Brelsford’s Mailbox [SMB Consulting Best Practices book excerpt]

Folks – harryb here – I am the author of this super duper SMB consulting book and I am posting up a passage as a virtaul book reading. Enjoy this edition of Brelsford’s mailbox!

Brelsford’s Mailbox From: Brian [mailto:Brian@brisysconsulting.com] Sent: Sunday, March 02, 2003 10:22 AM To: Harry Brelsford Subject: Curious about the projected release date of your next book Hello Harry, I hope things are going well for you. I am looking forward to attending one of your SBS seminars but nothing ever gets close enough to NJ for me. If I had the budget I would fly out to the closest appearance. Your SBS Best Practices is my bible! lol In an e-mail to me months ago you mentioned writing a book on small business technology consulting. Any time line or projected release date for the book? Will it be more than 6 months from now? Just curious, and it is your fault! If you had not made SBS Best Practices so darn good I would not be so impatient. I have said this before but I cannot help repeating it to you. ..THANKS! Thanks for allowing me to find my niche and giving me a step-by-step book to guide me through it. It was the lighthouse for me in the storm of techno books.

 

Before I sign off. ..I would like to make some suggestions for your next book. These are my biggest troubles so far (one young man, just starting, limited budget) and ones I would love to see addressed in your next book: 1)   Handshaking/foot in the door — getting new business, finding it, etc., without an advertising budget. 2)   Contracts — finding good sources for technical consulting service contracts. I cannot afford to have an attorney put together multiple variations of contracts for me. I also do not find many attorneys adept at the IT business. I have limited experience in this area and most of the attorneys I have met don’t have a clue when it comes to IT either, they convert standard service contracts into IT contracts. I am sure there are major loopholes not being covered. 3)   Insurance — what types should an IT consultant have? What is too much? What coverage is needed that your agent may miss? What are the current trends? 4)   Employment status — what are some good techniques to get past the problem of being considered an employee by the firm that hires you? I have lost a job because the company would have been obligated to provide health coverage, worker’s comp…etc. We need some strategies to get around these obstacles. I am going to be consulting an attorney friend of mine about these issues soon, but would love to get your take on them too. Thanks again for your eyes and ears and good luck with your next book, Brian Williams Brisys Consulting Brian@brisysconsulting.com # # # REPLY: Hi, Brian! Thanks for the kind words and permission to use this e-mail in my SMB

 

 

Consulting Best Practices book. I appreciate your suggestions and eagerness for this book (BTW — book out in mid-2003 which you would know if you’re reading this dialog in the book itself). I’ve taken your suggestions to heart and will include these topics in the following way. The “finder” section of this book will discuss the first point about handshaking and foot in door (and hopefully not foot in mouth!). Points two and three are covered in the “minder” section of this book. And earlier in this chapter I addressed employment status in a positive spin, but I also return to that topic in passing later in the “minder” section. All the best to you and happy reading…harrybbbbb

cheers….harrybbbb

Harry Brelsford, CEO at SMB Nation (www.smbnation.com)

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)

PS – did you know my Windows Small Business Server 2008 (SBS 2008) book is almost here? Yes!

You’ve only just begun: SQL, SBS 2003 and end of book! [Windows Small Business Server 2003 Best Practices book excerpt]

Hey loyal readers. I am the author for the Windows Small Business Server 2003 Best Practices book and each day I host a virtual book reading. It’s a lot of fun and today is very special as I post up the final passage fomr this “purple book.” Over the past six months, you have joined me in our SBS book club, by any other name, for these daily missives. I intended to post up until the SBS 2008 product shipped, and indeed that day has arrived. Yesterday, November 12th, was the Windows Essential Server Solutions (WESS) launch for Small Business Server 2008. And today is “numerically” the end of the SBS 2003 book. So the timing was perfecto.

Here you go – some final thoughts on SQL Server in a SBS 2003 environment!

Next Steps – You’ve Only Just Begun

So you’re still interested in learning more about SQL Server? That’s great! It’s a huge area where you can always grow; it has no upper knowledge limit. Aside from the advanced SQL Server books mentioned earlier today, there are several key areas to master as you continue in your quest to learn and use SQL servers. These study topics are:

•                      Learn SQL basics including these SQL commands: SELECT, UPDATE, INSERT, and DELETE. •                      Learn the rules: how to define primary keys, secondary keys, and in­dexes, and how to normalize a database. •                      Learn the power of stored procedures. Create a stored procedure of your own.

 

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

 

•                      Learn, inside and out, the tools that ship with SQL Server 2000 includ­ing SQL Server Enterprise Manager, SQL Query Analyzer, and Books Online (to name my three favorite tools). •                      Learn and master client-side connectivity, especially ODBC. •                      Learn how third-party applications use SQL Server 2000. Such third-party applications include Great Plains, the accounting application. •                      Learn to connect sophisticated Web pages to SQL Server 2000 for online transactions (far more advanced than you learned in the last section). This is, of course, a very popular and in-demand skill set. It is the basis of many electronic commerce implementations. •                      Learn to migrate data from Access to SQL Server 2000.

 

Summary

Today you worked with SQL Server 2000, the powerful database included with SBS 2003 (premium edition). I hope that the exercise in creating a database for SPRINGERS went a long way toward debunking the myth that databases are hard to use. If you followed the steps in this chapter, you not only created a database, but used it as well. That said, I emphasize the following point again: On an SBS network, your interaction with SQL Sever 2000 will likely be limited to installed third-party applications that use SQL Server 2000 as a database engine. If for some reason you decide to program SQL Server directly, as you did in creating the SSLDOG database table for SPRINGERS, remember to keep your databases simple and friendly, very much like you did today. That’s my $0.25 USD advice to you. Good day.

