terminal Server sessions in an easy to control console.

(more later tonght - have to clean up the house and garden a bit)

http://www.microsoft.com/windows/multipoint/

Starting to install a test of Multipoint Server and realized that I didn't really know the minimum specs for a play box.

So I downloaded this: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=501ba465-382f-41cb-bbea-b9bf580e2bb2 in order to figure out what the minimums were.  Another good document is here:  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7E762CE6-562D-449D-BE0D-52C0103EDF60

Remember multipoint is wizardized remote desktop services server.

You download the ISO and start the install and the Multipoint boots with the normal server 2008 r2 interface..

Click okay to the EULA

I just picked the default of OS size - you'll probably want larger

You then do the dumb thing where you choose upgrade or custom... which given this is a brand new install you can only do custom...

And it begins to install

It reboots a couple of times and then you are prompted to change the password:

And intially you sit there at a Win7ish looking desktop thinking... uh...where's the console

And then the Multipoint wizard setup starts up

You need to name the server

Set the updates and participation in feedback

And then it configs

And it's finished

That's it for tonight's edition of "what's multipoint..."  Tomorrow I'll blogging more about what it does and how we're going to join it to the SBS Essentials domain.

The key to installing the SQL is making sure you are logged in as the domain admin when you install it so it can see the SBS domain.

How to Add the Premium Add-On Server to a SBS 2011 Domain - SQL Role - TechNet Articles - Home - TechNet Wiki:
http://social.technet.microsoft.com/wiki/contents/articles/3317.aspx

If you have an nasty SQL issues I'd advise you to check out Edwin at www.thirdtier.net

How to Add the Premium Add-On Server to a SBS 2011 Domain - TS/RDS role - TechNet Articles - Home - TechNet Wiki:
http://social.technet.microsoft.com/wiki/contents/articles/3298.aspx

So what PowerShell do you use in your SBS network?

PowerShell Not your Father’s Command Line Part 19 of 31: Small Business Server, PowerShell, and Me - Matt Hester's WebLog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/matthewms/archive/2011/05/19/powershell-not-your-father-s-command-line-part-19-of-31-small-business-server-powershell-and-me.aspx

If your name is Sean - you do this:

Add-IPBlockListProvider -Name "Zen Spamhaus" -LookupDomain zen.spamhaus.org -AnyMatch $True -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see www.spamhaus.org/.../bl{0} for further information."

Add-IPBlockListProvider -Name "Passive Spam Blacklist" -LookupDomain psbl.surriel.com -AnyMatch $True -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see psbl.surriel.com/listing{0} for further information."

Enable-AntispamUpdates -SpamSignatureUpdatesEnabled $true -UpdateMode Automatic -IPReputationUpdatesEnabled $true

Set-SenderFilterConfig -Enabled $true

Set-SenderIDConfig -TempErrorAction Reject

set-OrganizationConfig -SCLJunkThreshold 5

set-ContentFilterConfig -SCLRejectThreshold 7 -SCLRejectEnabled:$true

set-ContentFilterConfig -RejectionResponse "Email Rejected due to Content Filter"

One of the many questions in the SBS Essentials forum (www.sbsessentialsforum.com ) from folks is when will we see add in's for SBS Essentials?

The other day the first one that showcases hosted Exchange was unveiled the other day - did you spot it the other day?

Vlad Mazek – Vladville Blog » Blog Archive » And now something a little different:
http://www.vladville.com/2011/05/and-now-something-a-little-different.html

I'm going to download Multipoint to showcase how it slides into a SBS standard and essentials domain.  To play with it, it's included in the Technet/MSDN downloads.  Remember as an action pack subscriber you have the ability to download this.

So what's the difference between premium and standards?  Premium can join a domain.  So for SBS - either version - the one to play with is the premium version.

http://blogs.technet.com/b/multipointserver/archive/2011/05/25/common-q-amp-a-about-windows-multipoint-server-2011-from-teched.aspx

More about that there.

Once upon a time there were SharePoint patches on SBS 2003 and SBS 2008.  And each time they were released I'd cross my fingers and toes and hoped that everyone would ride through without issues.  And sometimes in the SBS community they wouldn't.  When they blew -- they blew. Standalone SharePoint was also impacted by these updates.  Sometimes due to timing on the box the psconfig command wouldn't finalize and the binaries installed would stop the SharePoint and not complete the patching process.  It was a pain.

So in the SharePoint 2010 era the SharePoint folks lowered their expectations of how patching should occur.  They plan for them to blow up the system from the get-go.  Seriously.  As such they now install the binaries but don't fully apply them to the system until you run a manual psconfig.  The system can run like this and not have issues - patches are mu/installed on the system/psconfig not yet run and SharePoint will be happy as a clam.

This ensures a safer patching process as the admin decides when to run the psconfig (after a backup), not windows update at the ungodly hour of 3 a.m.

So Susan, what does this have to do with SBS?

It directly impacts your duties as an admin or consultant to a SBS 2011 system.

We've got SharePoint 2010 on the box.  So when SharePoint is offered up updates and you install the updates on the server, you are only 1/2 done.  It's also the reason that we're not blowing up SharePoint 2010's after Patch Tuesday these days.  Because it's no longer automatically trying to run that psconfig command that would get stuck on us.

Specifically:

You Must Manually Run PSCONFIG after Installing SharePoint 2010 Patches
- The Official SBS Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2011/05/24/you-must-manually-run-psconfig-after-installing-sharepoint-2010-patches.aspx

Q:  What does this mean to me and my SBS 2011 boxes?
A:  From now on when you go to Microsoft update, or WSUS has downloaded a SharePoint update, once you install the update and reboot the server you aren't done yet.

