|
Advanced Windows Small Business Server 2003 Best Practices
Contents:
iii Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
About The Authors .......................................................
xxix
Dedication
....................................................................
xxxix
Acknowledgements .....................................................
xxxix
Foreword to Harry Brelsford’s SMB Series ...................
xl
Preface ...........................................................................
xliii
What This Book Is About..............................................................
xliv
Advanced Topics ............................................................................
xliv
A Winning Writing Team ..............................................................
xliv
Presentation ...................................................................................
xlvii
How This Book Is Organized ........................................................
xlix
Section One: Essentials ............................................................
xlix
Section Two: Applications .............................................................
l
Section Three: Security .................................................................
l
Section Four: Monitoring, Migration and More ............................
l
Who Should Read This Book .............................................................
l
Who Shouldn’t Read This Book .......................................................
li
Forward! .............................................................................................
li
Contents
iv Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
SECTION ONE: SBS 2003 Deployment
Chapter 1
Introduction and Planning.........................................1-1
by Harry Brelsford
As of This Writing ..........................................................................
1-1
What’s Working ..............................................................................
1-3
The Product ................................................................................
1-3
The Price .....................................................................................
1-4
The Promotions...........................................................................
1-4
The Placement ............................................................................
1-5
What’s Not Working.......................................................................
1-5
Advanced Discussion: The Small Business Server Space ...........
1-8
United Kingdom SBS Breakfasts ...............................................
1-8
SBS User Groups ........................................................................
1-9
Planning .........................................................................................
1-11
Re-visiting the Basics ...............................................................
1-11
Business ..............................................................................
1-11
Technical .............................................................................
1-19
The SBS 2003 Franchise Manual .............................................
1-26
Summary .......................................................................................
1-28
Chapter 2
Understanding Hardware in the SBS Environment ...2-1
by Chris Angelini
Server versus Workstation .............................................................
2-2
Serving Up SBS ..........................................................................
2-2
Buying a Better Workstation ......................................................
2-3
SBS 2003 Minimum and Recommended Requirements .............
2-4
The Real SBS 2003 Recommended Hardware Guide .................
2-6
Building the Best Server on a Budget ........................................
2-6
The Five-Minute Workstation Buyer’s Guide ..........................
2-11
Understanding the Hardware Landscape ..................................
2-12
Today’s Processor Technology ...........................................
2-12
Processor Summary ............................................................
2-22
Making the Most of Memory Technology ................................
2-23
Making Sense of the Storage Scene .........................................
2-25
v Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Hard Drive Summary..........................................................
2-28
Networking Basics....................................................................
2-29
Networking Summary.........................................................
2-30
Betting on Backup ....................................................................
2-31
Backup Summary ...............................................................
2-33
Right-Sizing SBS Hardware .....................................................
2-34
Selling SBS Hardware ..............................................................
2-35
A Server Case Study: HP’s ProLiant ML 350 G4 ....................
2-37
Visual Inspection ................................................................
2-38
Up and Running ..................................................................
2-41
Windows, Meet Hardware
Hardware, Windows
..............
2-47
Hardware Management ......................................................
2-49
Summary .......................................................................................
2-53
Chapter 3
SBS 2003 Licensing.....................................................3-1
by Harry Brelsford with Steven Banks
Case Study—Alaskan Fishing Company ......................................
3-1
The Question ..............................................................................
3-2
The Simple Answer ....................................................................
3-2
The Complex Answer .................................................................
3-3
User CALs ............................................................................
3-5
Mix and Match .....................................................................
3-5
Specific User CAL Assignments ..........................................
3-7
Alaskan Fishing Company—Frequently Asked Questions ........
3-7
Initial Licensing State .................................................................
3-8
Changing Tides .....................................................................
3-8
Modified Licensing State..........................................................
3-10
Universal CALs ..................................................................
3-10
Additional and Future CAL Purchases ...............................
3-10
Switch-a-Roo ......................................................................
3-12
You’re Fired! ............................................................................
3-12
Enforcement! ............................................................................
3-13
Microsoft Licensing FAQs ...........................................................
3-13
General Licensing .....................................................................
3-14
Transition Pack Licensing ........................................................
3-25
FAQ Conclusion .......................................................................
3-29
vi Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
More Microsoft-Centric Licensing Topics ..................................
3-30
Honoring the SBS 2000 Legacy ...............................................
3-30
Moving Forward with SBS 2003 ..............................................
3-30
The Great Upgrade CAL Caper ..........................................
3-30
Canada and Terminal Services CALs .................................
3-31
No Real Licensing Management Tool ................................
3-32
Implicitly Overpaying For Outlook 2003 ...........................
3-32
External Facing Windows SharePoint Sites .......................
3-33
Underselling SBS 2003 ......................................................
3-34
The Ligman Lease ..............................................................
3-34
No Mas! No Downgrade Scenario .....................................
3-35
Software Assurance ............................................................
3-36
Why is Software Assurance a good thing..
..............................
3-38
What Are the Differences Between Types of Licenses? .....
3-39
Next Steps? ....................................................................................
3-40
Summary .......................................................................................
3-42
Chapter 4
Advanced Setup and Deployment .............................4-1
by Andy Goodman
Installation Midpoint......................................................................
4-2
TCP/IP Networking ..............................................................