 

cheers…harrybbbb

Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS – did u know I host a technology conference in the New York City area each spring? Save the date for March 6-8, 2009 and watch “voice meet data” in the SMB space!

PPS – my SBS 2008 book will be out in mid-November 2008!

PPPS – my Microsoft Response Point Primer book is here NOW!

SQL Server “success” with SBS 2003 [Windows Small Business Server 2003 best practices book excerpt]

Hiya – just my daily virtual book reading by posting up a passage from my SBS 2003 “purple book” Today we start to wrap up the SQL Server discussion!

Success!

Enjoy your success. You’ve had a busy chapter so far performing the following SQL Server-related duties:

1                    You learned SQL Server basics. 2                    You created a SQL Server database title SSLDOG. 3                    You created a table titled “Tracking” in the SSLDOG database. 4                    You entered data for SPRINGERS in the Tracking table. 5                    You queried (used) the data in the Tracking table by executing a simple SQL query.

 

Chapter 14 ☛ Database Management With SQL Server 2000

I want to emphasize one final point before you move on: This short chapter on SQL Server is only a start, and you have a lot to learn about SQL Server 2000 if you so desire. In other words, for those readers who complain in posted reader reviews at Amazon and other online book sellers that I don’t cover specific SBS components at the Ph.D. level, I hope I’ve sufficiently managed your expectations about the depth to which I can delve regarding individual BackOffice applications. No hard feelings, but there are many fine books (and large books at that) dedicated to individual applications, such as SQL Server 2000.

 

cheers…harrybbbb

Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS – did u know I host a technology conference in the New York City area each spring? Save the date for March 6-8, 2009 and watch “voice meet data” in the SMB space!

PPS – my SBS 2008 book will be out in mid-November 2008!

PPPS – my Microsoft Response Point Primer book is here NOW!

Mission Statement for your SMB technology consulting business plan [SMB Consulting Best Practices book excerpt]

Top of the morning to you mates! I am on my first cup of “Jo” out here in Seattle and, as is my custom, posting up a passage from my book SMB Consulting Best Practices for your reading pleasure. This is my Virtual Book Reading for my “book club”

Today is the all important MISSION STATEMENT as part of your planning to be a successfuly SMB technology consultant.

 

cheers…harrybbbb

Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS – did u know I host an annual conference in Seattle each october for SBSers and SMB consultants? This year we help launch SBS 2008 and Essential Business Server (EBS) between October 4-6!

Mission statement

Believe it or not, the mission statement is typically the last part of the business plan to be written, even though it appears first when the business plan is read. Clearly this sounds backwards and perhaps works against some of my assertions in the last section on guiding principles and the like. I’ll try to explain.

It’s easy to sit down and create a slogan such as “Quality is Job #1,” call it a mission statement, and move on. However, the slogan or phrase you initially select in haste is unlikely to be the mission statement with which you’ll end up. As you go through the business planning process, learn about yourself, your services, your market, your competition, and so on, you’re likely to find your original mission statement to be out of alignment with where you find yourself as an SMB consultant. And your mission statement definitely needs to be in alignment with your SMB consulting practice. Otherwise, you’ll not only suffer from an identity crisis, but you’ll also spend an inordinate amount of valuable time sitting around asking and trying to answer the following questions well after the business plan has been created — and likely well beyond when you should be working (and earning money) as an SMB consultant.

The following list of questions represents the appropriate framework for selecting a mission statement that works for you, the SMB consultant, as you launch your professional services practice. While pondering these high-level questions, just be glad you’re not paying $30,000 per year as an MBA student at Harvard to hear the same lecture (my book costing significantly less):

·           Why are we here?

·                       Who are we?

·                       What line of work are we in?

·                       What do we want to be known for?

BEST PRACTICE: Here the old adage “a means to an end” really rings true. It is important to respect the process of asking these high-level questions, but after a reasonable amount of iterations, your mission statement should be acceptable and you should move on. If you find yourself asking these same questions three months, six months, nine months down the road, it suggests your mission statement is irrelevant and your business plan may be less than useful. In other words, sitting around day after day as an SMB consultant asking “Who are we?” is a serious organizational warn­ing sign that things aren’t going well. And that kind of bench time for an SMB consultant isn’t billable!

Here are a half-dozen sample mission statements you might consider for now, subject to refinement as you develop your own SMB consulting business plan.

·           To implement technology solutions that make a positive difference for the clients I serve

·           To use technology solutions to create wealth for my clients and myself

·           To enjoy the trust and respect of my clients

·           To provide excellent technical solutions in our Small Business Server niche while maintaining superior client relations

·           To build a well-respected SMB consulting practice

·           To take pride in my SMB consulting efforts each day, knowing I made the best decisions possible, given the information available at the time

Chapter 3 will help you prepare your mission statement with its 50,000-foot view of the world of consulting and its consulting fundamentals discussion.

Using Exchange Server with SBS 2003 (chapter 6 book excerpt)

Hi friends!

Today we start Chapter 6 in Windows Small Business Server 2003 Best Practices. This chapter discusses Microsoft Exchanger Server 2003 and Microsoft Outlook 2003. Reade up, go forth and multiply!

