Differences in SBS 2003 License Types [Advanced Small Business Server 2003 Best Practices book]

Hiya folks – Harryb here – the publisher of the Advanced Windows Small Business Server 2008 text. Today we’re holding a virtual book reading by posting up a passage on SBS 2003 licensing – what are the differences?!?!?

What Are the Differences Between Types of Licenses?

As promised earlier, here are the differences between Open, Retail/FPP, and Software Assurance licenses, according to Microsoft’s SBS Web site.

Licensing Requirements

An Open New License (NL) license requires:

• Purchase through a volume license reseller.
• A minimum initial order of five licenses. One SBS 2003 license meets this qualification because five CALs are included.

A Retail/FPP license requires:

• Purchase through a brick and mortar or online retailer.
• No minimum purchase.

A Software Assurance license requires:

• Enrollment in the Microsoft software assurance program.

Licensing Benefits

Benefits of an Open NL license include:

• Savings over an FPP license.
• Capability to track your licenses using the eOpen website instead of having to manage them as paper licenses.

Benefits of a Retail/FPP license include:

• Fully legal and licensed software that requires no qualifications to purchase.

Benefits of Software Assurance include:

• New version rights. You can get the latest versions of software as they are released, without waiting for special budget approvals and at no additional cost.
• eLearning. Online training offers you convenience and flexibility. Su­san Bradley reports the eLearning is only for Office and not the server- side components.

3-40	y SECTIONBrelsford1 1 MBSBS 2003Consuting BestDeploymentPrac
	Next Steps?
	Licensing, like security, is never ending and constantly evolving. So while this chapter was written at a fixed point in time, it will age and you’ll need to continue to educate yourself on licensing matters. Here are some suggested next steps. Read Microsoft SBS Licensing FAQs. Even though the current (as of January 2005) FAQs were explored in this chapter, you can bet that site will be updated continuously. So please take a moment to visit http:// www.microsoft.com/WindowsServer2003/sbs/techinfo/overview/ licensingfaq.mspx. Bookmark Eric Ligman’s Small Biz site for the page that specifically provides licensing resources at http://www.mssmallbiz.com/Lists/ Licensing%20ResourcesTraining/AllItems.aspx. Attend Microsoft TS2 events. This is Microsoft’s channel-facing semi­nar series outreach that you can attend quarterly. Visit www.msts2.com. Attend SMB Nation events (annual, workshops). SMB Nation presents a third-party view of Microsoft matters. Stay current at www.smbnation.com.

 

• And don’t forget to visit Microsoft’s licensing site or call the licensing hotline telephone number: http://www.microsoft.com/licensing/ default.mspx and 1-800-426-9400 (option 4).

Notes:

☛ CHAPTER So You 3 Want SBS to Be 2003 an SMB Licensing Con	3-41
Align yourself with independent licensing experts and distributors. Softwareone.com is shown in Figure 3-10. Pray that Microsoft never implements other technology licensing pro‑ grams like Computer Associates “power points” licensing for its UniCenter product. Here licensing is based on the processor power inside the computer. Figure 3-10 Softwareone.com is SBS friendly.

3-42	y SECTIONBrelsford1 ☛ MBSBS 2003Consuting BestDeploymentPrac
	Summary Whew! I’ve had enough. Licensing is certainly one of those topics that could be an entire book and often is. Just visit your local law library and look in the intellectual property study section! This chapter presented SBS 2003-related licensing topics from a case study, FAQ, and detailed factoid framework. Let’s move on to Chapter 4 and discuss advanced setup and deployment matters.

 

cheers….harrybbbb

Harry Brelsford, CEO at SMB Nation

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)

PS – my Small Business Server 2008 (SBS 2008) book is now here! J

PPS – my spring show, SMB Nation Spring 2009, is in the NYC-area on May 1-3, 2009.

SBS 2003 Hardware Summry [Advanced Windows Small Business Server 2003 Best Practices book excerpt]

Howdy folks – Harrybbbb here -co- author ad publisher for the Advanced Windows Small Business Server 2003 Best Practices book. I like to hold vitual book readings and we are now at the end of Chapter 2 on hardware.

Summary

Though it might be tempting to leave hardware “strictly up to the experts” at any number of system integrator or original equipment manufacturers from whom you buy, there’s real value in learning about today’s technologies, platforms, and architectures. After all, if we all followed the now-outdated recommended hardware list for SBS 2003, we’d be searching in vain for 500 MHz processors and building handicapped $300 servers. To put hardware in a more real-world context allows us to anticipate the performance we’ll need for any given application, and to make decisions based on our customers’ projected growth, desired budget, and available resources.

As you work, not only will you find that a more complete knowledge of hardware helps in configuring effective servers and workstations—it also helps turn that inward-facing expertise into the outward-facing ability to right-size an SBS installation and sell hardware effectively. Both right-sizing and selling are managed manifestations of your inner-geekdom, polished to a salesman’s shine and made as user-friendly as possible.

It’s easy to tell when someone doesn’t understand much about hardware. They’ll often oversell to compensate, erring on the side of too much power…and spending too much money in the process. That’s where you come in, trained in the ways of servers and ready to build the right one for each application, from 5-person offices to 50-employee businesses. Between reading up on the hardware scene, learning how to right-size, and selling effectively, you are now better prepared to approach some of the other advanced SBS 2003 topics.

cheers….harrybbbb

Harry Brelsford, CEO at SMB Nation

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)

PS – my Small Business Server 2008 (SBS 2008) book is now here! J

Selling SBS 2003 Hardware [Advanced SBS 2003 Best Practices book excerpt]

Hiya folks – I am the co-author and the publisher of the Advanced Windows Small Business Server 2003 Best Practices book and I like to hold virtual book readings! So here u go. I am also delighted to announce that our SBS 2008 book is now HERE!

Selling SBS Hardware

Let’s stick with the car salesman analogy for a minute while we talk about how to sell your customer on the hardware needed for their deployment. Say that you know all there is to know about Audi’s 2000 S4 and you’re trying to sell a lease return. Each customer that looks at the vehicle remarks about its attractive body, its luxurious yet unpretentious styling, and the beautiful interior. “That’s not all,” you say. “Take a look under the hood. Here you see two turbochargers that augment the 2.7L engine to 250 horsepower. If you replace the stock programming with an aftermarket chip to increase the boost pressure, you can hit 320 horsepower easily. Just replace these diverter valves, add more robust piping here to make it more reliable, and swap out the standard Audi hose over there. This thing’s a beast. Pushing 20 lbs of boost, you’ll fly by every Mustang GT and will look good doing it, too.”