4-3
Source File Copy ..................................................................
4-3
Partitioning Tips .........................................................................
4-4
Reasons to Partition ..............................................................
4-5
Partitions and Performance ...................................................
4-5
Protecting Certain Files ..............................................................
4-9
Volume Shadow Copy Restore .................................................
4-10
Post-SBS 2003 Setup.....................................................................
4-10
Run IPCONFIG ........................................................................
4-11
Add to a New Workgroup .........................................................
4-12
Add a User ................................................................................
4-12
Synchronize Client Computer Time .........................................
4-12
Synchronize Logon Time ...................................................
4-15
Keep Time ..........................................................................
4-15
Group Policy Tips .........................................................................
4-17
Creating New GPOs .................................................................
4-17
vii Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Creating a New OU ............................................................
4-18
Internet Explorer GPO Trick ..............................................
4-21
Logoff Command................................................................
4-22
Group Policy and Software Update Services ...........................
4-23
SUS Server-Side .................................................................
4-23
SUS Client-Side..................................................................
4-24
GPO Exception or Override .....................................................
4-26
Software Installation Options ......................................................
4-29
Using SBS 2003’s Set Up Client Application Wizard ..............
4-29
Pushing Out Software with a GPO ...........................................
4-30
Tuning the GPO ..................................................................
4-31
Controlling Where the GPO is Applied ..............................
4-32
Windows XP Service Pack 2 ........................................................
4-33
Specific Fixes Addressed by SP2 .............................................
4-33
Security Center ...................................................................
4-33
Pop-up Blocker ...................................................................
4-33
Internet Explorer Add-Ons .................................................
4-33
Automatic Updates .............................................................
4-34
Easier wireless configuration .............................................
4-34
Local Group Policy Security Settings ................................
4-34
Outlook Express Improvements .........................................
4-34
Drilling down ............................................................................
4-34
New Wireless Setup Process ..............................................
4-34
LOB Applications ...............................................................
4-36
SBS 2003-specific Fix ........................................................
4-36
Summary .......................................................................................
4-36
Chapter 5
Using Third-Party Tools to Boost
SBS 2003 Performance ...............................................5-1
by Frank Ohlhorst
Backup Solutions ............................................................................
5-1
Imaging .......................................................................................
5-2
Hardware Requirements .......................................................
5-2
Imaging Products ..................................................................
5-3
Dynamic DNS: A Static Problem with a Dynamic Solution ........
5-8
viii Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Dynamic DNS.............................................................................
5-9
TZO ......................................................................................
5-9
Port Forwarding ........................................................................
5-13
Spam, Spam, Spam!......................................................................
5-15
Using MailEssentials ..........................................................
5-16
Other Nuisances ............................................................................
5-23
Appliance-Based Security Solutions ........................................
5-24
Fortigate Series of Anti-Virus Firewalls .............................
5-25
Summary .......................................................................................
5-27
SECTION TWO: SBS 2003 Utilization
Chapter 6
Exchange Server 2003: Advanced Topics .................6-1
by Michael Klein
Introduction ....................................................................................
6-1
The Importance of Exchange ........................................................
6-2
Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6-3
Preinstallation .............................................................................
6-4
Installation Stage ........................................................................
6-7
Post-Installation ..............................................................................
6-8
Service Packs ...................................................................................
6-8
Exchange Server 2003 SP1 ..................................................
6-9
Office 2003 SP1....................................................................
6-9
Microsoft Hotfixes..............................................................
6-10
Fire Prevention: Other Important Fixes ....................................
6-11
The /3GB Switch ................................................................
6-11
The Shutdown Fix ..............................................................
6-12
The Memory Fragmentation Fix.........................................
6-13
Cool Tools .................................................................................
6-14
Stop the Press! ..........................................................................
6-18
Internet E-Mail .............................................................................
6-19
The HOSTS File .......................................................................
6-19
DNS to the Rescue....................................................................
6-20
Information at Network Solutions ......................................
6-22
DNS Records ......................................................................
6-23
Sample DNS Information at the ISP...................................
6-24
ix Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Dynamic DNS.....................................................................
6-25
Typical Dynamic DNS Solutions in the Small
Business Server Environment................................................
6-26
What is Dynamic DNS? ...........................................................
6-26
How does it work? ....................................................................
6-26
How can I protect my e-mail? ..................................................
6-27
What if e-mail is blocked outbound? ........................................
6-27
Knock, Knock ...............................................................................
6-28
Can We Talk? ............................................................................
6-30
Putting It All Together..................................................................
6-33
Contact the ISP .........................................................................
6-33
Order the Network Line ............................................................
6-34
Dynamic DNS...........................................................................
6-34
Domain Name ...........................................................................
6-35
Dynamic Versus Static IP .........................................................
6-36
Connect to the Internet .............................................................
6-36
Configure Server ......................................................................
6-37
Sending E-mail ...................................................................
6-37
Configure E-mail and Internet Connection Wizard ............
6-38
Test......................................................................................
6-38
Success! ....................................................................................
6-38
ISP Port Issues ..............................................................................
6-39
Overview ..................................................................................
6-39
The Process ...............................................................................
6-39
Dynamic DNS Service........................................................
6-39
Router .................................................................................