FYI – in case you are new tothese postings, I amposting up a few pages a day from my purple book until SBS 2008 ships.

cheers…harrybbbbb

Harry Brelsford, MBA, Microsoft Small Business Specialist (SBSC) and heaps of credentials dating back to the early CNE days! 🙂

ceo, smb nation, www.smbnation.com

###

Chapter 6 Messaging with Exchange Server 2003 and Outlook 2003

Take a bow. Why? Because even before you start reading this chapter on Exchange Server 2003 (“Exchange”) and Outlook 2003 (“Outlook”), you really know more about these two messaging applications than you might admit in public. As the first part of the chapter will show, you’ve darn near completed the configuration of Exchange and Outlook just by deploying SBS 2003 over the past several chapters. So accordingly, I start with what you should likely already know up to this point. And after you finish the chapter and work more with Exchange in the real world, you’ll really know these products inside and out from an SBS 2003 viewpoint.

By the way, this chapter isn’t as SPRINGERS-centric as my other chapters are. This is in part because the SPRINGERS storyline doesn’t need a lot of direct interaction with Exchange Server 2003 for proper SBS 2003 network deployment to occur. So bear with me as I provide you a Texas-size buffet of Exchange and Outlook matters you’re like to lasso up in the real world.

What You May Already Know AboutExchange Server 2003!

This section of the chapter should inspire confidence as you’ll likely comment “I already knew that” about certain Exchange matters. Let’s get started.

•           Core SBS component installation. Just prior to the Windows Con­figuration phase outlined in Chapter 3, the setup routine “harvests” the information on the Company Information page (revisit Figure 3-14 in Chapter 3 to see this) for later use in creating Exchange Global Address

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

List (GAL) entries (Figure 6-1). This same company information also populates the properties for an Active Directory user object on the Address tab (Figure 6-2).

Figure 6-1

Viewing a Global Address List entry in SBS 2003.

Notes:

Figure 6-2

Viewing the address information in Active Directory for a user.

BEST PRACTICE: Call it a missed opportunity, but this company information would have been great for creating an Outlook contact record for each user that is added to the SBS 2003 network. Said Outlook contact record could then be used by fellow workers to list your home and cellular telephones, making it possible to reach you with ease! Heck – such an Outlook contact record could be synchronized to your personal digital assistant (PDA), such as a sassy HpCompaq iPAQ, allowing you to find co-workers when you’re out of the office. As it stands today, the company information is used to populate the screens in Figures 6-1 and 6-2, but few of us in the small business arena truly get excited about GALs and AD user objects! This good stuff also could have been (but isn’t) used to create a cool list in Windows SharePoint Server (see Chapter 7 for more).

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

 

•                      SBS application setup information. You will recall, after the Win­dows Configuration reboots at mid-point during the SBS setup phase, you completed a wizard page titled Data Folders (see Figure 3-21) where you redirected the location of the Exchange data (you also had the option to redirect the Exchange logs, but we didn’t). This is an espe­cially cool capability in SBS 2003 because back in the SBS 2000 era, the same screen (see Figure 3-20 in my legacy SBS 2000 Best Practices book) gave you no opportunity to redirect Exchange data and logs. Rather, in the old days, you had to manually redirect Exchange data and logs following the steps in KBase article Q257184. •                      Core SBS application installation phase. Who could forget the 20+ minutes you spent during the SBS installation process when you in­serted Disc 2 and Exchange Server 2003 modified the Active Directory Schema-surely you remember the 1 of 10, 2 of 10, 3 of 10 messages? (You can see this in Figure 3-24 back in Chapter 3). And when Exchange itself was installed at this step, the Company archive public folder and the Company contact object were created inside the Exchange public folders. •                      E-mail and Internet Connection Wizard (EICW). Of course, the EICW greatly affected Exchange Server 2003 when you completed it in Chapter 4. It was there that you elected to use the built-in firewall and allow e-mail services to flow through the firewall (see the Services Configuration page). The firewall-related page that followed, titled Web Services Configuration, allowed you to invoke Outlook Web Access, Outlook Mobile Access, and Outlook via the Internet (in-depth description of each of these sections are available by clicking More Information on that page). Next up, you selected Enable Internet e-mail on the Internet e-mail page. On the E-mail Delivery Method page, you selected Use DNS to route e-mail. The E-mail Retrieval Method page followed that allowed you to elect SMTP-based e-mail (in effect, you turned Exchange “on” for use). You didn’t configure the POP3 Connector for Exchange (a native SBS 2003 tool that I discuss later in the chapter) on this page because it’s not part of

 

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

the SPRINGERS storyline in this book. This was followed by the E-mail Domain Name page where you provided the Internet domain name you wanted to use for your SMTP-based external messaging. (Note that a BIG ASSUMPTION exists here that you’ve worked closely with your ISP to point a Mail Exchange (MX) record in DNS to your SBS 2003 server to successfully deliver the SMTP e-mail. If you haven’t, please contact your ISP immediately.) Finally, something I’ll discuss later is the e-mail attachment removal process that you implemented on the Remove E-mail Attachments page.

BEST PRACTICE: Actually, this is more humor than serious, but after all the details in the bullet points above about Exchange functionality in the EICW, I kinda feel like I’m listening to the patriarchal parent of the bride in the My Big Fat Greek Wedding movie who claims every word has a Greek origin. Here, after the exhaustive EICW play-by-play above, you might start to think every piece of SBS functionality originates in Exchange.

