Training – Free SBS 2008 Hands-On Labs

image If you’ve been wishing for some structured Windows Small Business Server 2008 training offered by Microsoft, wait no more.  Microsoft has announced a set of four hands-on labs for SBS 2008, and (it gets better) it’s free!

Title: Windows SBS 2008 Hands-On Labs for Partners
Release Date: 9/25/2009
Version: 2.0
Download Size: 12.5 GB

The courses available are:

  1. Windows SBS 2008 Admin Console
  2. Windows SBS 2008 Working with Clients
  3. Windows SBS 2008 Installation
  4. Windows SBS 2008 Migration from SBS 2003

The downloads are available from the Microsoft Connect site:

URL: https://connect.microsoft.com/directory/
Invitation Code: SBSP-62B6-K3TH

System Requirements:

  • A machine that supports Hyper-V*;
        a server class** dual- or quad-core CPU is highly recommended
  • 5 GB of RAM min. (6-8 GB would be better);
        SBS 2008 requires a minimum of 4 GB of RAM, 
        Parent partition (Hyper-V host) requires 1 GB
  • 80 GB of free hard drive space;
        15 GB will be used initially but the VHDs could grow to a max. of 80 GB
  • Optional – router that will function between the SBS server and the Internet/corporate network
  • Optional – second physical network adapter to connect the SBS virtual machine to the router

Here’s a screen shot of the file downloads in the kit:

image

* Note: If you’ve never installed Hyper-V before, I’ve got a short video
(4:18 minutes) on YouTube demonstrating the installation.

** Server-class hardware is recommended, but not required since this is a HOL and not a production box. For example, here are my demo Hyper-V box specs:

  • HP Compaq dc5800 microtower
  • Intel Core 2 Duo E6550 2.33 GHz
  • 8 GB RAM
  • 1 ea. 149 GB SATA drive (OS)
  • 1 ea. 1 TB SATA drive (ISOs and VHDs)
  • Windows Server 2008 R2 Enterprise

To make sure that your machine supports Hyper-V (both in the BIOS and on the processor) check out the SecurAble download from GRC.com that tests hardware virtualization: http://www.grc.com/securable.htm

Props: Sean Daniel’s blog

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Nov 2009 KYSBSUG #69 – SBS 2008/Hyper-V

You’re invited to attend the November 2009 KYSBSUG meeting next week:

KYSBSUG logo Group: Kentucky Small Business Server User Group
(KYSBSUG)
Meeting #: 69
Date: Wednesday November 18, 2009
Start Time: 6:30 PM Eastern (GMT -5)
Location: Money Concepts
Address: 323 Townpark Circle, Suite 100, Louisville, KY 40243 USA
Map: Click here for map on Bing.com

Topic: SBS 2008 Build in Hyper-V
Presenters: Lee Johnson & Tim Barrett

Description:

This month we’re doing a live build of Windows Server 2008 R2 on physical hardware, installing the Hyper-V role, and then installing Windows Small Business Server 2008.

While the SBS build progresses we’ll also have another Hyper-V box on hand to show various operating systems, including Windows XP, Vista, Windows 7 & Ubuntu, plus some Hyper-V best practices.

We’re also bringing a copy of Beatrice Mulzer’s new book for you to check out:

Book - 70-653 Configuring Windows Small Business Server 2008MCTS Self-Paced Training Kit (Exam 70-653): Configuring Windows Small Business Server 2008
http://www.amazon.com/MCTS-Self-Paced-Training-Exam-70-653/dp/0735626782/

Registration URL: Registration is not required for this event.

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Webcast – Windows 7: Crystal Meth for Geeks

Join Susan Bradley and I this week as we combine super-forces to to give the following presentation:

Yes, this is my office, and I'm running Windows 7. -Tim Title: “Windows 7: It’s Like Crystal Meth for Geeks
Presenters: Susan Bradley [SBS-MVP] & Tim Barrett
Date: 10/22/2009
Time: 12:00 PM Noon Eastern (GMT –5)
Host: Third Tier
Link to attend: Click here

Description:
This presentation will help you understand the features of Windows 7. This version of Windows has many, many cool new features that end users are going to love and geeks will become addicted to. Susan and I share our favorite parts of Windows 7, and I’ll try not to act like a goober and embarrass her. Join us for all the fun!

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Changing the Companyweb Timeout in SBS 2008

Another one from the mailbag:

Question – How do I change the timeout in SBS 2008? Users are complaining that Companyweb times out when they get involved in a phone call or when someone walks in their office.

