Category Archives: Book

Configure Real-Time Communications in Small Business Server 2003

Hi! I am Harry Brelsford, the publisher of the Microsoft Small Business Specialist Primer title focused on the 70-282 exam. Here’s a snippet for your reading pleasure.

Configure Real-Time Communications

Small businesses expect to have real-time communication capabilities just as seen in the enterprise. With SBS, you can offer mobile solutions that allow for increased productivity, collaboration, and communication. These solutions are enabled through core services of Windows Server 2003 and taken advantage of by SBS in different forms.

IMPORTANT: Beware of semantics and “plays on words,” as we say in the Western world. Microsoft removed the built-in Instant Mes­saging (IM) communications from Exchange Server 2003 in the SBS 2003 time frame. (IM was available via Exchange 2000 Server in the SBS 2000 time frame.) Microsoft replaced the IM functionality for SBS 2000 owners who purchased its Software Assurance prior to October 1, 2003, by giving these select owners a free copy of its Live Communications Server (http://office. m­municationsserver/default.aspx). Here is my concern. It would be easy from the above section headline (taken from the 70-282 exam objectives) to infer that Microsoft might test you on this very limited offer to restore IM functionality via the Live Communications Server product. And it’s even easier to assume that all this somehow relates to configuring real-time communications in the context of the 70-282 exam. Such is not the case. You are not tested on IM functionality and Live Communications Server on SBS 2003. Whew!


Harry Brelsford, CEO at SMB Nation

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)

PS – my Small Business Server 2008 (SBS 2008) book is now here! J

PPS – my fall show, SMB Nation Fall 2009, is in Las Vegas on October 2-4, 2009.


Leave a comment

Filed under Book

Small Business Server 2003 GPO Trick with IE

Howdy folks – I am Harry Brelsford, the publisher of the Advanced Windows Small Business Server 2003 book. I like to post up virtual book readings whne time allows. BTW – my annual SBS/SMB conference is in October in Las Vegas.

Here is a diddy on an Internet Explorer Group Policy Object trick in Small Business Server 2003.


Internet Explorer GPO Trick 

Here is a tip that will help you win the hearts of your clients. People like to see their names in important places, so put the client’s company name on the title bar of Internet Explorer. How, you ask? With a GPO that will edit the Default Domain Policy:

  1. Assuming that the Group Policy Object Editor (Figure 4-3) is still open, expand the User Configuration section.
  2. 2.      Select the Windows Settings, Internet Explorer Maintenance, and Browser User Interface. 
  3. Double-click on Browser Title object, select Customize Title Bars, and enter the client’s company name.
    1. 4.        Click OK. 
    2. 5.                        





y SECTIONBrelsford1 ☛ MBSBS 2003Consuting BestDeploymentPrac 


  You should get a result like that shown in Figure 4-4. When a user opens a page in Internet Explorer, note the top of the window where “provided by SMBNation” has been added to the default title.
  Figure 4-4

Customizing the Internet Explorer title bar using a GPO.





Logoff Command

You should also consider adding the logoff command to the Start menu to benefit your users.

  1. 1.        While you are in the Default Domain Policy in the Group Policy Object Editor, select User Configuration, Administrative Tem­plate, and then click Start Menu and Taskbar.
  2. 2.        On the right side, double-click Add Logoff to the Start Menu and check Enabled.
  3. 3.        Click OK.

Now close the Group Policy Object Editor. Since these changes were made to the default domain policy, everybody will get these changes the next time they log into the network.

Leave a comment

Filed under Book

70-282 Exam: Configuring Windows SharePoint Services (WSS)

Yo – harryb here – publisher of the Microsoft Small Business Specialist Primer book that is focused on the 70-282 exam. Did you know that I hold a annual fall conference for Channel Partners in the SMB space each October? It’s true, its VEGAS and it’s the 7th annual SMB Nation!

Read on:

Configure Windows SharePoint Services

Windows SharePoint Services (WSS) is the intranet (intraweb) of the company and is automatically installed during the SBS installation. The WSS site is a collaborative platform that allows businesses to organize and manage information in a browser-based and office-integrated environment.