•           Add User Wizard (AUW). Not to be outdone, the AUW holds its own in the Exchange configuration department. Exchange and the AUW are related in the following ways. First, the AUW creates the user object in Active Directory which also creates the Exchange mailbox. The template you select for the user in the AUW would also affect Exchange e-mail functionality. A mobile user would need the Mobile User Tem­plate to remotely access e-mail. The Power User Template provides suf­ficient permissions for the endowed user to create other users with an Exchange mailbox on the system via the Power User Console.

What You May Already Know AboutOutlook 2003

You probably know more about Outlook, including the 2003 version, than you give yourself credit for. Consider the following.

•           Pervasive usage. Perhaps the question to ask here is “Who hasn’t used Outlook?” A show of hands would yield a very small data set. Just

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

about everyone on Planet Earth has in some way or some how used Outlook. In fact, for that reason, a change from my past books is that I’ll not show you how to send an e-mail message, as I’ll assume you already know this basic function.

•           Setup Computer Wizard (SCW). When the AUW spans Setup Com­puter Wizard (SCW), you assign users to the computer for whom Out­look will be available. You also make the decision to install the Outlook application itself. And finally, you may elect to install Active Synch

3.7 which will synchronize Outlook information with your personal digital assistant (which I’ll demonstrate and discuss more later).

Physical security management practices and SBS 2003 (Windows Small Business Server 2003 Book Excerpt)

hi ho  mate! harrybbb here, author of the purple book (Windows Small Business Server 2003 Best Practices) and a fellow Microsoft Small Business Specialist (SBSC). Each day I am posting up some pages from said book for your reading plesure until SBS 2008 ships!

Today we discuss physical security from Chapter 5.

enjoy the read…harrybbbb

Harry Brelsford, ceo at smb nation, www.smbnation.com

###

Physical Security and Management Practices

Just when you thought all security was computer-related in the world of SBS, here comes a paradigm shift wherein we’ll discuss the real, physical world! The reason for broader security discussion is to get you to once again leave the bits behind for a minute and put that business hat back on. As an SBSer, you can’t help but be involved in business matters such as physical security and management practices.

Let’s Get Physical!

After reading this section, walk around your office and see if any of the following don’t ring true or otherwise apply to you:

•                      Is the server physically secure? Or is it placed in the open where a large gorilla (or heck, in this day and age, a guerilla) could swoop it up and ship it to a chop shop. •                      Lock down time. Locking down the disk and disc drives (that’s the floppy and CD/DVD variety) can go along way to preventing the intro­duction of malware. Don’t forget USB ports!

 

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

 

•                      Assuming the server isn’t sitting out in the open and is placed in a room or closet, are the doors to this area locked? Who has the keys? •                      Speaking of key management, how many people have key access to your office space? Any keys still in the hands of disgruntled ex-employees?

 

Management

•                      Is there a written security policy for the use of the SBS 2003 network? Refer to Appendix A for SBS resources, such as the Yahoo! Groups that include posted documents such as security policies. •                      A traditional bookkeeping matter to think about: Are the company’s business checks secure? There’s nothing like an employee with a gam­bling problem writing a check to stall Bruno, the mob enforcer. •                      How do you feel about employee background checks? Remember some of the biggest crooks are the brightest people and have the most engag­ing personalities! •                      Beware of psychological warfare. Kevin Mitznick and Frank Abagnale, two renowned white-collar criminals, used a form of social engineer­ing to talk their way into profitable illegal activities—hacking into com­puter systems and stealing money via check fraud respectively. Mitznick would ring an employee of a company and harvest that person’s user name and password to then penetrate the company’s networks. Abagnale used things like wearing pilot uniforms to earn free flights. Both have written well-received books about their exploits and the power of social engineering.

 

BEST PRACTICE: Perhaps you’ve got a war story about social engineering and psychological warfare yourself that underscores the power of this penetration method and its associated security risks. I’ve got a quick one to share. Traveling home from the WWPC in New Orleans in October 2003, I used my red press pass badge holder (a conference badge holder that hangs around your neck) to

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

carry my passport identification and airline ticket. Once I cleared security, I stopped in a restaurant for a bite to eat. When it came time to pay my bill, I received a 10 percent discount because, with my red badge holder, I was mistaken for being an airport employee (in a secure area nonetheless) and granted the employee discount. I took the 10 percent savings and ran and didn’t further cause mayhem in the secure airport terminal with my newfound identity! The point is that you or I could impersonate someone else and gain access and favors we’re not entitled to. And just try having a firewall service setting block that attack!

Chapter 5: SBS security – setup revisited, automatic updates [book excerpt]

hi everyone – Harrybbbb here, the author of the Windows Small Business Server 2003 Best Practices book and a fellow Microsoft Small Business Specialist (SBSC). Today I am posting up moreof Chapter 5from my purple book.

This chapter is about security and we now discuss SBS setup fundamentals that impact security. Enjoy!

harrybbbbb | Harry Brelsford | CEO at SMB Nation | www.smbnation.com

###

SBS Setup Revisited

Believe it or not, you’ve already taken significant steps so far in making your SBS network secure. For example, you have deployed the SPRINGERS network with two network adapter cards (aka network interface card or NIC) that will create something of a “Great Barrier Reef” (GBR) to create a division between good and evil (Figure 5-1). The GBR will make even more sense in a few more passages when you explore the Routing and Remote Access Service (RRAS) basic firewall capability in SBS 2003.

Notes:

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 5-1

This figure shows at a high-level how two network adapter cards work in conjunction with SBS 2003.