2-36	y SECTIONBrelsford1 ☛ SBS 2003Consuting BestDeploymentPrac
	While it’s obvious that you know your Audi in this scenario, your customer didn’t and is now overwhelmed by all of the noise you’ve fed into what could have been an informational dialogue leading to the sale of a great car. Similarly with hardware, if you start gushing about how the Opteron’s point-to-point bus gives it better scalability characteristics than Xeon, or about the benefits of dual-channel memory controllers, you’ll quickly move into the arena of techno­babble instead of technology-oriented sales. Keep in mind that the presentation itself is completely different from the process of understanding today’s hardware landscape or of right-sizing. By this point you’ve done your homework, learning what each piece of server hardware does and how it interacts with other components. You’ve “right-sized,” determining just how much server is needed to deliver acceptable SBS performance, and you’ve compiled a list of components, including the server, a backup solution, software, and a maintenance plan, using your knowledge of hardware and an understanding of the customer’s needs. Now it’s time to explain the package in a way that the customer can easily understand. For example, suppose a small business with five client computers wants to use an SBS server to organize collaborative projects between graphic artists, handle e-mail, and do some file sharing. They’re hoping $1,500 will be enough for hardware, so you determine that a 2.6 GHz Pentium 4 machine with dual 120 GB Serial ATA hard drives in a RAID 1 configuration would offer a respectable balance between performance, data security, and price. Add in a pair of external hard drives plus backup software, and SBS 2003. You’re probably coming in a little high on price, but at least you can suggest areas to cut back if it’s absolutely necessary. In essence, you just synthesized your knowledge of hardware into a marketable package—something that small and medium businesses want and need. You propose the “right-sized” SBS 2003 package to your customer, extolling the benefits of Intel’s Pentium 4 not for its peppy 800 MHz front side bus Hyper- Threading Technology, but because it’s fast and it won’t cost them much money at all. The storage subsystem is easy for you to configure; that doesn’t matter to the customer, though. A RAID 1 array ensures the safety of your customer’s data in the event of a drive failure, and the capacity guarantees enough storage space for years to come. The two external hard drives are easy to use as backup
	Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

CHAPTER Chaper 2 1 ☛ So Understanding You Want to Hardwre Be an in SMB the SBS Consultant?!?! Environment

devices and, rotated properly, ensure true data redundancy. You don’t even need to mention the performance of USB 2.0 or your opinion of hard drives versus tape drives. Simply present the package and explain its benefits as they pertain to the customer.

 

cheers….harrybbbb

Harry Brelsford, CEO at SMB Nation (www.smbnation.com)

MBA, MCSE, CNE, CLSE, CNP, MCP, MCT, SBSC (Microsoft Small Business Specialist)

PS – my Small Business Server 2008 (SBS 2008) book is now here!

Advanced Mobility Topics in SBS 2003

Happy late August Monday to y’all!
I am the author of Windows Small Business Server 2003 Best Practices and each day, out of the kindness of my heart (not!?!?) I post up a few pages of my book for you to read. I will do this until SBS 2008 ships this fall.
Today we explore advanced mobility topics at the end of Chapter 8.
cheers…harrybbbb
Harry Brlesford | ceo at SMB Nation | http://www.smbnation.com
Microsoft Small Business Specialist, SBSC, MBA, CNE, MCSE, MCT, CLSE, CNP, and MPC
ps – I host an annual SBS and SBSC conference in Seattle each October – this year we celebrate SBS 2008 – see u there?

Advanced Topics

How ‘bout an advanced bushel of “quick hitters” on mobility and remote connectivity before we move on to the next chapter? Cool!

•           VPN and Terminal Services expectation management. Something I spend tons of time on in my SMB Consulting Best Practices book relates to VPN versus Terminal Services. An SBS customer will hear the VPN buzz word and ask you to come out to their house and set it up so that she can VPN into to SBS network back at the office. Upon completing your

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

 

8-58   Section 2 ☛ Extending SBS 2003     duties, she is disappointed that “nothing changed” and the only evidence is a dancing green computer in the lower right. Turns out many custom­ers really want to use Terminal Services with its coolness of having a remote session, but they didn’t know to ask for it.   • HTTP compression is enabled by default. One of the buzz words floating around building 43 in Redmond, where the Microsoft SBS development and marketing teams are housed, is HTTP Compression. HTTP compression speeds up OWA and is turned on by default in SBS 2003. To see for yourself, expand Advanced Management in the Server Management console. Expand SPRINGERSLTD (Exchange), Serv­ers, SPRINGERS1, HTTP. Right-click on Exchange Virtual Server and select Properties. Select the Settings tab. Observe that Compres­sion is set to High.   • Shared Modem Service removed. I mentioned it earlier in the book

and it’s true. The Shared Modem Service, which facilitated outbound remote connectivity (such as dialing up a bulleting board system), can not be natively accomplished in SBS 2003. But leave it to Burl, the SBS consultant who works for me, to find a couple of third-party modem-sharing solutions: Spartacom (www.spartacom.com/products/ modemshare.htm) and DialOut/Server (www.pcmicro.com/ dialoutserver/).

BEST PRACTICE: So you’re thinking about pulling a fast one, eh? Not so fast, pardner. When you upgrade from SBS 2000 to SBS 2003, you lose the Shared Modem Service. So the old upgrade switch-a-roo won’t work, buddy boy. Sorry.

•           KBase article 821438. As of this writing, you should put this on your SBS 2003 radar screen for RWW. This article, titled “FIX: Antivirus Programs May Cause Some Web Applications to Restart Unexpect­edly,” relates to SBS 2003 in that RWW might be affected by this (your antivirus program could impact RWW).

 

•                      License Ticks. This is an interesting question from SBS 2003 hands-on labs students, in nearly every town, related to RWW and licensing. Basically some folks were looking for a way to purchase few client access licenses (CALs) and have many folks log on remotely (essen­tially for free). The answer I received from a Microsoft product man­ager was “No and no!” The Windows authentication process during the RWW logon “ticks” against the SBS CAL count. You gotta pay full freight for the remote users. •                      Third-party. Third-party mobile worker/remote connectivity solutions you could be aware of include Symantec’s infamous PCAnywhere (ver­sion 11, $199.95). A popular grassroots solution is VNC (www.realvnc.com) shareware that relies on contributions, t-shirt sales, and mouse pad sales). Take a look at GoToMy PC, which was acquired by Citrix in late December 2003 (see the CRN article at http://www.crn.com/ sections/BreakingNews/breakingnews.asp?ArticleID=46811). Also consider learning more about NetSupport 8.1 as a remote management tool (www.mcpmag.com/reviews/products/article.asp?Edit­orialsID=458). See Frank Ohlhorst’s column in a moment.

 

Next Steps

You guessed it. Forward to dig deeper into the remote connectivity area. There are entire books on remote connectivity, VPN, and the like. A quick search at Amazon revealed several capable books on VPN computing, such as Stephen Northcutt’s Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems (Que, ISBN: 0735712328).

SMB Nation 2008 Completely Sold Out(?) and SBS 2008\EBS 2008 Launch Party!

PRESS RELEASE

 

SMB Nation 2008 Fall Conference to Hold Launch Party: Small Business Server 2008 and Essential Business Server 2008.

 

MarketPlace Expo SOLD OUT!

 

Seattle, WA – August 22, 2008 – Boasting a completely sold out tradeshow hall and host hotel, SMB Nation 2008 will hold a Small Business Server 2008 (SBS) and Essential Business Server (EBS) LAUNCH PARTY on the Saturday night of its October 4-6, 2008 annual conference in Seattle. A 58’ Hatteras yacht will be christened the M.V. SBS 2008 on the pier at the party.