Understanding WSS

Central to understanding WSS are the following high-level concepts:

  • WSS replaces the COMPANY share. Older versions of SBS had a network shared folder called COMPANY (the path was <drive let­ter>:\Company Share Folders). Now, in the SBS 2003 time frame, you are directed to place your bona fide company-related documents and data in the WSS repository. The WSS repository is a SQL Server-type database file and isn’t part of the NTFS storage system (NTFS can be thought of as the “yellow folders” you are familiar with from MyDocu­ments or Windows Explorer).
  • WSS has alerts and NTFS does not. You will want to configure the alerting capabilities in WSS, to advise you when documents have been checked out, help desk tickets entered, etc.
  • Full Search. SBS 2003 Standard Edition uses the Windows MSDE engine to manage WSS. SBS 2003 Premium Edition uses the MSDE engine from SQL Server 2000 to manage WSS and has superior search capabilities.


Chapter 7Configuring Windows Small Business Server 2003

  • More than a document management system. In the real world, it’s easy to view WSS as only a document management system (and a darn good one for free out-of-the-box in SBS 2003). However, that is not the only way MICROSOFT VIEWS IT (remember the 70-282 exam is based on Microsoft viewpoints). In fact, you won’t even see the words “document management” on Microsoft’s SharePoint page at Here is the current WSS descrip­tion from Microsoft’s site:

Windows SharePoint Services is a collection of services for Microsoft Windows ServerTM 2003 that you can use to create team-oriented Web sites to share information and foster collaboration with other users on documents. You can also use Windows SharePoint Services as a development platform for creating collaboration and information-sharing applications.

Different strokes for different folks. There are numerous ways to access WSS that are fair game on the 70-282 exam:

  • CompanyWeb. This is the default home page in Internet Explorer for a
    client computer connected to an SBS 2003 network. See Figure 7.9.
  • My Network Places. WSS folders can be published as network places.
  • File, Open. Office 2003 applications can directly open and close docu­ments in WSS.
  • Shared Attachments. A new form of e-mail attachment interacts directly with WSS. Very cool!

Configuring WSS

There are several customizations you can perform after installation to make the intranet more useful for your clients and/or organization. WSS is comprised of different web parts that can be modified, moved or removed, and added.



You can configure WSS by using Tasks located in the Server Management

console under the Internal Web Site link where you can manage:

  • Importing files—Using the Import Files Wizard, files, and subfolders can be moved into the SharePoint site from shared folders.
  • Add link—Allows you to add an internal or external link to the com­pany’s intraweb site.
  • Change name—You can change the name of the intranet displayed on the intranet site.
  • Change homepage layout—Lets you modify the layout of the site.
  • Manage access—Here you can specify roles for users to manage user access.
  • Manage your company’s internal website—Where you can manage intranet site settings.
  • Central administration—Used to configure server, virtual server, secu­rity, and component settings for SharePoint services.

You may also configure WSS in other ways from the CompanyWeb page. For example, you can create sub-webs from CompanyWeb. Sub-webs are like mini- web pages created to collaborate on a specific project.

IMPORTANT: WSS has very generous permissions. A user added to the SBS 2003 network is given the second-highest level of permis­sions in WSS: Web Designer. This allows users to create sub-webs by default and enter Help Desk tickets. Contrast that with the restrictive default NTFS shared network folder permission setting for a user on the SBS 2003 network: read-only (actually read, execute, and list—but effectively read-only).

The above comparison of WSS and network share permissions is presented to touch on two points in the 70-282 exam. WSS is considered cool by Microsoft and will certainly be on the exam. And I’ve offered you a security example. Microsoft takes security very seriously.

So the WSS section ends with a couple of homework assignments. First, use
WSS as experience and you will find no better teacher for this section of the


Chapter 7Configuring Windows Small Business Server 2003

70-282 exam. Keep in mind the exam still covers WSS version 2.0, unlike the 70-631 exam which covers WSS version 3.0! Visit www.sharepointknowledge. com and look for postings on the SBS newsgroups (detailed in Appendix A) from SBS-MVP Chad Gross.