6-40
Open Port on Server ...........................................................
6-40
War Story ..................................................................................
6-42
Getting POPPED by the POP3 Connector .................................
6-43
The 16 GB Wall .............................................................................
6-45
Misconception Clarification .....................................................
6-46
Misconception #1: This is an SBS-imposed limit
............
6-46
Misconception #2: The 16 GB limit applies to
both the public and private combined
.........................
6-46
Avoiding Bump and Grind .......................................................
6-48
Monitoring.....................................................................................
6-48
x Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Prevention......................................................................................
6-50
Keep only important messages .................................................
6-50
Remove attachments .................................................................
6-51
Block large inappropriate attachments .....................................
6-51
Use the public information store ..............................................
6-51
Move Data to a PST file ...........................................................
6-52
More Ideas! ...............................................................................
6-52
Use Quotas..........................................................................
6-53
Delivery Restriction............................................................
6-53
AutoArchive .......................................................................
6-54
Enact antispam measures ....................................................
6-56
Limit the size of public folders ...........................................
6-56
Hitting the Wall .............................................................................
6-57
Database Diet............................................................................
6-57
Deleted Items ......................................................................
6-58
Offline Compression...........................................................
6-59
Temporary 1 GB .................................................................
6-60
Still not enough? .......................................................................
6-60
Guest Column ...............................................................................
6-61
Deleting attachments that make your database
size grow unnecessarily ......................................................
6-61
Move large attachments out of Exchange databases and put them
elsewhere ............................................................................
6-62
Archive really old messages on an ongoing automated
basis so databases don’t keep growing ...............................
6-62
Enterprise Edition .....................................................................
6-62
Protecting Your Exchange Server ..............................................
6-63
Server Hardware .......................................................................
6-63
Backup ......................................................................................
6-63
Monitoring ................................................................................
6-64
Threats ......................................................................................
6-65
Viruses ......................................................................................
6-67
Exchange Antivirus ............................................................
6-71
The Window of Opportunity for a Virus.............................
6-73
Attachment Blocking ..........................................................
6-74
Spam .............................................................................................
6-77
xi Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
The Problem .............................................................................
6-77
The Cost....................................................................................
6-78
How Do Spammers Find You? .................................................
6-79
There ought to be a law against this! ........................................
6-81
What Can Be Done? .................................................................
6-83
The Intelligent Message Filter ..................................................
6-87
IMF Installation ..................................................................
6-90
Optional IMF Steps ............................................................
6-92
Other Protections ......................................................................
6-94
Connection Filter ................................................................
6-94
Recipient Filtering ..............................................................
6-96
Sender Filters ............................................................................
6-97
Outlook Spam Protection .........................................................
6-98
Third-Party Solutions .............................................................
6-101
Troubleshooting ..........................................................................
6-102
Troubleshooting Internet E-mail ............................................
6-102
Fact Finding ......................................................................
6-103
Sending Issues ........................................................................
6-106
Sending Directly to Recipient ..........................................
6-107
Sending via Smart Host ....................................................
6-107
Sending Either Way ..........................................................
6-108
Reception Issues .....................................................................
6-108
Internet Message Headers.......................................................
6-111
What They Are..................................................................
6-111
How to View Them ...........................................................
6-111
How to Read an Internet Header .....................................
6-112
Unspoofing a Virus .....................................................................
6-114
WHOIS results for 67.125.69.46 ............................................
6-114
The Real CSI-NY ........................................................................
6-116
Other Troubleshooting Tools .....................................................
6-117
Diagnostic Logging ................................................................
6-117
Virtual Server Logging ...........................................................
6-117
Message Tracking ...................................................................
6-118
Repairing a Database ..............................................................
6-119
The Exchange Survival Guide ...................................................
6-122
Exchange Issues......................................................................
6-122
xii Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Outlook Issues ........................................................................
6-130
Legal Issues .................................................................................
6-133
E-mail Lifecycle .....................................................................
6-133
Set Company Policy ...............................................................
6-134
Monitoring ..............................................................................
6-136
Privacy ....................................................................................
6-136
Disclaimer ...............................................................................
6-137
Summary .....................................................................................
6-137
Exchange sites: .......................................................................
6-138
SBS sites: ................................................................................
6-139
Other sites: ..............................................................................
6-139
Chapter 7
Windows Sharepoint Services: Advanced Topics ....7-1
by Jonathan Hassell
Using WSS with Microsoft Access 2003 ........................................
7-1
Exporting Data ............................................................................
7-3
Importing Data ............................................................................
7-4
Linking Data ...............................................................................
7-6
Views within WSS...........................................................................
7-8
Advanced View Creation ..........................................................
7-11
Customizing Themes in WSS.......................................................
7-13
Basic Customization .................................................................
7-14
Changing Colors .................................................................
7-15
Changing Graphics .............................................................
7-16
Changing Text .....................................................................
7-16
Advanced Customization: Using Cascading Style Sheets........
7-17
Backup and Restore Options for WSS........................................
7-19
Using stsadm.exe for WSS Backup and Restoration ................
7-21
Using the WSS Migration Tool for Backup .............................
7-23
Using the SQL Server 2000 Tools for Backup .........................
7-23
Helpful WSS Customizations ......................................................
7-24
Contract and Service Management ...........................................