 

“With the SBS 2008 release-to-manufacturing (RTM) yesterday, we are thrilled to be timed perfectly for the SBS 2008 and EBS 2008 products debut and look forward to toasting its great success,” said Harry Brelsford, founder and CEO of the 20,000 member SMB Nation. “Our conference is uniquely positioned to motivate and educate the small and medium business (SMB) technology consultant, channel partner and computer guy and gal!”

 

SMB Nation 2008 appears to be outperforming similar technology events with the complete sellout of the MarketPlace Expo tradeshow hall and with attendance figures ahead of last year. “We believe the 600+ attendees will be treated to a unique educational experience and BE THERE for the start for the next generation of SBS and the first release of EBS!” Brelsford added. Over three busy days and nights, attendees will select from three (3) academic tracks including BusinessSpeak, GeekSpeak and “How To” that provide bona fide content without “being sold to.” SMB Nation 2008 has even added a “Speakers Behaving Badly” hotline where attendees can report any speaker from the 40+ content sessions that make commercial statements to insure the most pure attendee experience possible. “We want to avoid the wolf in sheep clothing phenomena,” emphasized Brelsford.

 

Sponsors and attendees will meet in the spacious Bell Harbor Conference Center. “At a time when similar technology shows are behind plan, we are ahead of plan” said Brelsford. “We believe this underscores the strength of the SMB segment and the optimism our sponsors have about the SBS 2008 and EBS 2008 opportunity.” Intel and Trend Micro are the platinum sponsors leading the event followed by HP and Microsoft. Gold sponsors include Autotask, CMIT  Solutions, Aastra, SonicWall and Labtech. Silver sponsors include D&H, The Planet, Connectwise, Citrix, N-able, Reflexion, Tigerpaw Software, Nero, 19Marketplace, Symantec, StorageCraft, Acronis, Calyptix, MaxSP, Doyenz, EMC Retrospect, Quanta\Syspine, Zenith Infotech, Linked In, Backup Assist,  CRU DataPort and WatchGuard. Bronze sponsors include Netgear, Untangle, CTL Computers, Level Platforms (LPI), MSP Partners, Linksys by Cisco, Comcast, Diskeeper, Expetec, New Global Telecom (NGT), Pronto Marketing, eFolder, CoreConnex, Highly Reliable Systems, SMB Books & Results Software, Technology Marketing Toolkit, Napera Networks, Independent Computer Consultants Association (ICCA) and Integrated mar.com. 

 

Attendees can expect a high-quality conference with content that has been rigorously scrutinized by esteemed industry conference chairs (Dana Epp, Mikael Nystrom, Curt Hicks and Joe Moore). That has resulted in outstanding speaker selections such as Jeff Middleton, Susan Bradley, Ramon Ray and Amy Babinchak and popular topics such as How to Sell Your SBS\SMB Consulting Practice and Security in SBS 2008.

 

“So the last question is this. Where will you be October 4-6, 2008?” concluded Brelsford. Attendees can learn more and register at www.smbnation.com.

 

About SMB Nation

Founded ten years ago by Small Business Server author Harry Brelsford, Bainbridge Island, Washington-based SMB Nation supports small and medium business technology consultants to improve their business and technical skills with publications (books, SMB PC magazine) and events (SMB Nation conferences and workshops). SMB Nation boasts worldwide tribal membership in 30+ countries exceeding 20,000 consultants, resellers, VARs\VAPs and channel partners. Harry Brelsford is a Microsoft Small Business Specialist (SBSC) and holds an MBA from the University of Denver in addition to MCSE, MCT, MCP, CNE, CLSE and CNP certifications.

 

Contact:

Harry Brelsford

CEO, SMB Nation

206-915-3072

harryb@smbnation.com

 

 

Harry Brelsford | CEO | SMB Nation, Inc. | www.smbnation.com

Please attend our SMB Nation 2008 fall conference, October 4-6, 2008

Read Harry’s SMB Dude Blog here

Download your copy of SMB PC magazine here

 

Windows SharePoint Services in SBS 2003 [Windows Small Business Server 2003 Best Practices book excerpt]

Hello there – I am the author of Windows Small Business Server 2003 Best PRactices and I am posting a few pages in the WILD each day until SBS 2008 SHIPS!

Today we start chapter seven(7) which focuses on WSS (SharePoint to you buddy boy) in the SBS 2003 product.

cheers…harrybbbbb

harry brelsford, ceo at smb nation, www.smbnation.com and your fellow Microsoft Small Business Specialist (SBSC)

###

Chapter 7 Collaboration with Windows SharePoint Services

Perhaps you’re seeing the other side of 40 and you remember a popular band called “Tower of Power” from the 1970s. This funky band had a well-received song called “What Is Hip?” That had jive, man! So one thing that’s hip in SBS 2003 with tons of jive is Windows SharePoint Services (WSS). Thus, it gets its own chapter and my guarantee (or I’ll eat a floppy disk) that you’ll find this one of the coolest things in SBS 2003. Get out your boogie shoes and get ready to do the WSS dance.

BEST PRACTICE: Expectation management time again! Remember that this SBS 2003 volume, dedicated to introductory and intermediate readers, is covering one heck of a lot of ground. And it’s doing so at a specific point in time (current as of the book print date). For that reason, I show you appropriate (and cool) uses of WSS in SBS 2003. But the footer on the bottom of each page points you to the SMB Nation and the Microsoft TechNet for updates to any SBS feature that have occurred since this book was penned. I also think that the resources section at the end of the chapter sends you forth with more resources to dig deeper into WSS than I have the page count to do here.

What Is Windows SharePoint Services?

I’ll start the WSS definition at the 50,000-foot level and descend to sea level (where you perform some procedures). At the broadest level, you could say WSS means different things to different people. It’s a “beauty is in the eye of the beholder” thang. This section will divide the discussion between technical and business.

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Technical Definition

The official party line is that WSS is a collaboration application. You’ll see this “message” by observing the collaboration language (along with team hugs) in Figure 7-1. Note that collaboration in this context primarily means an intranet portal page.

Figure 7-1

An overriding theme on Microsoft’s public SharePoint site is collaboration, collaboration, collaboration!

BEST PRACTICE: I wouldn’t accuse Microsoft of speaking with forked tongue, but it currently refers to other robust applications as supporting collaboration: Exchange public folders, Microsoft Project Server’s Project Central, bCentral’s Web Collaboration (www.bcentral.com), and previously Outlook Team Folders. Your challenge here is to separate the wheat from the chaff and decide what collaborative solution best meets your needs. In the SBS 2003 space, clearly WSS is going to be the most efficient and effective collaborative environment to deploy.

So one term you didn’t observe in Figure 7-1 above was “document management.” When I was teaching SharePoint as part of the Spring 2003 Go To Market hands-on labs, the emphasis was on collaboration (much like the language on the Microsoft site) and not on document management. But, just because Microsoft publicly deemphasizes document management doesn’t prevent me, as a third-party author, from doing just the opposite. The one thing getting me and my small business customers JAZZED on WSS is, in fact, the document management capabilities.