Leave a comment

Filed under Book

SMB Consulting Tip – Be a Speaker

Hello there – I am Harrybbbbb, the author of the SMB Consulting Best Practices book. I host an annual conference in October each year (SMB Nation Fall, VEGAS) and ironically, the passage from my book is abot being a speaker!

Find speaking opportunities

Trade groups, social organizations, and the like are always looking for speakers for their monthly lunch meetings. In the past, I’ve found myself on the Rotary luncheon speaking circuit, telling SBS stories.

BEST PRACTICE: If the cat’s got your tongue, you can always join Toastmasters International, the social organization dedicated to improving public speaking and presentation skills. Visit at

Delivering seminars

A seminar is a tried-and-true way for an SMB consultant to engage in a little educational marketing. In many cases, it’s paid marketing, where the attendees will pay for the privilege of your expertise. The key point with a seminar is that you need to know your audience and venue. If it’s a sales seminar about a new service or product, you probably can’t charge the audience a fee to attend. If it’s a technical seminar where you offer wisdom and insight, you can typically charge a fee, say $99 US for a half day or $149 US for a day (lunch included for the participants, paid from your fee-based revenues). You need to decide if you are going to put on a sales seminar or an educational seminar or a combination of the two. If you are you trying to close business that day (the closer approach), you are clearly delivering a sales seminar. If you are doing the old soft sale, where you deliver more meaningful content, then this is the educational approach. It’s up to you to decide what fits best for your personality style and the market you are trying to reach.

Established seminars

Early on in the life of Small Business Server while I was developing my reputation as a niche specialist in this area, I gave a monthly educational seminar at Microsoft’s Pacific West (PacWest) sales office in Bellevue, Washington. This was part of the monthly Solution Providers program whereby you could deliver a half-day seminar using Microsoft’s lecture hall. The price was right, as I had to reimburse Microsoft for only coffee and parking expenses. My topic, “Networking Basics,” brought in up to 60 people each month. From that crowd, I typically enjoyed several leads and landed one engagement.


BEST PRACTICE: Don’t forget to consider joining the Microsoft Certified Solution Providers program as an SMB consultant to help build your business and interact with other technology professionals in your area. More information on the Microsoft Certified Solu­tions Providers program can be obtained by visiting

Note that many SMB consultants start with the lower cost Action Pack program prior to joining the full-fledged solution provider program. You can find out more about Action Pack at the above URL.

You might consider the following organizations when you’re seeking out an established seminar channel through which to deliver your presentation. Be advised these environments are much more business-oriented than technical. That’s not a bad thing when you’re trying to earn more business.

  • Chamber of commerce — This might be the best one. Speaking in a credible manner as an SMB consultant before a group of active business people is a great opportunity. You may need to join the Chamber of Commerce to fit into the crowd and be invited, but the $300 or so per year might be money well spent.
  • Service organizations — These include Rotary, Masons, Moose, and Lions. Rotary leads the list as being the best selection, because, in my opinion, this organization is populated with business-oriented members, especially those who might be middle-managers who have purchasing authority. Other services organizations, such as the Masons and Moose, tend to be more fraternal and social and don’t emphasize business and commerce (although many business people belong to fraternal service organizations).
  • Professional associations — There are two types of professional associations. First, there are the paralegals, legal secretaries, and office managers who meet each month for a formal luncheon. These groups are also seeking speakers, so you’re likely to have success here. Don’t underestimate this avenue. Remember that office manag­ers and the like are key influencers when it comes to retaining the services you provide as an SMB consultant. The second type of professional association includes groups who are organized for


regulatory or compliance purposes. This includes accountants in the CPA Society, lawyers in the Bar Association, medical professionals, and so on. This second set of groups typical have mandatory mem­bership (e.g. to be a CPA, you must belong to the CPA society). These groups need seminar speakers too.