7-25
Action Points ......................................................................
7-25
Human Resources Management ...............................................
7-27
Action Points ......................................................................
7-28
Sales and Marketing Portals .....................................................
7-28
xiii Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Action Points ......................................................................
7-29
About WSS Service Pack 1 ..........................................................
7-30
Summary .......................................................................................
7-34
Chapter 8
Remote Web Workplace: Advanced Topics.............8-1
by Wayne Small
Requirements of Remote Workers and Mobile Workers............
8-2
Occasional Remote Workers.......................................................
8-2
Mobile Workers ..........................................................................
8-3
Remote Office Workers ..............................................................
8-3
Business Partners ........................................................................
8-4
Devices Used in the Field ...............................................................
8-5
Notebooks ...................................................................................
8-5
Mobile Devices ...........................................................................
8-5
PDA plus Separate Phone .....................................................
8-6
Smartphone ...........................................................................
8-6
Pocket PC Phone ..................................................................
8-6
Types of Access ................................................................................
8-8
Dialup Modem ............................................................................
8-9
ISDN/DSL ..................................................................................
8-9
GPRS ..........................................................................................
8-9
iBurst Technology.....................................................................
8-10
Wireless Hotspots .....................................................................
8-10
Customer’s Local Area Network ..............................................
8-11
Security, Security, Security ..........................................................
8-12
Remote Web Workplace 101 ........................................................
8-13
RWW—Remote Desktop—How it really works…..................
8-13
Troubleshooting the RWW.......................................................
8-25
RWW for all? Maybe not! ........................................................
8-27
Customizing RWW...................................................................
8-30
Frequently Asked Questions about RWW................................
8-31
What is Remote.dll? ...........................................................
8-31
Disabling Specific Users from Using RWW ......................
8-32
Stopping Certain PCs from Appearing in the
RWW Interface .............................................................
8-32
xiv Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Changing the Port for RWW to Something Other
than 4125 ......................................................................
8-32
Modifying the Public Timeout Values for RWW ...............
8-33
Changing the Company Name in the RWW Display Screen ...
8-33
Adding CompanyWeb to RWW on SBS 2003 Premium ....
8-34
RWW Registry Guide ...............................................................
8-36
True Story… .............................................................................
8-39
Summary .......................................................................................
8-40
Chapter 9
Using Microsoft SQL Server 2000 with Small Business
Server 2003 ..................................................................9-1
by Alan Shrater
Why Do We Need to Organize Our Data? ..................................
9-1
What this Chapter is (and isn’t) About .......................................
9-2
My Path to Pairing SBS with MSSQL .......................................
9-3
Why Use a Database? .....................................................................
9-4
Excel ...........................................................................................
9-5
Flat File Structure .................................................................
9-5
Database Integrity .................................................................
9-6
MSDE 2000 ................................................................................
9-7
MSDE 2000 vs
Microsoft SQL Server 2000 .......................
9-8
SQL Server Enterprise Manager .................................................
9-9
SQL Profiler..........................................................................
9-9
Query Analyzer .....................................................................
9-9
SQL Server Books Online ....................................................
9-9
JET and Access .........................................................................
9-10
Using Access with MSSQL as the Back End ..............................
9-10
Reliability .................................................................................
9-11
Inherit reduction in network traffic ..........................................
9-11
Availability of triggers ..............................................................
9-11
MSSQL Security from a Mile High.............................................
9-12
Using the Data in a MSSQL Database ........................................
9-21
Excel .........................................................................................
9-21
Access .......................................................................................
9-25
Moving from MS Access to MSSQL ...........................................
9-33
xv Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Reasons to Upsize.....................................................................
9-33
Scalability ...........................................................................
9-33
Data integrity ......................................................................
9-34
Performance ........................................................................
9-34
Security ...............................................................................
9-34
Upsize Me: Using the Access Upsizing Wizard .......................
9-35
Summary .......................................................................................
9-46
Chapter 10
Fax Server: Advanced Topics .................................10-1
by Kevin D
Royalty
The Appropriate Hardware .........................................................
10-1
Bad Choices ..............................................................................
10-1
Best Bets ...................................................................................
10-2
Single-line Fax/Modems ....................................................
10-2
Multiple-line Fax/Modems .................................................
10-3
Fax Routing Destinations .............................................................
10-5
Print ..........................................................................................
10-6
Route Through E-mail ..............................................................
10-6
Route to a Folder ......................................................................
10-7
Route to a Document Library/WSS ..........................................
10-7
Multifax Scenarios ........................................................................
10-7
Multifax Scenario 1 ..................................................................
10-8
Multifax Scenario 2 ................................................................
10-12
Multifax Scenario 3 ................................................................
10-14
Multifax Scenario 4 ................................................................
10-17
Example of High-Volume Fax Server Usage with SBS ...........
10-20
Possible Issues with SBS Fax Services ......................................
10-20
Sending faxes from a program................................................
10-21
Problems Adding SBS Shared Fax later .................................
10-21
Errors when faxing to the SBS Shared Fax service ................
10-21
SBS Shared Fax Dialing Conflicts .........................................
10-21
Shared Fax Server Gets a Busy Signal ...................................
10-23
SBS Print as Fax doesn’t support dialing rules ......................
10-23
Summary .....................................................................................