Why? you ask.. In Fall 2003, as I showed off the SBS 2003 Release Candidate to clients, they thought having an intranet page was cute, such as in announcing the annual company picnic. But they were sold on SBS 2003 when they saw the document management capability with their very own eyes! Finally, these small business owners believed they could bring order to the abyss of document management in their little fiefdoms. WSS presented an opportunity to extract themselves from the quagmire of mismanaged information. In short, my client, Mr. Wallace, could finally organize all of the existing real estate leases in his realty company. He’s been wanting to do that for years!

Business Purpose

WSS is an MBA’s dream come true. It represents, better than any other component in SBS 2003, the marriage of bits and bucks. It’s the intersection of income and interface, accounting and ActiveX. You get the picture. But, just in case you didn’t: WSS IS WHERE YOU WILLADD REAL BUSINESS VALUE ON THE SBS 2003 NETWORK.

BEST PRACTICE: I’m not going to repeat 625 pages of business stuff from my SMB Consulting Best Practices book here. I’m just planting seeds that WSS has a technical and business dimension to it and you’ll want to read that other book for more of the business discussion.

You should also take in Microsoft’s top 10 reasons to use Windows SharePoint Services at http://www.microsoft.com/windowsserver2003/ techinfo/sharepoint/top10.mspx. I’ll save some “timber” and not rewrite those reasons here, so you’ll need to surf over to read ‘em.

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Acquiring WSS

The logical follow-up question to defining WSS is how to acquire it. There are four ways to acquire WSS:

•                      SBS 2003. Relax and take a deep breath. You already have WSS in SBS 2003. •                      Windows SharePoint Services site. You can simply download WSS from http://www.microsoft.com/windowsserver2003/techinfo/sharepoint/ wss.mspx (if for some reason this link changes, simply select Down­loads from the WSS site at Microsoft). •                      SharePoint Portal Server (SPS). Fact of the matter is WSS is buried on the SPS media. •                      bCentral. Using an application service provider (ASP) model, you can use WSS via the Web at bCentral (www.bcentral.com).

 

Extending Outlook in Exchange in SBS 2003

Good Sunday to you! Today we continue the posting up of pages from Windows Small Business Server 2003 Best PRactices (book excerpt). The topic herein is extending Outlook in the Exchange application in SBS 2003. You will ready about PDA synchronization, IMAP and other nonsense 🙂

cheers…harrybbbb

Harry Brelsford – ceo of smb nation – www.smbnation.com and your fellow Microsoft Small Business Specialists (SBSC).

PS – smb nation fall confernce is merely 75+ days away and we are holding a gnarly SBS 2008\EBS 2008 LAUNCH PARTY!

###

Extending Outlook

In this section, you will learn a few ways to further extend your use of Outlook 2003 in an SBS 2003 environment. These approaches are taken directly from the real world and reflect the reality you’re likely to confront and embrace! Let’s start with Outlook PDA synchronization, followed by using Outlook Express with IMAP and ending with a totally cool add-on called Outlook Business Contact Manager.

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Outlook PDA Synchronization

You might recall the Mobile Client and Offline Use page when you ran the Add User Wizard/Set Up Computer Wizard late in Chapter 4 (this page is shown below in Figure 6-27). It was here you elected to install ActiveSync 3.7 on the client computer. This is a required application to synchronize Outlook 2003 between a personal digital assistant (PDA) and the client computer machine.

Figure 6-27

This is the critical path step to install ActiveSync 3.7 on the client computer.

This is a VERY POPULAR SOLUTION with business people who want to carry Outlook information with them such as e-mail, contacts, and appointments on their PDA. This is how people work in the real world and they demand that this type of information be at their finger tips at any time. The way in which Outlook 2003 on the client computer will synchronize with the PDA using ActiveSync 3.7 is as follows.

ActiveSync 3.7 is installed on the client computer and ready for use. Assuming you use the Compaq/HP iPAQ PDA, you attach the cradle to the USB port on

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

the client computer. You place the iPAQ in the cradle and launch ActiveSync

3.7 from Start, All Programs, Microsoft ActiveSync on the client computer. You complete the wizard to create a partnership and elect what Outlook 2003 objects/data you want to synchronize. You then proceed to actually synchronize the data and resolve any conflicts (e.g., double bookings on your calendar with the exact same appointment). The process is shown in Figure 6-28.

Figure 6-28

An early and assured win with business customers and SBS users is to deploy ActiveSync 3.7 to synchronize Outlook 2003 data with a PDA, such as the IPAQ shown here.

BEST PRACTICE: The whole Outlook 2003/PDA synchronization matter exposes a weakness in SBS 2003 that you’ll need to utilize a third-party tool to correct: public folder synchronization. The problem is this. The SBS 2003 team is rightfully proud about creating the company-related public folder object discussed earlier in this chapter. For example, the contact list can be used as a company-wide contact list that eliminates duplicate lists of customers circulating

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

about the firm. But how would you get this great contact list to your IPAQ PDA? Not natively, but with some of the third-party synchronization tools reviewed at SlipStick: http://www.slipstick.com/ addins/olpda.htm#wince. You’ll learn about products such as Pocket Lookout that performs this important function.

You can also use a Microsoft tool, the Outlook 2002 Add-in: Pocket Contact Synchronizer 1.2, which will take the contact information in the company contact folder and synchronize it to your mailbox-based Contacts, which would then synchronize to your PDA via ActiveSync 3.7. Granted – it’s an additional step, but this shoe may well fit.

BEST PRACTICE: I just love late breaking news. The wonderful Susan Bradley, an MVP in the SBS and security areas, recently shared that Infoware – Team Contacts for Outlook at http://www.infoware.ca/ content/tcon.asp and http://www.infoware.ca/content/ infoframe.htm?tcon.asp synchronizes user contact lists with a central contact list in an Exchange public folder. This automatically merges changes when two users update the same contact in their personal Contacts folder.

Ride the Outlook Express With IMAP

I have a client who travels extensively for business and pleasure. Back in the SBS 2000 era, she complained that using Outlook Web Access (OWA, which I discuss in Chapter 8) was too bulky, slow, and awkward. Now granted, in just a few chapters I’ll show you why OWA has improved and should be the remote e-mail access mechanism of choice. But for some, there will still be a chance to use Outlook Express with the IMAP protocol to access e-mail. As you know, Outlook Express is typically installed when Internet Explorer is installed, making it a near universally available e-mail client (in Internet cafés in Spain and so on).

When you launch Outlook Express, you’ll need to configure the client machine to connect back to the SBS 2003 server, be authenticated, and use the IMAP protocol. This is accomplished by running the Outlook Express Internet

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

Connection wizard. This third page (E-mail Server Names) is the tricky one. You need to drop down the protocol list and select IMAP and then complete the server connection information (Incoming, Outgoing) with either an IP address or a fully qualified domain name. You provide logon authentication information on the Internet Mail Logon page (this would be your user account and password on the SBS 2003 network). And then all that is left would be to click Finish.