Answer:

  1. Click Start | Administrative Tools | Internet Information Services (IIS) Manager (not IIS 6.0 Manager)
  2. Expand the Server name | expand Sites | click on SBS SharePoint

    Click Server name, Sites, SBS SharePoint

  3. On the Actions pane on the right side of that page, under the Configure section click Limits… 
    Click Limits...
  4. On the Edit Web Site Limits dialog box you can configure your Connection time-out (in seconds), limit bandwidth usage and limit the number of connections. Below is a screenshot of the SBS 2008 default settings for Companyweb / “SBS SharePoint”.
     Choose your timeout length in seconds
  5. Adjust your settings as needed, and click OK.

Here’s what each setting does:

Element Name

Description

Limit bandwidth usage (in bytes)

Select this option to limit the amount of traffic allowed to a Web site based on bandwidth usage. In the corresponding box, enter a value (in bytes) at which you want to limit the Web site traffic. The value must be an integer between 1024 and 4294967295 (unlimited).

Connection time-out (in seconds)

Type a number in the box to set the length of time (in seconds) before the Web server disconnects an inactive user. This setting guarantees that all connections are closed if the HTTP protocol cannot close a connection.

Limit number of connections

Select this option to limit the number of connections allowed to a Web site. In the corresponding box, enter the number of connections to which you want to limit the Web site. The value must be an integer between 0 and 4294967295 (unlimited). Setting the number to be unlimited circumvents constant administration if your connections tend to fluctuate. However, system performance can be negatively affected if the number of connections exceeds your system resources. Restricting a Web site to a specified number of connections can keep performance stable.

 

Link: http://technet.microsoft.com/en-us/library/cc731169.aspx

VN:F [1.9.20_1166]
Rating: 7.5/10 (2 votes cast)

SBS Ports

Just because a port is open in RRAS or ISA (circa SBS 2003) doesn’t mean that it isn’t being blocked elsewhere, like at the ISP or because port forwarding isn’t setup properly in your firewall. Sometimes you need an outside view of the external ports on your internet connection.

DISCLAIMER – Only open the ports you absolutely MUST have. Example, if you’re not running the POP3 connector or FTP, don’t open those ports! If you’re not sure about a port, check the Port/IP Lookup on Sans.org or ask someone who knows!

To check all of the commonly used SBS ports at once:

  1. Go to www.grc.com/default.htm
  2. Scroll down & click ShieldsUP!
  3. Click Proceed
  4. In the center box on that page, paste this string:
    21, 25, 80, 110, 123, 143, 220, 443, 444, 500, 987, 1701, 1723, 3389, 4125, 4500
  5. Click User Specified Custom Port Probe

image

This scan will come back with a list of ports you entered and show the status.

Sample scan of commonly used ports in an SBS environment. 

Below is a handy chart that I stole from Susan and Windows IT Pro and updated a couple of times over the years.

Common Ports for Small Business Server (SBS)

TCP Port

Service

Description

21

FTP

Enables external and internal file transfer

25**

SMTP – Exchange

Enables incoming and outgoing Simple Mail Transfer Protocol (SMTP) mail for your Exchange Server

80

HTTP – IIS

Enables all nonsecure browser access, including: internal access to IIS Webs including the company Web, Windows SharePoint Web, Windows SharePoint administration Web, and server monitoring and usage reports Enables internal access to Exchange by OWA and OMA clients (SBS 2003)

110

POP3

Enables Exchange to accept incoming Post Office Protocol (POP3) mail

123
(UDP port)

NTP

Enables the system to synchronize time with an external Network Time Protocol (NTP) server

143

IMAP4

Enables Exchange to accept incoming Internet Message Access Protocol v4 IMAP4-compliant messages

220

IMAP3

Enables Exchange to accept incoming Interactive Mail Access Protocol v3 IMAP3-compliant messages

443**

HTTPS – OWA, OMA, Outlook Anywhere, & RWW
(SBS 2008)

Enables all secure browser access, including external access to Exchange for Outlook 2003/2007, OMA and OWA; required for external access to server monitoring, usage reports and RWW (SBS 2008). OMA has been deprecated from SBS 2008. See SBS 2008 RWW video here.

444

WSS (SBS 2003)

Enables internal and external access to Windows SharePoint Services (WSS) Companyweb (SBS 2003)

500

IPSec

Enables external VPN connections by using IPSec

987**

WSS (SBS 2008)

This Secure Hypertext Transfer Protocol (HTTPS) port makes Windows SharePoint Services (WSS) Companyweb site viewable through Remote Web Workplace (SBS 2008). See SBS 2008 RWW video here.