10-24
xvi Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
SECTION THREE: SBS 2003 Security
Chapter 11
Advanced Security: Part 1: General .....................
11-1
by Susan Bradley
Before We Begin Our Journey….................................................
11-1
Our Roadmap............................................................................
11-2
The Times, They Are A-Changin’ ............................................
11-2
It’s a Compromise.....................................................................
11-3
Risk Analysis in a Small Business World ...................................
11-4
Industry Pressures .....................................................................
11-9
Security Documentation .........................................................
11-11
Policy First, Technology Second ............................................
11-12
123 Protect Your Network—The Basics Start Here ................
11-13
Firewall ...................................................................................
11-14
Antivirus .................................................................................
11-15
Last But Not least—Patch Management ................................
11-16
But What If There Is No Patch? .............................................
11-21
Additional Patches Unique to the Small Business Server 2003
Platform ............................................................................
11-21
Back up, back up, back up ......................................................
11-21
Realistic Security for a Small Firm ...........................................
11-22
Passwords—The First Line of Defense ..................................
11-23
Next, Look at the Network from an Overall Standpoint ........
11-24
Changing the Administrator Account .....................................
11-24
LAN Manager and NTLM......................................................
11-25
Method 1: Implement the NoLMHash Policy by
Using Group Policy16.....................................................
11-28
Method 2: Implement the NoLMHash by Merely
Using Long Passphrases .............................................
11-28
Biometric and Smart Cards ....................................................
11-29
Guidance for Additional “Hardening” Techniques .................
11-29
Identify Procedures for the Openings in the Wall ..................
11-31
Securing Our Servers .................................................................
11-35
Steps for Securing SMTP .......................................................
11-35
Terminal Server ......................................................................
11-42
xvii Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
File Transfer Protocol .............................................................
11-43
Outlook Web Access, Outlook over HTTP, and Any Other
Application that Transfers over the Nonsecure Browser ..
11-44
Web Site and Remote Web Workplace ...................................
11-44
Sharepoint, the New Kid on the Block ...................................
11-46
POP Protocol ..........................................................................
11-47
Time Service ...........................................................................
11-47
IMAP ......................................................................................
11-47
IPSec Stuff ..............................................................................
11-47
L2TP .................................................................................
11-47
IPSec .................................................................................
11-48
SQL Server .............................................................................
11-48
Staying Informed ....................................................................
11-48
In Conclusion..........................................................................
11-49
The Rest of the Network–
Where the Real Security Threats Are .................................
11-49
User Mode ..............................................................................
11-49
Managing Non-Security Compliant Software
Applications in a Secure Way .....................................
11-52
Get Your ACLs in a Row ........................................................
11-76
Physical Access ......................................................................
11-77
Sharepoint Rights ...................................................................
11-78
Securing the Sharepoint Content ............................................
11-78
XP Service Pack 2 ..................................................................
11-84
Visit the Microsoft Web site for the latest information
.........
11-87
Internet Explorer .....................................................................
11-87
Malware, Malware Everywhere .............................................
11-89
If Patching Isn’t Available, What Then?.................................
11-92
Content Filtering .....................................................................
11-93
Patching the Third-Party Programs ........................................
11-93
Where You Least Expect It .....................................................
11-93
Protect Data Transfers ............................................................
11-94
But What About Those Security Templates? ..........................
11-95
Just Because They Are Part of Your Network
Doesn’t Mean You Should Trust Them ............................
11-95
Remote Access to the Network...............................................
11-96
xviii Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Wireless ..................................................................................
11-97
Let’s Review What We Have Set Up, Shall We?....................
11-98
Casing the Joint ....................................................................
11-101
Understand What You Are Doing Your Testing On and Test from
the Right Place ................................................................
11-101
Yes, Virginia, This Is Why We Audit ....................................
11-102
IIS/ISA Logs .........................................................................
11-103
NetStat—More Powerful Than You Realize ........................
11-105
Don’t Forget the Basics ........................................................
11-105
Let’s Not Get Stupid .............................................................
11-106
Reviewing the SANS Top 20 ....................................................
11-106
Penetration Testing ...............................................................
11-109
Take One Last Look Around ................................................
11-111
When You Shouldn’t Be Touching That System ..................
11-112
We’re All on the Same Highway ..........................................
11-113
SD Cubed Plus C ..................................................................
11-113
Small Business Server Specific ......................................
11-114
Security ...........................................................................
11-115
Web Blogs/RSS Feeds of Interest ...................................
11-116
Security ...........................................................................
11-116
Other Content .................................................................
11-117
Just for Fun (okay, it’s what I consider fun) ...................
11-118
Summary ...................................................................................
11-118
Chapter 12
Advanced SBS 2003 Security:
Part 2: ISA Server 2004 ..........................................12-1
by Beatrice Mulzer with Dr
Thomas Shinder
Introduction ..................................................................................
12-1
Attention: This is Not a Commercial ........................................
12-2
Why Should I Install ISA Server 2004 on SBS 2003? .............
12-3
When Should I Install ISA Server 2004 on SBS 2003? ...........
12-6
Single NIC or Dual NIC? ...................................................
12-7
Using Common Sense to Enhance Security..............................
12-10
What’s New in ISA Server 2004? ..............................................