BEST PRACTICE: You’ll recall that the two network adapter cards were suggested during the SBS setup at mid-point via a setup warning message. This was discussed in Chapter 3. And I’m honor bound to comment that while the two network adapter card method is much preferred, remember that the crown jewels are sitting atop the “reef,” to follow my analogy. You have been so advised.

Another task you completed in the SBS 2003 setup phase was naming the internal domain (SPRINGERSLTD.LOCAL). This act laid the foundation for having separate DNS domains and creating separation from the outside world. Read on to the next paragraph to “hear the rest of the story” on this.

You also completed the E-mail and Internet Connection Wizard (EICW) in the prior Chapter (Chapter 4). It was necessary to complete that wizard, which applied many security configurations to SBS 2003, in that particular chapter to maintain “order” in the SPRINGERS methodology. In the EICW, you referred to and configured SBS 2003 to realize and recognize the external domain (SPRINGERSLTD.COM). So between the SBS 2003 setup process and completing the EICW, you effectively created domain separation, which is a good thing. Why? Because you’ve shielded the internal domain from external viewing. But heed this disclaimer: The outsiders can still see the external IP address of the wild side network adapter card on the SBS server machine.

Whether you knew it or not, basic auditing was turned on as part of the SBS setup process so that logons are recorded in the Security log under Event Viewer (this is located under System Tools beneath Computer Management (Local) under Advanced Management). My forthcoming advanced text on SBS 2003 will cover auditing in much more detail.

And finally, you completed the password policies settings, read the security best practices stuff from the To Do List, completed the remote access configurations (which inherently have security in mind), and so on. So you’re not new to security in SBS.

Updates!

With SBS 2003, as soon as you’re connected to the Internet, you need to RUN, NOT WALK to implement the very latest patches. This will make your machine “fit” for service, and should be done given the speed in which gremlins travel on the Internet. As elegantly pointed out by Microsoft CEO Steve Ballmer at the SBS 2003 launch at the WWPC, the time between identification of vulnerability and acts that exploit said vulnerability has been dramatically compressed. Waiting only minutes prior to implementing the latest patches clearly exposes your “naked” SBS 2003 server machine to worms and other bad stuff. And if your SBS server machine is located in New Delhi, India, be sure to immediately secure it physically so it’s not attacked and stolen by monkeys! (An almost-true story here as told to yours truly).

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Automatic Updates!

Because this is such an easy step, it’s easy to overlook. In fact, overlooking this task is one of Microsoft’s great fears and was the subject of extensive media coverage in the fall of 2003. Why? Because Microsoft, as displayed by Ballmer in his WWPC keynote address, has typically released a patch to correct a vulnerability before someone exploits that vulnerability (e.g., Microsoft released its SQL Server Slammer patch before the worm was released in the wild). But the problem is that folks don’t take the time update their computers. So while the patch existed, in many cases it hadn’t been applied. That certainly reflected some “dark days” in the world of network administration and exposed some of us to be less than competent at our SBSer job.

This specific issue about getting folks to update their system has spawned significant debate in the technology community and media. One side believes that Microsoft should automatically update your system as its default, out of the box configuration. Others are concerned about the privacy issues involved in allowing Microsoft to collect machine configuration information (so it can decide what to apply!). You are encouraged to follow popular journals such as CRN (www.crn.com) to monitor this technical/social/political debate.

Note that you will remember in Chapter 4 the automatic update function started to run at the conclusion of the E-mail and Internet Connection Wizard (EICW). However, I elected to defer the in-depth updating discussion until this chapter to make it “fit” the security discussion.

You might be amazed at how easy it is to actually update your SBS 2003 system with the latest patches. Follow these steps.

1                    Log on to your SBS 2003 server machine (e.g., SPRINGERS1) as Administrator (which in the case of SPRINGERS would use the password Husky9999!). 2                    Click Start, All Programs, Windows Update. 3                    Click Next at the Automatic Updates Setup Wizard page where you are welcomed.

 

BEST PRACTICE: Perhaps the socio-political discussion earlier in this section hit home with you. On the Automatic Updates Setup Wizard page, there are links that allow you to learn how automatic updates

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

impact your licensing agreement and how Microsoft’s privacy policy affects you when Automatic Update is run.

4.         The Notification Settings page (Figure 5-2) allows you to configure the Automatic Update settings. This relates to the degree in which you want the update function to be automatic. For example, are you interested in having the updates automatically updated and applied? Probably not, as I’ll explain in the next Best Practice. The default selection regarding downloading updates automatically and notify­ing you is the preferred method (this is advisory mode).

Figure 5-2

For SPRINGERS, please make your screen look similar to this figure.

BEST PRACTICE: Civil liberties and privacy concerns aside, you want some control over how your updates are applied and the automatic deployment of updates is typically frowned upon. Why? Because you may well want to test the updates on a sample network (e.g., SPRINGERS with a live Internet connection on a test server) before applying the updates to a real production machine. Once in a blue

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

moon, a patch will fix one thing and break two (that statement isn’t to fault Microsoft, but rather speak the truth and appreciate the complexities of software interaction).

So test and verify whenever possible before deploying patches on a production server machine!

5.         Click Finish on the Completing the Automatic Updates Setup Wiz­ard page. Note there is no link titled “here” to save this as part of your SBS 2003 network notebook, because this isn’t a native SBS 2003 Wizard.