So why IMAP? Haven’t we been throwing around the word POP3 in this chapter? SBS 2003 configures Exchange Server 2003 to support the SMTP, POP3, IMAP, and HTTP mail protocols. But IMAP offers the opportunity to efficiently download just the e-mail headers (but not the full e-mail). That would allow my client to scan the e-mails she wants to read and delete less worthy e-mails. The point is that the full e-mail isn’t downloaded until the e-mail is opened. This is a nice touch when working from an Internet café! Note that POP3 is going to download the entire e-mail to the client.

BEST PRACTICE: While Exchange Server 2003 installs and supports IMAP and POP3 natively, you’ll need to start these protocols in Exchange. For example, to turn on the IMAP protocol, you would drill down into the Exchange System Manager under Advanced Management in the Server Management console. Expand Servers, Protocols and open the IMAP4 protocol folder. On the right pane, right click Default IMAP4 Virtual Server and select Start. You’re now ready to use the IMAP-based e-mail in Exchange Server 2003 (and ergo, SBS 2003).

Notes:

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

This is an IMAP security setting that you need to make. If the RRAS NAT/ Basic Firewall method is your Internet security method (as per SBS 2003 standard edition), you would select the Internet Mail Access Protocol 4 (IMAP4) as seen in Figure 6-29 on the Services and Ports tab in the Network Connection Properties dailog box. This will allow IMAP-related traffic to flow baby!

Figure 6-29

Selecting the IMAP4 port opening on your SBS 2003 server. When asked which private IP address to map to, enter 127.0.0.1 (a dialog box will ask this when you select this service).

If ISA Server is your Internet security method (as per SBS 2003 premium edition), you would create a packet filter. You will do exactly that in Chapter 13, so hang on to your hat!

Outlook Business Contact Manager

This is known in some circles as customer relationship management (CRM) for da’ little guy, whereas Microsoft’s full CRM product is positioned for the firms between 25 and 500 employees with at least of $5 million in sales. Outlook Business Contact Manager is an Outlook 2003 add-on to help small business

people improve sales management. A comparison between Business Contact Manager and CRM is shown in Figure 6-30.

BEST PRACTICE: Be well aware that Business Contact Manager is SINGLE USER ONLY. That’s some good old expectation management up front and in your face because you might conclude that restriction will limit the functionality of this cool tool. Whereas the business public folders created by SBS 2003 would seem to promote hugging and sharing, Business Contact Manager would tend to do just the opposite and create an island of information in the small business. These two strategies are at odds.

Figure 6-30

Comparing Business Contact Manager and Microsoft CRM at a glance.

BEST PRACTICE: As of this writing, Microsoft is launching a promotion that bundles SBS 2003 and CRM 1.2. The details are found in a CRN article at: http://crn.channelsupersearch.com/news/

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

crn/45066.asp. The good news is that Microsoft is looking for ways to extend SBS with tools such as CRM 1.2 (and I’ll cover this pairing in my future advanced SBS 2003 book).

You acquire Business Contact Manager from Office 2003 (enterprise, professional, and small business editions). I’m not going to delve much deeper into the definition of Business Contract Manager but rather encourage you to take a short pause here and read more at http://www.microsoft.com/outlook. When you return, we’ll start the step by step to install Business Contact Manager and make a couple of entries as part of the SPRINGERS methodology.

Note that I assume you’ve already installed Office 2003 on the PRESIDENT workstation. If not, do so now with the normal or most common components installed.

BEST PRACTICE: Late breaking news again! Please run an update that allows BCM to function properly with Exchange e-mail profiles on SBS 2003 by visiting the Microsoft download center at http://www.microsoft.com/downloads and searching under Office Outlook and the keyword Business. There is a quick fix you’ll run prior to performing the procedure below.

1                    Log on as NormH with the password Purple3300 on PRESIDENT. 2                    Put the Outlook Business Contact Manager Disc in the CD drive of the PRESIDENT and launch Setup.exe. 3                    Click OK when the Business Contact Manager for Outlook 2003 Setup dialog box asks for permission to detect and install the .Net framework 1.1. 4                    Agree to the Microsoft .Net license by selecting I agree on the Microsoft .NET Framework 1.1 Setup screen and click Install. This setup can take several minutes. Click OK when the .NET Frame­work 1.1 is complete. 5                    Click Next on the welcome page for Business Contact Manager. 6                    On the End-User License Agreement page, select I accept the terms in the licenses agreement and click Next. 7                    Accept the default destination on C: drive on the Destination Folder page and click Next.

 

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

 

1                    On the Ready to Install the Program page, click Install. You will be advised of the installation progress on the status bar. 2                    Click Finish on the Wizard Completed page. You’ve now com­

 

pleted the installation of Business Contact Manager. In the following procedure, you’ll launch Outlook and use Business Contract Manager.

1                    Launch Outlook from Start, E-mail. 2                    Observe and read the Welcome to Microsoft Outlook with Busi­ness Contact Manager e-mail. I’m counting on you to read this to learn more about the product as I won’t repeat it here. 3                    Select Business Contacts from the Business Tools menu. Complete the screen, similar to Figure 6-31, for a fictional customer (e.g., Mrs. Jones). Click Save and Close to close the record.

 

Figure 6-31

Adding a business contact.

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

4.         Select Accounts from Business Tools and complete the screen simi­lar to Figure 6-32 with fictitious information. Be sure to add a busi­ness note and link Sally Jones. Click Save and Close.

Figure 6-32

Creating an account in BCM. You’re putting the pieces in place for a CRM system.

5.         Next up, explore the other Business Tools menu options and create an Opportunity, Product List and, if connected to the Internet to launch a Web browser, select the Business Tools link that will take you to the BCM page at Microsoft for the latest updates.

Notes:

6.         Finally, play around with the Reports option under the Business Tools menu. One such report is shown in Figure 6-33.

Figure 6-33

The fictitious information is shown in the Account List with Business Contact report.

Note that my intent isn’t to teach mastery of BCM but rather turn you on to this cool tool. Perhaps a full chapter in a future book will be dedicated to this tool for your reading pleasure.

BEST PRACTICE: BCM is a great start at delivering CRM to the “rest of us.” I encourage you to learn it, use it and provide feedback on it to Microsoft (the Outlook newsgroups are sufficient to do this). However, it’s necessary to understand that there are a couple of limitations for this, including that the BCM data doesn’t really play well with native Exchange mailbox data. That is, a contact record format in BCM is different than the traditional Exchange contact record format. Also, BCM kinda has this “island of information” mentality and this isn’t shared information. Rather, you should picture it as each salesperson in a company keeping their own CRM system

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

that is separate from everyone else’s. That is bothersome to me and at odds with attempts to centralize business information for the benefit (and profitability) of all.

I personally look for this limitation to be satisfied in a future BCM release, which is why I highly recommend you play with it today in anticipation of a better tomorrow.

Next Steps!

There are some next steps you can take that go above and beyond this chapter on Exchange and Outlook.