12-10
Application-Layer Filtering (ALF).........................................
12-11
xix Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Packet Filtering .................................................................
12-12
Circuit Layer Filtering ......................................................
12-12
Application Layer Filtering ..............................................
12-13
Smart Application Filtering ..............................................
12-13
Links Translator ......................................................................
12-13
Secure RPC over HTTP..........................................................
12-13
Firewall User Groups .............................................................
12-14
FTP Policy ..............................................................................
12-14
Meet the New Interface ..........................................................
12-14
ISA Client Protection..................................................................
12-22
Firewall Client ..................................................................
12-23
SecureNAT Client .............................................................
12-24
Web Proxy Client ..............................................................
12-24
Configuring the Browser ........................................................
12-25
Automatic Browser Configuration ...................................
12-25
Manual Browser Configuration ........................................
12-26
Blocking Unwanted Applications ...........................................
12-26
Network Rules and Access Policy ..............................................
12-28
Network Rules ........................................................................
12-29
Network Sets ....................................................................
12-29
Network Rules ..................................................................
12-30
Network Relationships .....................................................
12-31
Access Rules ...........................................................................
12-33
Protocols ...........................................................................
12-33
User Sets ...........................................................................
12-35
Content Types ...................................................................
12-35
Schedules ..........................................................................
12-37
Network Objects ...............................................................
12-38
Finally the Fun Part… ......................................................
12-39
Automating the Tedious Task ...........................................
12-41
Redirecting from a Denied Site ........................................
12-50
Application Filters ......................................................................
12-51
FTP Access Filter ....................................................................
12-51
H.323 Filter .............................................................................
12-52
Intrusion Detection Filters ......................................................
12-54
DNS Intrusion Detection Filter ........................................
12-54
xx Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
POP3 Application Filter ...................................................
12-55
RPC Filter ...............................................................................
12-56
SMTP Filter and Message Screener .......................................
12-57
Blocked Email Logging ....................................................
12-59
SMTP Message Screener ..................................................
12-59
SOCKS Filter..........................................................................
12-63
Streaming Media Application Filters ......................................
12-65
Web Proxy Filter .....................................................................
12-65
HTTP Filtering............................................................................
12-67
HTTP Security Filter Overview..............................................
12-67
Default settings in the General tabDefault Settings .........
12-68
System Policy and Remote Access .........................................
12-74
A Word about Multi-Networking............................................
12-76
Monitoring, Logging and Reporting .........................................
12-76
Monitoring ..............................................................................
12-77
ISA Performance Monitor ................................................
12-78
Logging...................................................................................
12-80
Reports ....................................................................................
12-84
Selecting content for Report JobsAlerts ...........................
12-86
VPN Improvements in ISA Server 2004 ...................................
12-88
Hardware Configuration ...........................................................
12-89
Improving Performance and Bottlenecks ...............................
12-90
Summary .....................................................................................
12-91
SECTION FOUR: SBS Advanced Topics
Chapter 13
System Monitoring ...................................................13-1
by Lawrence A
Rodis
Why Monitor? ...............................................................................
13-1
Standard Tools Included with SBS 2003 .....................................
13-3
Server Status Report .................................................................
13-3
Health Monitor .........................................................................
13-5
Data Groups and Collectors................................................
13-5
Action Creation ..................................................................
13-6
What to Monitor? .......................................................................
13-13
SBS Core Monitoring .............................................................
13-13
xxi Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Exchange Server 2003 ............................................................
13-19
ISA Server 2000 .....................................................................
13-20
SQL Server 2000 ....................................................................
13-22
Third-Party Applications ........................................................
13-22
Other Systems .........................................................................
13-22
Performance Monitoring ...........................................................
13-23
What to Monitor .....................................................................
13-24
How to Review the Data.........................................................
13-28
Hardware and Software Inventory Monitoring.......................
13-29
Microsoft Baseline Security Analyzer ....................................
13-29
HFNetChkPro .........................................................................
13-31
LogInventory ..........................................................................
13-33
Network Security Scanner ......................................................
13-36
Patch Management .....................................................................
13-37
Software Update Service ........................................................
13-38
HFNetChkPro .........................................................................
13-38
A Day in the Life .........................................................................
13-41
Single Networks or a Small Collection of Sites .....................
13-41
Monitoring Multiple Networks...............................................
13-42
Summary .....................................................................................
13-47
Chapter 14
SBS Disaster Recovery .............................................14-1
by Jeff Middleton
Introduction ..................................................................................
14-1
SBS Anatomy Course: Disaster Recovery Clues .......................
14-1
Our SBS Anatomy Course Begins with Boot Startup ..............
14-3
The Normal Boot Process: Muscles and Coordination ............
14-4
Windows Self-Repair and Recovery Options—
The Immune System ...........................................................
14-7
Services and Drivers: Cardiac and Pulmonary System ..........
14-10
Repairing Services Configuration Manually ....................
14-17
Repairing Driver Configurations Manually............................
14-23
Extract the Driver Files from the Windows
Server 2003 Installation CD-ROM .............................
14-25
Replace the Driver Files by Using the COPY Command.
14-25
File System: Skeleton .............................................................
14-27
xxii Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Caveat: Ignore security issues to focus only
upon folder locations ..................................................