6.         An Internet Explorer Web browser will launch and connect to Microsoft’s automatic update site (http://v4.windowsupdate.micro­soft.com/en/default.asp). Note in the case of your imaginary imple­mentation of SPRINGERS, it may well be that you aren’t truly connected to the Internet. But in the “real world” you likely would be connected to the Internet and could complete this task as expected.

7.         Approve the request from Microsoft to download a component called “Windows Update” to analyze your machine by clicking Yes. It is this process that will assess what patches are missing and need to be applied. Oh, and you may select the checkbox to Always trust con­tent from Microsoft Corporation.

8.         On the Welcome to Windows Update page that appears, click Scan for updates.

9.         A screen of suggested updates will be displayed next (titled Pick updates to install). Click Review and install updates.

10.       The actual updates to approve and install are shown in Figure 5-3 on the Total Selected Updates screen. You may remove updates at this point that you do not care to install. Because this book, being written in the fall of 2003, is only as current as the day on which I wrote it, I can’t even hope to recreate a figure that displays the update you’re likely to see at a future date. Bear with me. Assuming the suggested updates are acceptable, click Install Now.

 

Notes:

Figure 5-3

Carefully review each update before proceeding. If in doubt, remove the update and reconsider it at a future time (don’t wait too long though, but be careful nonetheless).

Notes:

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

11.       You will likely need to approve a license agreement for one or more of the updates being applied. Such an agreement might look like Fig­ure 5-4. Click Accept.

Figure 5-4

Accept any necessary license agreements so that you can proceed.

Notes:

 

12.       A component progress dialog box will be displayed similar to Figure 5-5.

13.       You will arrive at the Installation Complete page seen in Figure 5­6 and you will likely be asked for a reboot at this stage. This is nor­mal; see my further discussion under patch management.

 

Figure 5-5

You can monitor the status of the updates being applied.

Notes:

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 5-6

Success followed by a reboot.

BEST PRACTICE: Don’t forget to run Automatic Update on all of your workstations. These individual workstations on the SBS network need to stay-ship shape as well!

BEST PRACTICE: Sometimes you’ll have a configuration that is slightly different from what Automatic Update expects to see and what it can report. For example, perhaps Automatic Update isn’t the best way to keep your legacy NetMeeting application patched because it doesn’t necessarily know about, care about, and have the smarts to deal with that application. So some updates are applied manually by visiting the Microsoft security Web site at http://www.microsoft.com/security.

Of course the above paragraph only begs the question: HOW

WOULD YOU KNOW TO GO TO THAT SITE AND CHECK FOR

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

MANUAL UPDATES? Calm down! You can subscribe to my SBS newsletter wherein I’ll announce such updates and you can subscribe to the Microsoft security bulletins at the aforementioned site to receive similar notices. See the resources section near the end of this chapter for more information.

SBS guest column and end of chapter 3 [book excerpt]

hi – my name is harry brelsford and I am the author of the purple book (Windows Small Business Server 2003 Best PRactices). I am posting up a few pages of this SBS book per day unitl SBS 2008 ships. My laptop battery islow as I am working at the Denver airport about to board my flight to Houston for the Microsoft Worldwide PArtner Conference (WPC).

Today we complete Chapter 3 with a guest column from my main man Frank Ohlhorst!

cheers….harrybbbb

Harry Brelsford, CEO at SMB Nation www.smbnation.com

###

Guest Column

Another Take On Internet Connectivity

By Frank J. Ohlhorst

With broadband connectivity becoming commonplace for most any small business, consultants will need to carefully consider the implications of high speed internet access for their customers. SBS2003 does a great deal to leverage those broadband connections ranging from the ability to share the connection with client PCs to hosting web based services to incorporating remote access. But consultants will find that there are some limiting factors when it comes to today’s broadband connections.

The first problem encountered often revolves around the lack of a static IP address assigned from the broadband purveyor. Most cable companies and a good portion of DSL providers supply a dynamic IP address for the broadband connection device (DSL Modem or Cable Modem), that prevents a friendly URL from being assigned to the SBS2003 network in question. In other words, consultants can not offer their customers the ease of using “mysbs2003­network.com” as a solution for connecting to the customer’s network. Simply put, dynamically assigned external IP addresses have the net effect of eliminating many of the advantages offered by SBS2003 for remote users. Luckily, consultants can turn to a Dynamic DNS service to solve that connectivity problem.

Dynamic DNS services are available from several vendors, with key players being Tzolkien’s TZO service (www.tzo.com), Dynamic DNS Network Services’ DynDNS (www.dyndns.org), No-IP.com’s No-IP service (www.no-ip.com), and Deerfield’s DNS2go service (www.dns2go.com). All of those vendors share a common concept and functionality, the service works by running a small client application on the SBS2003 server, which is then used to inform the Dynamic DNS provider with the public IP address of the network. That information is then used to associated a URL with the public IP address and is updated

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

whenever the IP address is dynamically changed and viola, the site now has a valid URL.

Simplicity is the key for keeping Dynamic DNS working, most of the services on the market rely on a small client application that can be quickly installed and configured, that client application should also be configured to run as a service and auto launch on startup. Some further configuration is often needed, for sites running a firewall or ISA server, it may be necessary to open some ports to allow the Dynamic DNS service to work.

Another option is to not use a Dynamic DNS client at all, how is that possible? Many of the broadband routers coming onto the market are now building Dynamic DNS clients in. Key players there include Linksys, D-link, SMC, Buffalo, Zyxel and several others. That offers the advantage of moving the client software off of any servers or PCs and eliminates the need for opening additional ports, also it brings the advantage of being able to remotely administer the router if desired.