1701

L2TP clients

Enables external L2TP VPN connections

1723

VPN – PPTP clients

Enables external PPTP VPN connections

3389***

RDP – Terminal Services

Enables internal and external Terminal Services client connections (see Note below)

4125 (Note: you can change this port in RRAS)

Remote Web Workplace
(SBS 2003)

Enables external OWA access to Exchange, plus internal and external HTTPS access to the client Web site (SBS 2003)

4500

IPSec

Internet Key Exchange (IKE) Network Address Translation (NAT) traversal

 

**Note: The ports listed above in bold are required by SBS 2008, per Microsoft TechNet article “Managing Windows Small Business Server 2008 Remote Web Workplace”, including port 3389, but see article below.

***Question: Should I open port 3389 for remote administration or remote desktop connections?
Answer from Microsoft: “You no longer need to open port 3389. Windows Small Business Server 2008 uses Terminal Services Gateway to redirect traffic from port 443 to a selected desktop or server for RDP connections. You would need to use RWW or configure the Terminal Services client to use TS Gateway.”
Source: http://technet.microsoft.com/en-us/sbs/cc817589.aspx

There’s also a post on the Official SBS Blog that talks about an IPSec issue back in 2008 that affected ports 1645-1646, 1701, 1812-1813, 2883 & 4500.

I’ll try to keep this form updated as time goes on and will keep a permanent copy at http://www.nogeekleftbehind.com/sbs-ports/.

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

SBS 2003-to-2008 Migration Resources

SBS 2003 to SBS 2008 I wanted to bookmark some handy SBS migration resources:

SBS 2003-to-2008 Migration Checklist
File name: SBSMigrationChecklist.docx
Date Published: 06/24/2009
Version: 1.0
File size: 43 KB
Download URL: Click here

SBS 2003-to-2008 Migration Whitepaper
File name: SBS_Migration.doc
Date Published: 05/13/2009
Version: 2.0
File size: 694 KB
Download URL: Click here

SBS 2003-to-2008 Migration Click-Thru Demo
Date Published: 05/12/2009
Version: 1.0
File size: 47.5 MB (for the EXE and the documentation)
Download URL: Click here

Swing Migration for SBS 2008
Download URL: http://www.sbsmigration.com/

Also, if you’re just doing a clean install, don’t forget about Philip Elder’s document.

SBS 2008 Setup Checklist
http://blog.mpecsinc.ca/2009/04/sbs-2008-setup-checklist-v10.html

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

LouMUG Meeting May 29, 2009 – SBS 2008

LouMUG logo On Friday May 29, 2009, 11:30 AM – 1:00 PM Michael Patrick (The Mirazon Group) and I are presenting SBS 2008 at the Louisville Microsoft Users Group (LouMUG) http://www.loumug.com

All are welcome, but seating is limited.  Lunch is provided by the meeting sponsor, TEK Systems.

IMPORTANT – You must RSVP to info@loumug.com to reserve your seat.

Venue:
Sullivan University
College of Pharmacy, Auditorium B
2100 Gardiner Ln.
Louisville, KY 40205
Map: Click here (old F.O.P. building)

Schedule:
11:30 am – Networking and Lunch
11:50 am – Introductions and Announcements
12:00 pm – Presentation
12:50 pm – Open Q/A & Discussion
1:00 pm – Adjourn

Synopsis:

  • Discover the differences between SBS 2003 and SBS 2008.
  • Learn the new features in the 2008 version.
  • Discover how Windows Small Business Server 2008 improves productivity and helps to protect your business information.
  • Enhanced versions are available.  Which edition fits your companies needs?

UPDATE: We’ve also invited Kevin Royalty [SBS-MVP] to speak at this event as well.

Hope to see you all there! 🙂

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Downloads – Free SBS 2008 Administrator’s Companion eBook

NOTE: This is a limited time offer, so grab it while you can!

Windows Small Business Server 2008 Administrator’s Companion Title: Windows Small Business Server 2008 Administrator’s Companion
Authors: Charlie Russel & Sharon Crawford
Publisher: Microsoft Press
Publishes: January 07, 2009
ISBN: 9780735620704
Pages: 719
Hard copy available: $37.79 at Amazon.com
Register for FREE download: Click here (24.2 MB)

Description:

Your comprehensive, one-volume guide to planning, setup, and administration.

Get the critical information you need to build and run a Windows Small Business Server 2008–based network. This essential, single-volume reference details system capabilities and components—including Premium Edition features. Gain the real-world insights, workarounds, and troubleshooting tactics you need for on-the-job results.