Q:  What do you mean?
A:  You must remember to manually run the psconfig command

Q:  How do I do that?
A:  Follow the guidance from the SBS blog:

1. Open an Administrative command prompt.
2. Change directory to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN
3. Run PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures

Q:  But Susan, why isn't this done manually?  I mean come on girlfriend, this should be automatic!
A:  Here's the thing - it's not automatic for ANY SharePoint out there.  Intiially when I realized this I was all huffy and puffy and soapboxy and was going to march up to Redmond and demand that there would be an automatic psconfig command done.  But then I stepped back and thought about this...... do we really want to be the ONLY platform that psconfig's automatically on Patch  Tuesday?  Do we want to be the ONLY ones doing this when even the SharePoint team has deemed their updates to be not robust enough to handle automatic updating?

Q:  So what's the bottom line - what if I don't run this command?
A:  The good news is that the box can chug along just fine with the binaries (aka the patch) installed but the psconfig not run.  You'll get an alert in your email, but the SharePoint won't stop working.  You won't be fully updates to protect for security issues --- but here's the thing -- right now there's only been one security update http://www.microsoft.com/technet/security/Bulletin/MS10-072.mspx for SharePoint 2010 and it's not been a 'from remote' attack - one has to be authenticated in a SBS network and the issue of information disclosure and attacker running a cross site scripting and throwing safehtml code at the box.... honey, we have an HR issue of a malicious employee that should be fired problem, not a security problem.

Q:  So like I'm supposed to remember to do this each time there's a SharePoint update?  Come on.  I have lots of other stuff I have to take care of, now this!
A:  I see this as the price tag of premises.  We get the control.  We also get the patching as a result.  So far there's been one security update for SharePoint.  I'll blog and remind the community each time there's an update and your email alert from the box will remind you as well.  I expect a SharePoint 2010 sp1 in June coming up and that will need to be manually psconfig'd as well. 

Q:  Does this impact SBS 2008?
A:  No, only SBS 2011 Standard.

Q:  Does this impact SBS 2011 Essentials?
A:  No.  :-)  There's no SharePoint on the box in Essentials - it's in the cloud where it's their problem to deal with. 

Q: Does this impact Standalone SharePoint 2010 foundation servers?
A:  Yup it does, they do the same thing - standalone single servers will install the update, not run the psconfig.

Got one of these in my email tonight and I looked at this and went...something just doesn't look right...

Cybercriminals Hoping You'll Bite iPhone 5 Bait | Apple iPhone | Mobile Security | SecurityNewsDaily:
http://www.securitynewsdaily.com/cybercriminals-hoping-youll-bite-iphone-5-bait-0813/

The broken image locations and the link goes to 

hxx  p://apropersite.com/iphone5.gif.exe

Adding the premium add on server to a SBS 2011 domain. - TechNet Articles - Home - TechNet Wiki:
http://social.technet.microsoft.com/wiki/contents/articles/3298.aspx

Step by step adding a member server with the TS role.  I'll do a step by step for the SQL.

Dear Licensing people at Microsoft.

Why does this process have to be so confusing and hard?

I am in the process of writing up a wiki post that will go step by step on how to install the RDS cals on a member server/premium server sku.  And yes, I know that I should be blogging about adding a MultiPoint server to a SBS 2011 box but I promised folks I'd do a step by step post on how to add a member server to a SBS network.  RDS first, then SQL next.

So tonight I go to blog the steps and because I have 5 TS cals in a VLSC that I can use for the demo/blog.  So I get to the screen where you are supposed to enter the Open value license/agreement number into the window and I put in my valid/current/non expired Open value agreement which currently is a V1234567 digit number (notice the V in the front).  And the window on the TS/RDS licensing refuses to take the V in the front.  Okay, says I, let's try using the 1234567 part of the agreement number.  No go.

Okay.. so what number do you want? 

Hmmm let's try my expired, Windows 2008 version of the open value license which is a 1234567 digit number but doesn't have a V in the front.  And even though that old expired license is based on Server 2008 rds cals, let's choose 2k8r2 cals in the drop down window and see if it likes my expired RDS agreement number.

The darn thing worked.

Mind you this is not the active agreement in my VLSC.  This is an expired agreement as of 1/31/2011.  It should not have activated like this... yet it did.

<sigh>  Why does licensing have to be so confusing?  This is why Charlie says forget TS/RDS in a member server and go with Multipoint instead.

http://blogs.technet.com/b/multipointserver/archive/2011/05/20/how-to-license-windows-multipoint-server-2011.aspx 

And the SBS answer is....

"Because we know that some customers will already have rights to Windows Server CALs for their environment, we make the MultiPoint CAL available in VL two ways: Customers can purchase a “combo” CAL that includes both a MultiPoint CAL and a Server CAL; or they can purchase the “standalone” MultiPoint CAL if the Windows Server CAL is already owned. Put another way: if you already have Windows Server CALs for your network, such as through a Campus Agreement or the SBS 2011 CAL Suite, you do not need to repurchase them; only MultiPoint CALs are required in that case."

So I was trying to connect to the McCarran wifi and it would not find an IP.  I tried letting the computer 'repair the connection' and no go.  I normally do not check the box to make the laptop 'remember' the connection.

And of course when you run the troubleshooting wizard it says to go online to get help from a friend... uh.. yeah.. but I'm trying to get online.

So I fired up regedit and searched on McCarran and found that I had two connections stuck in the registry.  I deleted all registry entries that pertained to "McCarran", rebooted and voila... online.

So if you are a frequent flyer in and out of an airport wifi and can't get online, nuke the items out of your registry and try again.

(Flying home from Vegas - now in the Airport)

Migrating to Windows Small Business Server 2011 Standard and Essentials

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/WSV321

Watch the Teched session on SBS migration