•           Visit Microsoft Web Sites: Exchange and Outlook. Your very next step is to visit the sites at Microsoft for Exchange (www.microsoft.com/ exchange) and Outlook (www.microsoft.com/office and select the Out­look link). Microsoft posts much of its technical resources to its sites

and has created this treasure chest of current information on their prod­ucts that this book can’t hope to keep up with! •                      Read Exchange and Outlook Books. While this book covers the full suite of products in SBS 2003, there are many excellent (and thick) books dedicated to Outlook and Exchange. I can recommend the Out­look and Exchange Administrator’s Smart Pak (TechRepublic) with more information at https://techrepublic-secure.com.com/5106-6242­26-12333.html?part=tr&subj=12333. •                      Use Microsoft TechNet to learn Exchange command line utilities. The second disc of the SBS 2003 media contains Exchange command-line utilities that help manage and recover the database. You should visit http://www.microsoft.com/technet and search on “Exchange” to learn more about these. •                      Sign up for Sue Mosher’s RSS feed for Exchange and Outlook issues: http://www.slipstick.com/rssnews/rssnews.aspx.

 

 

•                      Read current articles on Exchange and Outlook. There is an interesting InfoWorld article on the role of Outlook 2003 and SBS 2003 (Enter­prise Windows: Oliver Rist, November 7, 2003, http://www.infoworld.com). •                      Learn more cool Outlook features. This chapter is only the start, not the end of your time with Outlook. Please go forward and educate yourself on the vCard capability to mail your contact record to others, the mail merge capability, and the automatic meeting planning tool. •                      Read Chapter 8 of this book. I’ve not forgotten OWA and other remote Outlook connectivity approaches (such as Outlook Mobile Access, Outlook over RDP, etc.). These are covered in the remote connectivity chapter.

 

Late Breaking News!EICW Support Matter

Just when you thought it was safe to go out in the neighborhood again, Karen Christian of the North County Technology Group (www.nctg.com) sent in this nugget for your consumption. This involves both the EICW (which Karen calls the CEICW below) and remote access. As such, it serves as a great transition to the remote connectivity chapter you’ll read soon (Chapter 8).

11/11/2003

Here are the results of a couple calls to MS support and a couple TS sessions to my server in the last 24 hours. We could not connect via HTTPS from the Internet for OWA or Remote Web

Workplace and wanted to get this resolved. This server was SBS2000 w/ISA upgraded to SBS 2003 Basic/Premium.  (Still have to install SQL via the Premium CD……think I’ll take a breather first.)

MS tried rerunning CEICW and did not get the desired results. They manually configured DNS, ISA and IIS and got it working late last night. Today they wanted to get the wizard to do its job the way it was intended. It required some

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

manual cleanup first which was not expected on their part. Guess this is another ’feature’ we have to keep in the back of our minds. Steps Performed:

1                    Removed the Web Server Cert. 2                    Removed the ISA Incoming Web Listener Cert 3                    Removed the Web Publishing Rules 4                    Removed the Destination Sets 5                    Reran CEICW, and waited for services to restart. Services take a few minutes to restart, so ISA does not immediately show the changes. We are now able to connect as expected.

 

The expectation is that CEICW would have done all the updates and repair work needed but it didn’t work as anticipated.

BEST PRACTICE: When you run the CEICW that comes with SBS2003 Standard edition (Premium edition is just another CD and we didn’t have to install ISA as it was there from SBS2K already), you are given an opportunity to create a certificate if desired.  You enter the Internet name (ie: servername.domainname.com). I found out today that the wizard process creates two certificates in the process.  On my server it created one for nctgdc1.nctg.com and one for publishing.nctg.local. One is for the SSL session to ISA from the Internet and the other is for the SSL session from ISA to IIS. This problem originated when I created a certificate called nctgdc1.nctg.local which is incorrect. Still one would expect that rerunning CEICW would take care of this when you enter the correct certificate name.

Karen Christian

Thanks Karen!

Notes:

Summary

I end how I started. You know more about Exchange Server 2003 and Outlook 2003 than you’ve likely given yourself credit for in the past. You probably know about 80 percent of the functionality of the programs and it’s the remaining 20 percent that’ll take much longer to master. And, hopefully, after reading this chapter that dug deep in Exchange and Outlook, you feel you know much more than prior to reading all this stuff (of course I’ve left out some other advanced Exchange and Outlook topics that I’ll address in a future book down the road – keep reading!).

Using Exchange Server with SBS 2003 (chapter 6 book excerpt)

Hi friends!

Today we start Chapter 6 in Windows Small Business Server 2003 Best Practices. This chapter discusses Microsoft Exchanger Server 2003 and Microsoft Outlook 2003. Reade up, go forth and multiply!

FYI – in case you are new tothese postings, I amposting up a few pages a day from my purple book until SBS 2008 ships.

cheers…harrybbbbb

Harry Brelsford, MBA, Microsoft Small Business Specialist (SBSC) and heaps of credentials dating back to the early CNE days! 🙂

ceo, smb nation, www.smbnation.com

###

Chapter 6 Messaging with Exchange Server 2003 and Outlook 2003

Take a bow. Why? Because even before you start reading this chapter on Exchange Server 2003 (“Exchange”) and Outlook 2003 (“Outlook”), you really know more about these two messaging applications than you might admit in public. As the first part of the chapter will show, you’ve darn near completed the configuration of Exchange and Outlook just by deploying SBS 2003 over the past several chapters. So accordingly, I start with what you should likely already know up to this point. And after you finish the chapter and work more with Exchange in the real world, you’ll really know these products inside and out from an SBS 2003 viewpoint.

By the way, this chapter isn’t as SPRINGERS-centric as my other chapters are. This is in part because the SPRINGERS storyline doesn’t need a lot of direct interaction with Exchange Server 2003 for proper SBS 2003 network deployment to occur. So bear with me as I provide you a Texas-size buffet of Exchange and Outlook matters you’re like to lasso up in the real world.

What You May Already Know AboutExchange Server 2003!

This section of the chapter should inspire confidence as you’ll likely comment “I already knew that” about certain Exchange matters. Let’s get started.

•           Core SBS component installation. Just prior to the Windows Con­figuration phase outlined in Chapter 3, the setup routine “harvests” the information on the Company Information page (revisit Figure 3-14 in Chapter 3 to see this) for later use in creating Exchange Global Address

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

List (GAL) entries (Figure 6-1). This same company information also populates the properties for an Active Directory user object on the Address tab (Figure 6-2).

Figure 6-1

Viewing a Global Address List entry in SBS 2003.

Notes:

Figure 6-2

Viewing the address information in Active Directory for a user.

BEST PRACTICE: Call it a missed opportunity, but this company information would have been great for creating an Outlook contact record for each user that is added to the SBS 2003 network. Said Outlook contact record could then be used by fellow workers to list your home and cellular telephones, making it possible to reach you with ease! Heck – such an Outlook contact record could be synchronized to your personal digital assistant (PDA), such as a sassy HpCompaq iPAQ, allowing you to find co-workers when you’re out of the office. As it stands today, the company information is used to populate the screens in Figures 6-1 and 6-2, but few of us in the small business arena truly get excited about GALs and AD user objects! This good stuff also could have been (but isn’t) used to create a cool list in Windows SharePoint Server (see Chapter 7 for more).