VN:F [1.9.20_1166]
Rating: 10.0/10 (1 vote cast)

Key Icon and User Roles in SBS 2008

From the mailbag:

“After a migration, some of the users showed up in the SBS Console with a key under their name and some didn’t. Example:

image

image 

I can’t change RWW access for these users either – it’s grayed out:

image

or even…

image

What does that key mean and how do I get rid of it? 

ANSWER

The key means the users are domain administrators, and therefore you can’t disable RWW for them individually. Don’t be fooled by the “User Role” column.

The key can come from two places.

1 – If a new user is created with the User Role of Network Administrator when running the SBS 2008 Add a new user account wizard, they get that key.

2 – In a migration scenario (like this one) if a user was a member of the “Administrators – domain/Builtin” Security Group on the source server, they will show up with that key after the migration to the SBS 2008 box (see George McFly above):

image 

Before we move onto the resolution (below), there are a few points to remember with User Roles in SBS 2008 detailed below. The wizards make it VERY easy to blow stuff up accidentally.

CAUTION – It is highly recommended that you read understand all of the information in this blog post before making changes any to user accounts and groups. There is no Undo or Recycle Bin for Active Directory changes in SBS 2008 RTM.

BACKGROUND INFO ON USER ROLES

When running the “Add a new user account” wizard in SBS 2008, you have
(by default) three options for User Roles:

  1. Standard User
  2. Network Administrator
  3. Standard User with Administration links

image 

Here’s what you get with each role.

Default group memberships by User Role:

Default SBS 2008 Groups & User Roles

Standard
User

Standard User
w/ Admin Links

Network
Administrator

All Users*

Yes

Yes

Yes

Windows SBS Fax Users

Yes

Yes

Yes

Windows SBS Link Users

Yes

Yes

Yes

Windows SBS Remote Web Workplace Users

Yes

Yes

Yes

Windows SBS SharePoint_MembersGroup

Yes

Yes

No

Windows SBS Admin Tools Group  

Yes

Yes

Windows SBS Administrators*  

Yes

Yes

Windows SBS Fax Administrators    

Yes

Window SBS SharePoint_OwnersGroup    

Yes

Windows SBS Virtual Private Network Users    

Yes

 

HINT: *The All Users and Windows SBS Administrators groups are E-mail Distribution Groups, not security groups, which means that you can’t assign security permissions to those groups.

Normally you would think that a group named “Windows SBS Administrators” would be some type of security group, but that’s just one of the gotchas in SBS 2008. The Groups tab in the SBS 2008 console makes this easy to see, but if you’re poking around in AD, you might forget. Just look for the ‘key’ icon to differentiate E-Mail and Security Groups.

image

So, this begs the question, “If I create a standard user, right-click them in the console and make them a member of all of the same groups as the Network Administrator in the chart above, do they get the ‘key’ icon?

Answer: No. You have to use Change user role for user accounts wizard (or dig into AD).

IMPORTANT USER ROLE / USER ACCOUNT TIPS

Things to remember about User Roles and user accounts in SBS 2008:

  • NEW USERS – User Roles are chosen at the time the User Account is created if you use the “Add a new user account” wizard (shown above).
  • CUSTOM ROLES – Have you ever gotten a call like this, “Mary is moving to part time, and we hired another person to do the same job in the afternoon – can you setup a new user account for Jennifer with the same permissions?”

    Now you can create a new role like “Reception” and create it based on Mary’s current permissions / memberships. This is great if you start creating new roles like “Warehouse”, “Intern”, “Vendor”, etc.

  • CHANGES – You can change the User Role assigned to an existing user after the fact using the “Change user role for user accounts” wizard (shown below). 
  • APPLYING ROLES – When applying a “User Role” to an existing user, you are given the option of adding or replacing the existing user permissions (shown below). This is where it gets sticky.
  • ADJUSTING PERMISSIONS OUTSIDE THE USER ROLE – After a User Role has been applied, you can tweak the permissions. This is great for creating department supervisors after the department has been mapped out.

    Example – You create a custom “Sales Rep” User Role, and then apply it to all sales users, including Marty McFly. Afterwards, since Marty is actually the Sales Manager, you also give him access to financial data.

  • REPLACE VS. ADD – If you re-apply a User Role to a user, you can accidentally remove any customizations to them. This is where you break the step above.

    Example – The custom “Sales Rep” user role has recently been updated to include a new e-mail distribution list. Then you decide to re-apply the permissions to Marty. Congratulations. You just took away Marty’s access to the financial data and made him a normal Sales Rep drone, and not a manger.