  • Trade associations — Industry-based trade associations represent a great seminar delivery avenue. Again, the monthly luncheon or the annual convention are both possibilities. Closely related are trade groups, which might not be tied to a specific entity or be as formal. I belong to one in my neighborhood called the West Sound Technol­ogy Professionals Association ( and it’s been my pleasure in the past to speak before them about the benefits of SBS.
  • Clubs — You can even successfully give a technical seminar before a club. I once gave a technical speech on how to use the Internet before the Dutch Club of Seattle. Hey, several Microsoft employees were in attendance along with many successful Dutch-American business people.
  • Regional economic development authorities — These are typically quasi-government authorities charged with expanding the business base in a particular region. Economic development authorities facilitate introductions within the business community in the form of conferences, as well as pursue economic initiatives, such as having a certain area (say, a business park) be declared a duty-free zone for goods that are manufactured for export. Some regional economic development authorities have the power to issue bonds and deben­tures for financing public works projects, such as building parking garages. But the way that an SMB consultant can work with a regional economic development authority is to provide SMB technol­ogy seminars at business conferences.
  • Cause-based not-for-profit organizations — Perhaps you support a medical research cause. The not-for-profit organization behind the cause of your choice may have a need for a seminar or speech.
  • Social organizations — You might even get roped into giving an SMB consulting speech to a social organization, such as the Junior League.


Arts organizations — Perhaps giving a speech or seminar during the dinner hour is more your style. Many arts organizations hold awards dinners and seek out speakers. The motivating factor in speaking before an arts organization is that you will find yourself before the barons and titans of industry in their off hours away from the office.

Create your own

You can also create your own seminars from scratch. The great thing about the homegrown seminar series is you control virtually everything: dates, content, promotion, and so on. One create-your-own seminar I put on with modest success was a series of executive workshops for Microsoft technologies (in this case, it was Windows 95). My feeling was that demand existed for business executives seeking to gain information on new Microsoft technologies. More important, these decision makers would be locked in a boardroom with me for a half day, a captive audience with budget authority. These seminars may not be instant money-makers, but they do pay off in the long term with new clients.

The create-your-own seminar approach has been used for years by financial planners and stockbrokers, proving they do work. The key is to target your audience.

BEST PRACTICE: By the way, giving free educational speeches has other rewards: karma dollars. I like to think that, by giving to the business and technology community, I’ll receive something in re­turn. Perhaps it’s the good feeling achieved from helping some­one. Perhaps I’ll be a billionaire in my next life. Whatever the payoff, it’s the act of earning karma dollars and you shouldn’t un­derestimate the power of this process.


Another promotional avenue, used more often by established SMB consultants than those new to the profession, is speaking at conferences. Not only do you have your time in front of an audience, but also you get your name and typically a short biography printed in the conference brochure. There are three types of conferences:


  • Local — Your efforts may be best directed to local conferences if that is where your clients are (in your local community). Since I tend to focus on small and medium-sized firms for my SMB consulting activities, local conferences make the most sense. In the Pacific Northwest, there is a local conference that travels from city to city called ITEC (recently rebranded as NEXT conferences). Perhaps your community has a similar local technology conference.
  • Regional — These conferences tend to be larger in scope and draw people from surrounding states. The caliber of attendees may be higher as well as the quality of the selected speakers. If your SMB consulting business is regional in nature, speaking at a regional conference is a good use of time.
  • National — Clearly, this is where the heavyweights play. The type of SMB consultant that can benefit from national exposure is someone who, quite frankly, has some thing to sell at the national level, such as a book. In the past, national conferences were focused on the enterprise level. But I’m pleased to announce that I’ve taken the initiative to underwrite and produce an SMB conference at the national level called “SMB Nation.” Visit, and I will look forward to seeing you there sometime.

Leave a comment

Filed under Book

Group Policy Objects (GPO) Tricks!

Hi there everyone – I am harry brelsford, co-author of the Advanced Windows Small Business Server 2003 Best Practices book. I like to hold virtual book readings and I’m posting up right here, right now. BTW – I hold a big annual fall conference in early October (Las Vegas) and perhaps you’d like to attend (learn more about SMB Nation Fall here).

Group Policy TipsLet’s move on and discuss Group Policy, which is an area that didn’t get any air time in the introductory SBS 2003 book in this series (Small Business Server 2003 Best Practices). Provided here are discussions about:

  • Creating new group policy objects,
  • Group policy and software update services, and
  • GPO exception or override.

Working with Group Policies has changed. Where you used to be able right click an object such as an OU or the Domain and select Properties and the Group Policy tab, that is no longer the case. If you try, you will get You have installed the Group Policy Management snap-in, so this tab is no longer used. Instead the Group Policy Management Console will open. This console will make seeing the effects of your policies much easier. But actually editing a policy may take you a little bit to figure out.