Once the URL dilemma is solved, there may be some other issues to contend with, namely blocked ports. Many ISPs are now blocking incoming and outgoing TCP/IP ports, effectively eliminating the ability for broadband users to host websites, host email servers and the like. That becomes a significant problem for those looking to leverage those very features found in SBS2003.

The solution to that problem can also be found with the Dynamic DNS service providers, some of which support port redirection or forwarding. Simply put, if an ISP blocks port 80 (HTTP web traffic), simply redirect that traffic to another port, say port 81. That feat is accomplished by the dynamic DNS service provider capturing port 80 traffic at their site and redirecting it to a port of your choice.

Port redirection does require some integration work, namely modifying applications to listen for traffic on different ports than normal, for example you would have to “instruct” IIS to look for traffic on port 81, instead of the default of port 80. For those using broadband routers, that whole process can be simplified if the router supports port redirection, then the router can be instructed to listen for traffic on port 81 and then redirect that traffic to port 80 on the server’s internal IP address. The same goes for Email, FTP and other services.

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

The moral of the story here is not to let an ISP’s restrictions or lack of features prevent consultants from providing customers with all of the features SBS2003 has to offer. By using a Dynamic DNS service, the two major problems associated with broadband are easily overcome, blocked ports and dynamic IP addresses are no longer a brick wall for leveraging key features of SBS2003, such as remote access, email and hosting.

Summary

Whew! You’ve made it through four demanding chapters and your reward is a functional and operational SBS 2003 network. In this chapter, you greeted the Server Management console and completed much of the To Do List. This included important wizards to connect to the Internet, configure remote connectivity and adding users and computers. This “stuff” was foundation and allows you to confidentially continue forward with the SPRINGERS methodology. And most important of all, you started to completed the To Do List in order, something that is very important in the SBS world. I started earlier by offering you congratulations and I end on the same note. The next chapter is the all-important security topic!

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft

Configure Fax, Monitoring and Backup in SBS 2003 [book excerpt]

Happy 4th of July! Iam harry brelsford, the author of Windows Small Business Server 2003 Best Practices and a Microsoft Small Business Specialist (SBSC). I am posting up a few pages from this*purple book* each day until SBS 2008 ships!

Today we wrap up some of the SBS Management Console\To DoList items. Whew!

cheers…harrybbbbb

Harry Brelsford, ceo at smb nationm www.smbnation.com

###

Configure Fax

This selection will launch the wizard for Fax Configuration Wizard. Over the course of several steps you will complete in Chapter 9, you will configure the Shared Fax Service to benefit SPRINGERS.

Configure Monitoring

The Monitoring Configuration Wizard is launched from this link on the To Do List. This will implement the awesome monitoring capability in SBS 2003 and will be discussed in detail in Chapter 12.

Configure Backup

The Backup Configuration Wizard is launched from this link and commences the configuration of the massively improved backup process. More on this in the SBS administration chapter later in the book.

BEST PRACTICE: Because the last two To Do List items have only been discussed and not completed here, be sure you do not select the Done checkbox for these items. That wouldn’t make sense as you’ve not completed the tasks. Later, once the relevant work is completed, you’ll mark these tasks as done.

BEST PRACTICE: You can print out the To Do List which makes for a nice checklist to work with as you run around as an SBSer.  Simply click the Print button in the lower right.

SBS Workstation Setup Procedure [Windows Small Business Server2003 bookexcerpt]

Happy July 3rd everyone – I am harry brelsford, author of Windows Small Business Server 2003 Best Practices and I enjoy posting a few pages of my book per day for your reading pleasure. I hope to have the entire book posted up by the time SBS 2008 ships!

Today we look at the keystrokes to add a workstation to the SBS 2003 network!

cheers and Happy 4th of July!

harry brelsford, ceo at smb nation, www.smbnation.com (I am also a Microsoft Small Business Specialist! aka SBSC)

###

SBS Workstation Setup Process

The SBS workstation setup approach is a four-step process, and compared to the SBS server machine installation, it is relatively simple. Another interesting point is that, whereas you perform the SBS server machine setup only once, you perform the SBS workstation setup multiple times. I’ve found that such repetition breeds familiarity; your comfort level increases with this process.

Of the four steps, the first two (running the Add User Wizard and then the Set Up Computer Wizard) are performed on the SBS server machine via the To Do List. The last two steps are performed on the SBS workstation. Run the setup program over the wire via a Web browser and install the client applications. This process is detailed in Figure 4-21.

A quick SBS 2003-specific comment for you: If you have worked with SBS in the past, say SBS 4.5, you will be very pleased to see that SBS 2003 has greatly simplified the add user and computer processes. This was accomplished in part by adding the bulk entry capability, using user account templates, and eliminating the “magic” setup diskette. All this and more will be displayed and discussed in a moment.

Figure 4-21

SBS Workstation setup process.

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

The step-by-step process for adding users and client computers commences right here, right now!

1                    Again, assuming you’re logged on as the Administrator at the server machine SPRINGERS1, you will click the Add Users and Com­puters link from the To Do List. 2                    Click Next at the Welcome to the Add User Wizard. 3                    On the Template Selection screen, pick Power User Template, as

 

seen in Figure 4-22 and click Next. Figure 4-22

There are several templates to select from, including the new Mobile User Template.