14-28
Viewing the Registry as Files ...........................................
14-29
Viewing the SBS System and Application Files...............
14-29
The Registry: Spinal Cord of Windows and SBS ...................
14-37
Registry Primer .................................................................
14-37
The Registry: Hives, Files, and Dynamic Content ...........
14-38
The Registry: A Vocabulary Review ................................
14-42
The Registry: Hives Are Non-Volatile Permanent Files ...
14-47
Registry Recovery Tips: Repair Folder, .ALT File,
and SAV Files .............................................................
14-51
Integrated DNS and Active Directory: The Left Lobe ............
14-51
Overview of Active Directory Functionality ..........................
14-52
The Concept of a Windows Domain Preceded
Active Directory .........................................................
14-53
Unique Identity, Unique Domains ....................................
14-54
Lost Identity and Reconstruction......................................
14-55
Domain Authority and Security with Shared
Central Organization...................................................
14-56
Recovery by Restore or Replication .......................................
14-58
Active Directory and DNS .....................................................
14-59
Accounts, Policies, Rights, and Security ..........................
14-60
Be a Groupie! ...................................................................
14-60
The Exchange: The Right Lobe .................................................
14-61
Why Is Exchange the Right Lobe? .........................................
14-61
Bumping into Exchange Everywhere .....................................
14-62
Is It a Server, Organization, Information Store, or
Group of Services? ...........................................................
14-63
Inroads to Exchange ...............................................................
14-67
Why invest in Exchange Skills? .............................................
14-71
You learn from the worst experiences ..............................
14-72
Heading Towards Fully Functional ..................................
14-73
The Exchange First Aid Kit ....................................................
14-74
System State and Full Recovery Backup:
The Critical Organs ..............................................................
14-75
Directory Services Recovery Mode (DSRM).........................
14-79
xxiii Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Bare Metal Restore and the ASR Disk ...................................
14-80
Complications with Bare Metal Restore.................................
14-82
Applications: The Skilled Appendages ..................................
14-84
Tools and Skill Requirements ....................................................
14-85
What Is a Qualified Technician Prepared to Do? ...................
14-85
Disaster Resolution—Your Action Plan .................................
14-88
Disaster Resolution—Your Toolkit ........................................
14-89
10 Baseline Tools for the Technician................................
14-89
6 Strategic Backup Considerations for
the Company Server ...................................................
14-92
Five Concepts for Complete Platform Shift or Recovery.......
14-98
Shifting SBS Intact to different Server ...........................
14-104
Summary: Thoughts on Disaster Recovery............................
14-110
Chapter 15
Migration ...................................................................15-1
by Jeff Middleton................................................................
15-1
Part 1: Why Choose a Swing Migration? Migrating
Windows/SBS 2000 Domain (or later) to SBS 2003 .............
15-1
Introduction: Migration as a Lifecycle Philosophy ..................
15-1
The Ideal Migration Process ........................................................
15-6
What Makes a Clean SBS Domain and Server
Migration Process? .............................................................
15-6
An Expert’s Level Overview of the Migration Logic ..............
15-7
What is migrated or documented for transition? ....................
15-11
What is not migrated? .............................................................
15-11
How often is SBS product restriction the problem here? .......
15-12
Q&A from the Gurus with Even More Ideas..........................
15-13
Comparing Various Alternatives for SBS 2003 Upgrades ......
15-20
Comparing Swing Method versus the ADMT Method ..........
15-25
Choosing a Method and Migration Authority:
Microsoft or Jeff? .............................................................
15-26
Detailed Overview: The Swing Migration
Plan Technical Logic.............................................................
15-28
Traditional SBS Upgrade: Shut Down for a Weekend ...........
15-28
Swing Upgrade: AD Snapshot…Offline Build…
Server Swap Deploy .........................................................
15-29
xxiv Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Swing Out: Shifting Active Directory Off the SBS
and Across Domain Controllers........................................
15-30
Swing Back: Making room for the SBS to Return in AD ......
15-31
Managing the Transition Timeline..........................................
15-31
Restocking Exchange—Issues for
Completing the Final Configuration .................................
15-32
Detailed Overview: Handling Unique Migration Tasks ..........
15-34
Performing Familiar Windows Setup Tasks ...........................
15-34
Integrated DNS and Active Directory Editing Tasks..............
15-35
Exchange Information Store Migration Tasks ........................
15-36
Detailed Overview: Migration Logic
Handles Most Critical Objects .........................................
15-40
Active Directory, Group Policies, and
AD Integrated Objects ......................................................
15-41
Exchange Server Object Migration ........................................
15-42
Migrating WINS and DNS Service Configurations ...............
15-43
Migrating the DHCP Server ...................................................
15-43
Website Migration ..................................................................
15-43
Server-Based Shared Printers .................................................
15-43
Server-Based Folder Shares....................................................
15-44
Server-Based NTFS File Tree Permissions, Data Files1 ..........
5-45
SBS Shared Fax Data and Transaction Log History ..............
15-46
Workstation-Related Issues with Profiles
and Offline Folders ...........................................................
15-47
All Other Services and Applications Not Listed ....................
15-48
Part 2: How to Perform a
Swing Migration ...................................................................
15-49
Defining Our Migrations Steps Into Five Phases.....................