I poked around the Group Policy Management snap-in for quite some time trying to figure out how to actually change a Group Policy Object (GPO). It seemed like everything I clicked on was a view, but not editable. Here is the solution. All you have to do is right-click on the GPO or the shortcut to that GPO and choose Edit from the context menu that appears. It is always so simple once you figure it out!



Creating New GPOs

It’s time for a little Group Policy 101. Let’s make sure we understand how GPOs work. First of all, GPOs have to be connected to a container. Valid containers for GPO’s are:

  • Sites,
  • Domains, and
  • Organizational Units (OUs).



y SECTIONBrelsford1 ☛ MBSBS 2003Consuting BestDeploymentPrac

  With SBS 2003, you will work mostly with OUs and the Domain Container. To be brutally honest, sites are more of an enterprise concept and don’t really relate to the world of SBS 2003.No matter where you create your GPO, the actual policy code will reside in the sysvol directory on the domain controller at %systemroot% \SYSVOL\ domain\Policies.

What you actually put in the container OU or Domain is a link to the GPO. You can have more than one link to the same policy because they are re-useable (another author in the GPO field refers to this as “tattooing”). GPO relationships follow the hierarchical OU tree downward, unless you specifically block the GPO from being applied. That is, a nested child OU will inherit the GPO functionality of a parent OU.

This section covers the following procedures:

·Creating a new OU

·Internet Explorer GPO trick

·Logoff command


Creating a New OU

Let’s start out by creating a new OU to hold the link to a new GPO:

  1. Logon to SBS 2003 as the administrator.
  2. Launch the Server Management console.

3.     Expand Advanced Management, select Active Directory Users and Computers, expand the domain name object, expand the MyBusiness OU, and expand Users.

  1. Right-click on the SBS Users OU and select New, Organizational Unit from the context menu.

5.     Title your new OU as LimitThese then click OK.

Now you will use the Group Policy Management snap-in:

1.      In the Server Management console under Advanced Management, select Group Policy Management.

2.   Expand Forest, Domains, your domain name, MyBusiness, Users, and SBSUsers.


pter CHAPTER1 ☛4 So You AdvanceWant o Setupan and SMB DeplymentConsultan


3.          Right click on the new OU you created above, LimitThese. Select Create and Link a GPO Here and name the new GPO NoRegeditNoRun.BEST PRACTICE: When possible, I like to use a name that will remind me about what the GPO does. For a look at the power of GPOs, complete this quick exercise:

Right-click on the NoRegeditNoRun GPO and select Edit from the context menu. As you can see, there are two main sections: Computer Configuration and User Configuration. Take a moment and observe the thousands of GPO settings available. It is here you start to see the power that Group Policy can put in your hands via GPOs.

4.          Expand User Configuration, Administrative Templates and click Start Menu and Taskbar.

  1. Scroll down to Remove Run menu from the Start Menu. Double- click on this setting to open it.
    1. Click the Enabled radio button.

You can click the Explain tab for a detailed explanation of the settings. Kudos to the Microsoft team that wrote this excellent on-line help!

7.        Click OK.

8.          Find and select the heading titled System. On the right-side pane open Don’t run specified Windows applications.

  1. Click the Enabled radio button.
  2. Click Add and enter regedit.exe in the text field.
  3. Click Add again and enter regdt32.exe in the text field.

12.       Click Add again and enter cmd.exe in the text field.

  1. Click Show. The Show Contents dialog box appears, similar to Fig­ure 4-3.
    1. Click OK twice and close the Group Policy Object Editor snap-in.





y SECTIONBrelsford1 ☛ SBS 2003Consuting BestDeploymentPrac



Figure 4-3

Observing the commands you have entered that will not run.






So what does the new GPO do at this point? Nothing. We have not put any users into the NoRegedtNoRun OU we created, so perhaps I just gottcha with that trick question, huh? But once users have been placed in the OU, they will be impacted by the GPO (the Run command will not be available from the Start menu on their desktop computer). Additionally, the users will not be able use registry editor or the command prompt.