  • TRUST BUT VERIFY – Just because you see an entry in the “User Role” column, don’t assume that the user has had no customizations made to their account.
  • WE DON’T NEED NO STINKING WIZARDS – If you’re old school and manually create a user in Active Directory Users and Computers instead of the SBS Console, the user won’t show up in the SBS Users Console.

    Why? Because the attribute of “msSBSCreationState” = “<not set>”.

    But, you can change this in Active Directory by setting that to “Created”. Example – User account that will not show up in the SBS 2008 console:image

    Example – User account that will show up in the SBS 2008 console:image

RESOLUTION

OK, you understand the difference between Add & Replace, and the implications of re-applying a user role to an individual.

After you make a copy of the user group membership settings (because you love your job) you need to apply the “Standard User” User Role to that user and choose “Replace user permissions or settings” to get rid of that domain admin key. 

  1. Open the SBS Console, click Users and Groups, then click the Users tab.
  2. Click “Change user role for user for user accounts” wizard on the right.
    image
  3. Select the role for the user account (in our case Standard User), choose “Replace user permissions or settings”, and click Next.
    image
  4. Click on the name of the user on the left from the “All user accounts” column, click the Add button to move their name to the right column, then click the “Change user role” button.
  5. Done. Click Finish.
    image

ALTERNATE METHOD

If you’re AD savvy you can always open Active Directory Users and Computers and remove membership the ‘Administrators – domain/Builtin’ Security Group. This just takes away the ‘Administrator’ permissions and leaves everything else in tact.

Props: Thanks to Cory Rammer, MCSA/MCSE and all-around nice guy for his help on this post!

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

KYSBSUG 5-Year Anniversary

Kentucky Small Business Server User Group (KYSBSUG)This week, Thursday March 19, 2009 marks the 5-Year Anniversary of the Kentucky Small Business Server User Group (KYSBSUG). Where did the time go?

It’s pretty amazing to look back at all the events and topics we’ve covered in the last 60+ months. Some of the highlights we’ve met on include:

  • Backup & Disaster Recovery
  • Linux for SBSers
  • Vista Loadfest
  • FolderShare for Remote Workers
  • SBS Hacks
  • SQL 2005 Launch Event
  • Windows Mobile Boot Camp
  • DD-WRT
  • Office 2007 / Vista Road Show
  • Windows 7
  • SBS 2008
  • Essential Business Server (EBS) 2008
  • Windows Home Server (WHS)
  • Windows SharePoint Services (WSS)
  • Response Point
  • And vendor presentations like ConnectWise, Level Platforms, eFolder, New Horizons, etc., just to name a few.

Over the years we’ve had numerous well-known speakers, including: Amy Luby, Ronald Grattopp (Microsoft), Brian Von Axleson (Microsoft), Chris Rue [MVP], Kevin Royalty [MVP], Allen Miller, and many more. We’ve had study groups, round table meetings, and Live Meetings with visitors from all around the USA, Canada, and even as far away as Belgium.

In short, we’ve really done a lot in the last 5 years, and we’d like to invite you to celebrate with us! There will be food, door prizes, and lots of networking opportunities. Please register today!

Evening – KYSBSUG 5-Year Anniversary
Date: Thursday March 19, 2009
Time: 5:30 PM Eastern (GMT –5)
Venue: Fifth Quarter Steakhouse
Address: 1241 Durrett Lane, Louisville, KY 40213
Phone: (502) 361-2363
Map: http://tinyurl.com/bhrmqb
Registration Link: http://www.clicktoattend.com/?id=136756

IMPORTANT: This venue was chosen because it’s only a few blocks away from the Microsoft events that are happening earlier that day (which you should also attend):

Morning – Microsoft TS2 – 03/19/2009, 8:00 AM – 12:00 PM Eastern
Topics: Business Productivity Online Suite (BPOS), EBS 2008 & SBS 2008
Venue: Crowne Plaza Louisville Airport (formerly Executive West Hotel)
Register: http://msevents.microsoft.com/cui/EventDetail.aspx?culture=en-US&EventID=1032402683

Afternoon – Microsoft SB2 – 03/19/2009, 1:00 PM – 4:30 PM Eastern
Topics: Solution selling w/ Vista, EBS 2008 & SBS 2008
Venue: Crowne Plaza Louisville Airport (formerly Executive West Hotel)
Presenter: Ronald Grattopp
Register: http://msevents.microsoft.com/cui/EventDetail.aspx?culture=en-US&EventID=1032402690

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)