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

 

•                      SBS application setup information. You will recall, after the Win­dows Configuration reboots at mid-point during the SBS setup phase, you completed a wizard page titled Data Folders (see Figure 3-21) where you redirected the location of the Exchange data (you also had the option to redirect the Exchange logs, but we didn’t). This is an espe­cially cool capability in SBS 2003 because back in the SBS 2000 era, the same screen (see Figure 3-20 in my legacy SBS 2000 Best Practices book) gave you no opportunity to redirect Exchange data and logs. Rather, in the old days, you had to manually redirect Exchange data and logs following the steps in KBase article Q257184. •                      Core SBS application installation phase. Who could forget the 20+ minutes you spent during the SBS installation process when you in­serted Disc 2 and Exchange Server 2003 modified the Active Directory Schema-surely you remember the 1 of 10, 2 of 10, 3 of 10 messages? (You can see this in Figure 3-24 back in Chapter 3). And when Exchange itself was installed at this step, the Company archive public folder and the Company contact object were created inside the Exchange public folders. •                      E-mail and Internet Connection Wizard (EICW). Of course, the EICW greatly affected Exchange Server 2003 when you completed it in Chapter 4. It was there that you elected to use the built-in firewall and allow e-mail services to flow through the firewall (see the Services Configuration page). The firewall-related page that followed, titled Web Services Configuration, allowed you to invoke Outlook Web Access, Outlook Mobile Access, and Outlook via the Internet (in-depth description of each of these sections are available by clicking More Information on that page). Next up, you selected Enable Internet e-mail on the Internet e-mail page. On the E-mail Delivery Method page, you selected Use DNS to route e-mail. The E-mail Retrieval Method page followed that allowed you to elect SMTP-based e-mail (in effect, you turned Exchange “on” for use). You didn’t configure the POP3 Connector for Exchange (a native SBS 2003 tool that I discuss later in the chapter) on this page because it’s not part of

 

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

the SPRINGERS storyline in this book. This was followed by the E-mail Domain Name page where you provided the Internet domain name you wanted to use for your SMTP-based external messaging. (Note that a BIG ASSUMPTION exists here that you’ve worked closely with your ISP to point a Mail Exchange (MX) record in DNS to your SBS 2003 server to successfully deliver the SMTP e-mail. If you haven’t, please contact your ISP immediately.) Finally, something I’ll discuss later is the e-mail attachment removal process that you implemented on the Remove E-mail Attachments page.

BEST PRACTICE: Actually, this is more humor than serious, but after all the details in the bullet points above about Exchange functionality in the EICW, I kinda feel like I’m listening to the patriarchal parent of the bride in the My Big Fat Greek Wedding movie who claims every word has a Greek origin. Here, after the exhaustive EICW play-by-play above, you might start to think every piece of SBS functionality originates in Exchange.

•           Add User Wizard (AUW). Not to be outdone, the AUW holds its own in the Exchange configuration department. Exchange and the AUW are related in the following ways. First, the AUW creates the user object in Active Directory which also creates the Exchange mailbox. The template you select for the user in the AUW would also affect Exchange e-mail functionality. A mobile user would need the Mobile User Tem­plate to remotely access e-mail. The Power User Template provides suf­ficient permissions for the endowed user to create other users with an Exchange mailbox on the system via the Power User Console.

What You May Already Know AboutOutlook 2003

You probably know more about Outlook, including the 2003 version, than you give yourself credit for. Consider the following.

•           Pervasive usage. Perhaps the question to ask here is “Who hasn’t used Outlook?” A show of hands would yield a very small data set. Just

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

about everyone on Planet Earth has in some way or some how used Outlook. In fact, for that reason, a change from my past books is that I’ll not show you how to send an e-mail message, as I’ll assume you already know this basic function.

•           Setup Computer Wizard (SCW). When the AUW spans Setup Com­puter Wizard (SCW), you assign users to the computer for whom Out­look will be available. You also make the decision to install the Outlook application itself. And finally, you may elect to install Active Synch

3.7 which will synchronize Outlook information with your personal digital assistant (which I’ll demonstrate and discuss more later).

Black Hat Thyself – SBS 2003 [book excerpt from Windows Small Business Server 2003 Best Practices]

g’day mates – I am harry brelsford, the author of Windows Small Business Server 2003 Best PRactices (the infamous purple book). I amposting up a few pages per day of this book until SBS 2008 ships for all of us SMB consultants, SBSers, and Microsoft Small Business Specialists (SBSC). Enjoy the read!

Today I speak towards black htting thyself including packet sniffing!

harrybbbbb

Harry Brelsford, ceo at smb nation, www.smbnation.com

###

Black Hat Thyself

So, you think you’re an SBS security hot shot? Perhaps you are. One way to validate whether you’re “hot or not” is to black hat yourself on the inside and outside. That’ll tell you exactly how super you are. In a nutshell, you’d download a port scanner such as GFI’s LANGuard Network Security Scanner (www.gfi.com) and run it against yourself. Figure 5-13 shows how such a scan on the internal LAN might look (revealing tons of information) and Figure 5-14 shows how such a scan might look when run over the Internet, showing only the ports you opened via the EICW. (Talk about a great way to validate your work!)

Figure 5-13

Black hattin’ on the inside.

Notes:

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 5-14

Black hattin’ on the outside.

BEST PRACTICE: Perform this activity on each SBS network you work on (even if it’s only one). Hopefully, you won’t be too surprised by the outcome (in general, SBSers don’t like to be surprised in this area). If you’re a consultant, share the outcome of this black hat exercise with your clients.

Packet Sniffing

Talk about an MCSE-level exercise that works for us SBSers as well: packet sniffing. Here you would install the Network Monitor tool that is native to the underlying Windows Server 2003 operating system, but not installed by default, and then sniff around. To install the tool, perform the following procedure:

1                    Log on as Administrator on SPRINGERS1 (password is Husky9999!). 2                    Click Start, Control Panel, Add or Remove Programs. 3                    Select Add/Remove Windows Components.

 

 

1                    Select Management and Monitoring Tools in the Windows Com­ponents Wizard. 2                    Select Network Monitor Tools and click OK. 3                    Click Next. 4                    Insert Disc #1 when requested.

 

8. Click Finish. In Figure 5-15, you can see what the results of a packet sniffing session might look like. This tool can be used to troubleshoot network problems (such as logon problems) and to search for rogue devices (such as another server running network monitoring on your network without your knowledge).

Figure 5-15

The three-finger salute of TCP/IP session establishment is shown here in a Network Monitor session. Look closely at the source and destination address columns (packets 31-33).

BEST PRACTICE: I used this tool once in early 2003 to investigate whether Microsoft automatic update sessions were actually going out into the ether. A client, a well-known Seattle-based author (not me!),

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

believed said updates where going to an offshore site not controlled by Microsoft. The packet analysis facilitated by the Network Monitor tool showed the fears were unfounded. The client then rested easy and allowed his workstation to be automatically updated. I kinda felt like one of the central characters in an old US movie called Ghosbusters and Network Monitor was my tool!

Spam Blocking

Spam blocking fits in the security chapter as well. The malady of “spam” is well known to readers of this book as unwanted e-mail traffic. In fact, the perception of excessive spam on an SBS 2003 network can create unwarranted criticism about SBS 2003 itself, which just isn’t fair.