BEST PRACTICE: A note of caution: be careful! You can really hurt yourself with group policy, so go lightly until you get a feel for it. Be especially careful that you don’t put yourself or the administrator in the OU that you just created. Why? Because you will find it difficult to administer your network with the above-cited functionality disabled.


pter CHAPTER1 ☛ 4 So You AdvanceWant o SetupBe an and SMB DeplymentConsultan


Always test your GPO on a temporary user to make sure it performs as expected, before turning it loose on your network. Go ahead and create a temporary user in the new OU. Log on to a workstation as that new user to see the effect of the policy. Log off and log back on as the administrator. See why we put our GPO in the user section instead of the computer section? It is very important to think about what it is you are trying to control. Also keep in mind that most user settings are applied at logon, whereas most computer settings are applied at boot-time.

Internet Explorer GPO Trick

Here is a tip that will help you win the hearts of your clients. People like to see their names in important places, so put the client’s company name on the title bar of Internet Explorer. How, you ask? With a GPO that will edit the Default Domain Policy:

  1. Assuming that the Group Policy Object Editor (Figure 4-3) is still open, expand the User Configuration section.

2.      Select the Windows Settings, Internet Explorer Maintenance, and Browser User Interface.

  1. Double-click on Browser Title object, select Customize Title Bars, and enter the client’s company name.

4.        Click OK.


Leave a comment

Filed under Book

How To Write A Book [SMB Consulting Best Practices book excerpt]

Hiya folks – its just hours away from the start of SMB Nation Spring 2009 in the NYC area (#smbnation) and I wanted to post up another “virtual book reading” before I get crazy busy and don’t blog fror a few days. Here is a passage from my SMB Consulting Best Practices book – on how to write a book. Many people ask me about writing a book. My reply is WRITE ON!

Write a book

Writing and publishing a book on a technical topic, such as a Microsoft Servers application, allows you to ascend to the highest levels of professional status. Writing a book is a great way to generate favorable publicity and ascribed credibility if you can justify the untold hours of writing (which

likely take away from your hours of billing). It’s a great way to have inbound telephone calls from warm leads come your way (okay, sometime inbound e-mails, but the point is the same).

BEST PRACTICE: If you are interested in writing a book, one of the best ways to learn more about this avenue is to visit book publish­ers’ booths at technology trade shows. For example, Microsoft Certified Professional Magazine‘s semiannual TechMentor trade show ( typically has several publishers present on the show floor. These booths are staffed with acquisition edi­tors who are on the constant hunt for the next Mark Twain.

But another attack on this issue is to consider self-publishing. After writing eight books for traditional publishers and enjoying name recognition, I got tired of the relatively small paychecks from the royalty system. I turned to self-publishing and enjoy the benefits of being a published author, plus I’ve turned the books into a bona fide profit center (thanks in large part of readers like you). The vanity press that coordinates the production and printing of this book, Hara Publishing, is in the business of helping authors who would like to self-publish. Their contact information is listed on the first few pages of this book. Go ahead and give ’em a call for more information.

If you look at how the big-league consultants in both technology and business make it, you’ll likely find that at some point these people have written a book. Moreover, writing a book is a time-tested promotional stunt. East Coast highbrows like James Campy, for example, built his consulting practice around his books on downsizing and reengineering during the early 1990s. The other nice thing about a writing a book is that it also helps if you want to be a technology consultant in a larger firm someday. At interview time, whipping out your latest book can be an effective way to impress your future supervisors. Firms such as Big Five accounting firms (with their respective technology practices) appreciate this approach.

Leave a comment

Filed under Book

Post Small Business Server 2003 Setup Tasks Including Time Sync

Hiya folks – I’m harrybbbb, the co-author and publisher of the Advanced Windows Small Business Server 2003 Best Practices book. I like to hold virtual book readings – today it’s on SBS 2003, known as Small Business Server 2003, post-setup stuff. Enjoy!