BEST PRACTICE: There is an interesting design feature in the bulk add capability that relates to the Template Selection screen in Figure 4-22 above. If you look closely, the language clearly states that the selected template will be applied to all users. Furthermore, each user inherits the templates settings (as you would expect). But, we’ve got a slight problem if you were lead to believe that, using the bulk addition capability, we could add all of the SPRINGERS

users all at once. Such is not the case, because if you revisit the User List in Chapter 2, you see that two users are “power users” and the rest of the users are “users.” This translates into the following: You will need to run the Add User Wizard twice in the SPRINGERS methodology in order to add users that fall into two template categories.

Oh – and fear not that I’m ignoring the Mobile User Template. I elevate a user’s template-based permissions to that level in Chapter 11 using a cool new role transfer wizard.

BEST PRACTICE: You may look at the specific properties for each of these user templates to answer any questions you have. Such questions are often focused on exactly what settings are being invoked by selecting one template as compared to another template. However, viewing these properties can only be done when running the Add User Wizard in single-user mode (not bulk-add mode, which is the default from the To Do List). So you would click the User object under Standard Management in the Server Management console followed by a click on Add a User. Then select Display selected template’s default settings in the wizard checkbox on the Template Selection screen. You should do this while adding at least one of your users, so you better understand the background process that is occurring.

Interestingly, you can create your own user templates for use in SBS. This would make sense where you want to model a particular group of users around an application or function. For example, you might want to give users in the bookkeeping department access to the shared folder containing the data. This is done by selecting the Add Template button on the Template Selection screen (this button appears in the Add User Wizard in both single user and bulk add mode). The Add Template Wizard will commence. To learn more about adding a template and even importing and exporting templates between SBS server networks (e.g., multiple SBS customer sites),

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

click User Templates under Standard Management on the Server Management console.

Finally, just when you’d have enough template talk, I draw your attention to the fact that you are not required to use a template at all when running the Add User Wizard in single-user mode (select Do not use a template to define user settings on the Template Selection screen). When running the Add User Wizard in bulk-add mode, you must select a template (there is no option for bypassing template usage).

1                    On the User Information screen, select Add. Complete the Specify the user information dialog box that appears in Figure 4-23. Click OK. 2                    Click Add again on the User Information screen and complete the Specify the user information dialog box for Bob Easter in a manner similar to the above step. Click OK when complete.

 

Figure 4-23

Adding the first power user, Norm Hasborn.

 

1                    Click Next after you’ve completed the entry of the two power users on the User Information page. 2                    Select Set up computers now on the Set Up Client Computers page. Click Next. 3                    Add the computer names PRESIDENT and CAREFEED01 by typ­ing one name at a time in the Client computer name field on the Client Computer Names page and clicking Add. Click Next. 4                    Accept the default selection of all client applications being selected on the Client Applications page. Select the After Client Setup is finished, log off the client computer checkbox as shown in Figure 4-24. Click Next.

 

Figure 4-24

Accepting all of the settings on the Client Applications page.

10.       Click Next on the Mobile Client and Offline Use page. Although this functionality isn’t part of the SPRINGERS methodology, you might consider these capabilities in the real world (functionality described under More Information). Click Next.

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

11.       On the Completing the Add User Wizard page, be sure to click the here link and name the configuration page Add Users1.htm as part of your network notebook exercise. Click Finish.

BEST PRACTICE: Speaking of documenting the SBS 2003 network, there are a two other logs you would want to know about right now. These are located in \%System Drive%\Program Files\Microsoft Windows Small Business Server\Support\

*add_user_wizard.log. This log documents how users were added to the SBS 2003 network.

* scw.log. This log documents how client computers where configured for the SBS 2003 network.

A more technical log, SBSClientApps.log, can be viewed at \%System Drive%\Program Files\Microsoft Windows Small Business Server\Tools\. This log reports on internal application execution milestones.

Notes:

12. CAREFULLY read the Finishing Your Installation dialog box and

click OK. This is shown in Figure 4-25. Figure 4-25

A dialog box that hints at a next step you will perform on a client computer.

BEST PRACTICE: When you read the dialog box in the step above, you’ll note that you’re not being asked to actually go to the URL of http://SPRINGERS1/ConnectComputer at this time. Rather, the dialog box is telling you to go to a client computer and perform this action. I’ve seen people read this information far too rapidly and launch Internet Explorer on the SBS server machine and type in the URL to connect the computer. This happened repeatedly in the SBS 2003 hands-on lab tour in the US in the fall of 2003. You can not successfully run the connect computer command on the server machine, because the server is already connected to the network.

13. Click Close. Now repeat the above steps to add the remaining SPRINGERS users (listed in Chapter 2 in the User List) in one more pass using the User Template (this is the common template for all of these users). You will answer Yes when asked if you want to run the Add User Wizard again to add more users. Figure 4-26 displays the User Information screen you should have as part of this process.

Notes:

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 4-26

Now you can really see the “bulk-add” capabilities in the Add User Wizard with all of these names displayed!

BEST PRACTICE: Note an interesting tidbit as you add all of the users for SPRINGERS. When you get to the Client Computer Names screen, there will be many client computers listed that have already been auto-named for you. This is typically the user name followed by “01” (e.g., BarryM01). Of course, this isn’t what we intend for the workstation naming with SPRINGERS (the User List in Chapter 2 provides that names), so you will use the Remove button to remove those names and then add the proper client computer names (SPRINGERS names computers by job function and then places 01 at the end).

So, let’s finish discussing the To Do List and then proceed to attach the client machine to the SBS network.