Spam blocking can be divided into two discussion areas: content filtering and attachment blocking.

Content Filtering

I’ve enjoyed great success using the GFI’s MailEssentials spam blocking program, which more than anything else flexes its muscles in the content filtering department. For example, e-mails with the word “Viagra” are treated as spam and processed accordingly, which might include deletion, move to another folder, etc. MailEssentials is shown in Figure 5-16.

Notes:

Figure 5-16

Meet MailEssentials from GFI. Note that this product is very aggressive out of the box and will sometimes go too far, filtering out legitimate messages.

BEST PRACTICE: Because of the false positives and positive negatives in the world of filtering junk e-mails, the oft-cited security author Roberta Bragg insists that I tell you to send filtered mail to a junk mailbox, instead of deleting it! Right on, Roberta!

Another way to easily engage in a form of content filtering is to utilize the junk mail feature in Outlook 2003. This is a MAJOR IMPROVEMENT in Outlook 2003 and is discussed in Chapter 6.

Attachment Blocking

Of course, the simplest way to invoke attachment blocking is to complete the 15th page of the EICW titled “Remove E-mail Attachments.” I’ll discuss that more in Chapter 6 when you and I look deeper at Exchange Server 2003.

But meet GFI’s MailEssentials once again. Assuming you own this application for its effectiveness in the content filtering area, then consider using it as your attachment blocking tool.

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

BEST PRACTICE: The above statement raises the question about which attachment types to block if you’re using a third party tool such as MailEssentials. This list is easily created by looking at and copying the list from the Remove E-mail Attachments page in the EICW.

And yet another attachment blocking tool is contained within Outlook 2003 itself. Since I don’t want to spill the beans on Chapter 6 yet, I’ll wait to discuss it there. Similarly, you can use the SMTP application filter in ISA Server 2000 to engage in both content filtering and attachment blocking (discussed in Chapter 13).

BEST PRACTICE: I only cite GFI’s spam fighting tool because I know it. The infamous Stu at Sunbelt Software in Tampa FL (www.w2knews.com) markets effective spam blocking tools (“I Hate Spam”) that deserve your purchasing consideration. The SBS-related newsgroups are also a source of information for third-party spam fighting applications (see Appendix A for this information).

Virus Protection

So, would you consider virus protection a germane security topic? You betcha! I’ll discuss this much more in Chapter 11 with some step-by-step procedures using Trend Micro’s OfficeScan suite solution, but I’d be remiss to have a security chapter without emphasizing the importance of virus protection as part of your comprehensive approach to security on your SBS 2003 network.

BEST PRACTICE: I’ll say it here and again later on. Virus protection

is only valid when the data files are up-to-date. More later.

SpyWare

If you want to be humbled in a hurry, download the spyware detection applications from http://www.BulletProofSoft.com. Install its SpyWatch and SpyWare Remover programs and then, when no one is your witness, run these programs. You might be shocked to see what’s been camping out on your SBS network without your knowledge. Thanks to a student from the Louisville, KY hands-on lab for that tip! Many apparently harmless Web sites accessed by your users are

Visit http://www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

really implementing click counters and other spyware nasties. One of the all time greats (or “worsts”) was Gator. An instructor with whom I’ve previously worked on another tour had actually worked for Gator during the dot-com boom and he sends his profound apologies!

FTP Site Notification

And now from the hallowed halls of the Harvard Law School! Did you know that if you dig deep enough into the legal treatise of USA jurisprudence system, you’ll find that long ago, a hacker got off the hook because an FTP site at a company said “Welcome!” Apparently the hacker claimed that he felt invited in to poke around and destroy things. The legal lesson learned here? Prevention! Make the introductory screen of your FTP site say “Authorized Users Only!” or something just as strong.

RRAS Unplugged in SBS 2003 – chapter five book excerpt on Security

TGIF! Harry Brelsord, author of Windows Small Business Server 2003 Best Practices here and just posting up for free a few pages of my book each day for your pleasure. I hope to have the darn thing completely posted up by the time SBS 2008 SHIPS!

Today we continue chapter five on security and go with RRAS unplugged….yee-haw!~

harrybbbbb, a Microsoft Small Business Specialist (SBSC)

Harry Brelsford, ceo at smb nation, www.smbnation.com

###

RRAS Unplugged

So now that you’re all patched and updated, let’s do some meat and potatoes. That is, let’s delve into the firewall component of SBS 2003 standard edition: RRAS’s NAT/Basic Firewall. I’ll essentially repeat Lab 7 from the afternoon of the USA SBS 2003 hands on lab tour that I both wrote and delivered in fall 2003. The intent of the lab was this: After a long day together of SBSing, some folks had unanswered questions about security and exactly what voodoo do you do when you complete a native SBS Wizard. Oops – I went Ragin’ Cajun on you for a moment there. What I meant to say was SBSers sometimes wonder what real settings they affect when the complete a pretty wizard.

It’s important, before proceeding, to remember that you completed both the EICW and the Remote Access Wizard in the prior chapter in order to maintain the sanctity of our SPRINGERS methodology. So, in effect, you’ve already implemented the security related to firewall protection in SBS 2003 standard edition.

The key pages in the EICW that relate specifically to the security we’ll discuss in this chapter (and future chapters) are EICW page 7 (the Firewall screen where you enable the firewall), EICW page 8 which relates to services that will be accessible across the Internet (see Services Configuration in Figure 5-9), EICW page 9 (Web Services Configuration that I really discuss more in Chapters 8 and 10) and EICW page 10 (Web Server Certificate) that I discuss more in the next section.

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 5-9

Revisiting the Services Configuration page.

BEST PRACTICE: You’ll increasingly learn and be comfortable with your own situation best. Remember that the SPRINGERS methodology is a pass across SBS 2003 using a story line that works. On the Services Configuration page as part of SPRINGERS, we made some selections in the last chapter.

But what if your real-world needs are slightly different? Perhaps you’ll need to allow some other services, read port openings, be accessible via the Internet. How would you do that in Figure 5-9? Just click the Add button and type in the service name and port information.

In the next procedure, you’ll not only see where your Service Configuration settings are implemented, but you’ll get a peek at the additional services you could select from. Please be advised that the following procedure, which is

basically a look and see, is here so you can appreciate where some of the security settings you select in the EICW are truly “set.”

1                    Log on to SPRINGERS1 as Administrator with password Husky9999!. 2                    Click Start, Server Management, Advanced Management, Com­puter Management, and Services and Applications. 3                    Select Routing and Remote Access, IP Routing followed by NAT/ Basic Firewall. 4                    Right click on Network Connection and select Properties from the secondary menu, (and then see my figures). 5                    Observe the NAT/Basic Firewall tab sheet (Figure 5-10) that depicts the selections for NAT and Basic Firewall. These were selected when you enabled the firewall on page 7 of the EICW. I’ll discuss the con­cept of NAT and Basic Firewall in just a second. 6                    Click the Services and Ports tab. Observe the services that you can select.

 

Figure 5-10

This is where the NAT and Basic Firewall selections are made.

Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 5-11

This is where the Internet-accessible services were selected.

7. Click OK.