2003 Setup

This section presents some advanced computer connection
tips you might consider after SBS 2003 is installed
on the server machine and you proceed with the
deployment. When it works, the Connect Computer page is wonderful, The page is actually called Network Configuration, but everyone calls it
the Connect Computer page because of how you access it. You access this page from a workstation that is attempting to join the SBS 2003 network by
typing http://servername/connectcomputer. This is so much better than having to make that “magic” disk used in prior SBS versions where you had to run around, putting said magic disk in each computer. However, when the Connect

CHAPTER1 ☛ 4 So You AdvanceWant o SetupBe an and SMB DeplymentConsultan


doesn’t work, this functionality is frustrating because it is very hard to troubleshoot. Described
below are some HandyAndy workarounds to try in the event you hit a roadblock:

  • Add to a new workgroup
  • Add a user
  • Synchronize client computer time
  • Synchronize logon time
  • Keep server time sync ‘d


you’ve physically connected to the local area network (LAN) segment (don’t laugh-its easy to
overlook), try this. Run the IPCONFIG command on the errant workstation and
verify it is getting an IP address from the SBS 2003 server machine. In the
perfect world of SBS 2003, this should be a 192.168.16.x IP address. If it is not,
you’ve got some basic network troubleshooting to do because obtaining an IP
address from the SBS 2003 server machine is a low- level




One way this address-leasing
problem reveals itself is in the IPCONFIG output. If you are getting
a 169.x.x.x automatic address generated natively by Windows XP Professional, then clearly the IP address is not coming from the SBS
2003 server machine and you need to resolve your network issues first. This
will be a true test of your skills as a competent SBSer.

On the other hand, if you are getting a valid IP address from the SBS 2003 server machine, run the IPCONFIG /ALL command to verify that the IP
address lease is a “rich fully featured” lease wherein the SBS 2003 server is the
only DNS entry for the client machine. We want the name resolution activity
facilitated by the SBS 2003 DNS services to be
first in line. You do not want name resolution activity initially
going to an external DNS server on the Internet because they can not resolve internal names.


SECTIONBrelsford1 1 MBSBS 2003Consuting


Add to a New Workgroup

Next in
your client connection troubleshooting, try adding the workstation to a new workgroup (do this from
Control Panel, Network). If the client computer is still not properly joining
the SBS 2003 domain, reboot the workstation two more times. I know it sounds absurd, but it has
worked a number of times. Our industry is the only place where you can do the
same thing over and over and expect different results, and no one thinks you’re

Add a User

Here again,
fact is stranger than fiction. Try only adding one user to the client computer machine in the
Connect Computer phase. I have had a few experiences where I could not add
multiple users while running the Connect Computer routine, but when I tried adding only
one user, it worked fine. Also, although it shouldn’t be necessary, try running
the Connect Computer routine as the administrator, which means you have the
rights of the Domain Admins security group.



Synchronize Client
Computer Time

If other approaches to connect the client computer
to the SBS 2003 domain fail, there is a good chance your
workstation is too far out of time synchronization with the SBS 2003 server. Time can be a real issue on the domain. Check
the time on the server and, if necessary, set it manually to match the server
time. Do this on the workstation by double-clicking on the clock icon in the
bottom right corner of the screen. You can also
check the time service on the server and make sure it is

BEST PRACTICE: If you chose the “Router” option when you
ran the Configure Email and
Internet Connection Wizard, the time service was turned off. Why? Because some routers are
dial on demand; the time service
would cause the router to excessively dial up the ISP, resulting in a potentially expensive
connection pattern. So, if you need the time service running, perhaps as part
of your client computer
troubleshooting approach, you have to set the time service to start
automatically in the services console.

CHAPTER1 ☛4 So You AdvanceWant
o Setupan and SMB DeplymentConsultan


Speaking of time synchronization, this is as good a time as any to
mention that if you are
using ISA Server 2000 in SBS 2003, you need to open up port 123 UDP using the following
procedure so the time service can “get out” and sync with an external time

Logon to the SBS 2003 as the administrator.

Click Start, Programs, Microsoft
ISA Server
, ISA Management Programs, Microsoft
ISA Server
, and select ISA Management.

In the ISA Management console tree, expand Servers
and Arrays
, expand servername, expand Access
, and right-click on IP Packet

4.     Click New, Filter. Name the
new filter Time and click Next.

5.     Select Allow
packet transmission
and click Next.

6.     In the Filter Type
dialog box, select Custom.

Set the IP
to UDP.