15-50
Distinguishing Between the Server
Name References Used.....................................................
15-52
Summary Timeline Considerations ........................................
15-52
Pre-Upgrade Disaster Recovery Precautions..........................
15-54
Key SBS Product Features Dropped or Set as
Defaults by SBS 2003 ............................................................
15-56
Earlier Version SBS Server Application and
Features not Supported in SBS 2003 ................................
15-56
xxv Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Microsoft Connector for POP3 Mailboxes
no longer supports Authenticated POP
or CRAM-MD5 encryption ........................................
15-57
Setup Checklist: Compliance and Blocks to an
Upgrade to SBS 2003 ............................................................
15-57
Blocks: Microsoft Enforced Blocks to Upgrade
an Existing Active Directory Domain: .......................
15-57
Enforced Settings: Specific Configuration
Conditions SBS Server Setup Enforces or Defaults ...
15-58
Expected Conditions: Swing Method Upgrade
“Blocks” and Recommended Conditions ...................
15-59
Recommended General Practices: Keep This Migration
Method Simple and Compliant ...................................
15-62
Exchange Concerns: Technical Concerns with
the Exchange Organization and Information Store ....
15-63
Phase 1: Domain and Migration Notes Preparation ...............
15-65
Preparing the Existing SBS Domain and
Server Configuration ............................................................
15-66
Begin Configuration Updates ...........................................
15-67
Prepare Your Migration Notes and Automated
Migration Tools .....................................................................
15-72
What do we not need to prepare because it’s
done automatically? ..........................................................
15-72
What Exchange data references might we
need to prepare? ..........................................................
15-73
Table of References: Phase 2 and Phase 3—
Migration of AD .........................................................
15-74
Table of References: Phase 4—
Resuming Setup for SBS 2003 ...................................
15-75
Table of References: Phase 5—
Post-Setup Configuration Finalization Phase .............
15-76
Table of References: To-Do List—
Internet Configuration Wizard Details .......................
15-77
Phase 2: Transfer AD from Existing
SBS to MigrationDC.............................................................
15-78
Step A
Install a clean baseline of Server 2003
only (SBS 2003 Media) ....................................................
15-79
xxvi Harry Brelsford ☛
- SMB Consulting Best Practices Advanced Small Business Server 2003 Best Practices
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Step B
DCpromo to establish the server as a new
DC in the existing Domain ...............................................
15-86
Step C
Root Domain Management Transfer/Seizure ............
15-91
Additional Tools Required: ..............................................
15-91
Section C: Additional References:....................................
15-94
Step D
Perform Required Active Directory Cleanup ............
15-95
Removing the Exchange Organization .............................
15-95
Alternate Method for Removing Exchange from AD ......
15-97
Additional Detail Information ..........................................
15-97
Section D: Additional Resources ......................................
15-98
Step E
Remove Domain Controller entries:
AD, DNS, WINS, DHCP..................................................
15-99
Remove Trusted domains from (Non-SBS) deleted
Domain Controllers ........................................................
15-107
Phase 3: Transfer AD from MigrateDC to SBSnameDC ......
15-109
(Repeat of Phase 2 Transfer Sequence) ................................
15-109
Phase 3 Perform Steps A—E (omitting D)
on “SBSnameDC” ..........................................................
15-110
Phase 4: Resume SBS-Integrated Setup Offline ....................
15-110
Step F
Complete the Automated Setup for
New SBS server ..............................................................
15-111
Before You Resume SBS 2003 Setup .............................
15-111
Resume SBS 2003 Install as Normal on Your
Final Server ..............................................................
15-112
Step G
Complete the Post-Setup Configuration
for New SBS Server .......................................................
15-113
Third-Party Applications and
Advanced Configuration ..........................................
15-114
Step H
Re-create Shared Folders and Printers
from SBS Server .............................................................
15-114
Import the Shared Folders Definitions ...........................
15-114
Re-create the Shared Printer Definitions ........................
15-116
Phase 5: Finalizing the Migration for
Exchange, Data, and Shared Network Resources............
15-116
Step I
Final Exchange Server Configuration Issues ............
15-117
Option 1: Forklift Move (aka: Transfer Offline
Backup of previous Server) ............................................
15-118
xxvii Chapter 1 ☛
- So You Want to Be an SMB Consultant?!?! Advanced Small Business Server 2003 Best Practices
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Simplify as Much as Possible in Preparation .................
15-118
LegacyDN Used Here, If Needed ...................................
15-120
Mounting the Information Store .....................................
15-120
Reconnect the Users to Their Mailboxes........................
15-121
Inspect the Mail-Enabled Public Store Folders ..............
15-121
Option 2: Exmerge (Export/Import all
mailboxes as .PST files) .................................................
15-122
Exporting Mailboxes from the Source Server ................
15-122
Importing Mailboxes back to the Target Server .............
15-124
Step J
Additional Final Server Configuration Issues ...........
15-125
Migrating Data Files .......................................................
15-125
Migrating Custom Web Site Content ..............................
15-125
Migrating Shared Fax Databases ....................................
15-125
Is the Final Server Configuration Completed? ...............
15-126
Summary ...................................................................................
15-126
Appendix A: Resources .................................................A-1
Appendix B: Footnotes ..................................................A-9
|