Set the direction to Send receive.

9.     Set the Local port to Fixed port and the Port number
to 123.

Set the Remote port to Fixed port and set
it to 123.

The property sheet for the time filter you just created in shown in
Figure 4-2.






SECTIONBrelsford1 1 SBS 2003Consuting



Figure 4-2

Notice the procedure settings are
properly reflected on the Time Properties,
Filter Type





Click OK.

12.       Accept the default selection of Default IP
addresses for each exter­
nal interface on the
ISA Server computer
and click Next.

13.       In the Apply this packet filter to window, select All computers and click Next.

Review the summary information and click Finish.

It is that easy.

PRACTICE: A lot of SBSers think you need to create a protocol rule to achieve the functionality presented above. You
don’t! Protocol rules
allow the client machines to get out and access the Internet. We want internal
client computers to synchronize with the SBS 2003
server machine so a protocol rule is not needed.

pter CHAPTER1 ☛ 4 So You AdvanceWant o SetupBe an and SMB DeplymentConsultan


Synchronize Logon Time

I also like
to synchronize all my workstations at login. Note that this is not necessary for Windows XP Professional
client computers anymore because internal XP technology automatically performs the time
synchronization function.

time-synchronize non-Windows XP Professional client computers, I modify the SBS_LOGIN_SCRIPT.bat
file located in %systemroot%\ SYSVOL\ sysvol\ %domainname%\ scripts directory of the SBS 2003
server machine. This file has one line by default. Modify this line by
adding the word call to the begining of the line. and then add the following as the
second line.

call net time /set /yes.

Make sure
your server is getting it’s time synchronized from someplace trustworthy, I use To
accomplish this, run the following commands once at the SBS 2003 server machine

net time / net stop w32time

net start w32time




In the first line, notice that
there is a reference to, which is an externally verifiable time source. But you don’t have to use; you may use any time source you like. You can also use a list of time
servers by separating them with semicolons. For
more information on setting an authoritative time source, see
Knowledge Base Article# 216734: How to configure an
authoritative time server in Windows 2000. Don’t worry it applies to Windows 2003 also.

Keep Time

SBSer Steve Carmeli shared a
time problem that you might find interesting. His D-Link router was
sending out a time synchronization command that was preventing his domain from syncing. I don’t have the exact specifications
on his network, but all signs point to this as another example of why you
shouldn’t run SBS 2003 with a single network adapter card. Spend the extra few
dollars to buy a second network adapter card and save yourself some grief. (This


y SECTIONBrelsford1 ☛ SBS 2003Consuting BestDeploymentPrac

another way of saying you should make the SBS 2003 server
machine the lord of your network.) Here is Steve’s

I finally started installing SBS
this week. After I was done installing it,
I couldn’t log on. Why? SBS kept telling me that the server’s clock was out of sync with the network clock! Well, while I’d only read through to Chapter 3 in the
SBS Best Practices book (I’d read through the
consulting best practices book), I’d never read that, and it didn’t make any sense to me. I reinstalled twice but never really checked the time when it came up during the install. Finally, on the third install, I compared the time on the server on Windows Install with my workstation and, sure enough, they were out of sync by over an hour. Well, I adjusted the server on the Windows install, but that still didn’t fix it; I still
log on. I rebooted and caught
the setup features of the PC before
Windows started and, sure enough, the Windows install didn’t change the server’s clock. I adjusted the server’s clock, rebooted and this time I could log on.

It turns out that the clock in
my router and the clock in my server were
set to different times. When I set them to the same time, then the server allowed me to log on.

But note that was with the
D-Link router, which I returned. I had nothing
but problems with that router and that would be something I’d write in the knowledgebase. The Linksys router, though more expensive, and though I had to wait much longer for tech support, worked the first time.

Steve Carmeli






/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;


Harry Brelsford, CEO at SMB Nation

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small
Business Specialist)

PS – my Small Business
Server 2008 (SBS 2008) book is now here!

PPS – my spring show, SMB
Nation Spring 2009, is in the NYC-area on May 1-3, 2009.

Leave a comment

Filed under Book