TechSoEasy

Without as much as a single press release, Intel launched a new web site last week which, according to the site was developed... 

"to provide you with valuable resources on computers and the amazing things you can do with them."

They go on to tell visitors that you'll only find Intel-based computers here, and if you don't like that, go somewhere else!

"Throughout the site, you'll find informative articles, news, and more. When you arrive in the "Shop" section, you'll only find Intel® processor-based computers. If you're interested in computers without Intel inside, we recommend you use a search engine like Google or Yahoo! to provide you with alternative online shopping options"

One has to wonder if this is a response to Dell starting to use AMD processors in some of their offerings.  But so far, it looks as though it's a bit of an understatement.  I do realize that its a beta site, but my first attempt to use the "PC Matchmaker" which guided me to a notebook for less than $1,000.00, displayed a Lenovo R61 .  But when I clicked the "Buy Now" link I was greated with this:

Of course they have a disclaimer that the information is "provided by a third-party compiler" (C-Net), but since the first one didn't work I clicked the arrow to go to the second choice, also a Lenovo, which gave the same error page.  So I clicked to the third one, an HP Compaq Business Notebook 6710b, which surprisingly gave me the same Lenovo error page.  Oops.

Now I'm all for having a nice, simple place that just focuses on the PC and nothing else.  I have some confidence that they will fix the bugs, and since Intel is behind the site, they have little incentive to clutter it up with other peripherals, gadgets or other items unless the affiliate fees are too enticing for them, in which case, PC.com will just be another version of C-Net with a Red Plastic Skin.  Lets hope they are smarter than that.

Check it out at http://www.pc.com

Today on Experts-Exchange.com someone posted the question:  How to configure your own Secure Certificate for Small Business Server 2003?

He was offered a very straighforward and correct answer by NeilParbrook who told him to first make sure he had a HOST (A) record configured in the domain's public DNS zone, and then just run the CEICW which will configure the certificate.

The person who asked the question responded that he believed it was much more complex than just running the CEICW, and then linked a few articles which supported his belief.  I took a look at the first one, and was immediately aware of why this guy was so confused.  Here's what he saw at www.msexchange.org:

Anyone who's ever set up an SBS knows that you don't even need to install the CA for a self-signed certificate.  It's created by the Configure Email and Internet Connection Wizard (CEICW) and is also installed in IIS on the sites that need it.  The official overview of what the CEICW does and how you use it can be found at http://sbsurl.com/msicw and a visual how-to is at http://sbsurl.com/ceicw.

If you wanted to install a 3rd Party certificate instead, you would install the CA, but the process is still different on SBS.  Instructions for that can be found at http://sbsurl.com/ssl 

For anyone who hasn't ever deployed an SBS be sure to check out http://sbsurl.com/testdrive to experience it first-hand.

Migrating from old server running Microsoft SBS 2003 SP1 to new hardware running SBS 2003 R2

Question: Will I run into problems migrating an old server running Small Business Server 2003 SP1 to a brand new server running Small Business Server 2003 R2 SP2?

My client doesn't want to upgrade the old server (software or hardware) because "it has problems" (but they won't tell me what).

I plan on following this guide:  http://technet2.microsoft.com/WindowsServerSolutions/SBS/en/library/a340742f-042e-48da-b865-5244bee1000f1033.mspx?mfr=true

My big concern is that the new server runs R2. Will I run into problem with that? Do I need to update the AD Schema for R2?

Thanks for anything you can add to help.

Comment from TechSoEasy:

That guide was just published this week and it seems like a good method.

There's no problem going from SBS 2003 SP1 to SBS 2003 R2 because the R2 components are installed AFTERWARDS. The new server won't be running SBS at all when you start the process described in that guide. If it is OEM, you need to reformat the disk and reinstall per the steps described.

Jeff

Comment from MPECSInc:

Try looking into another method that works really well and is tried, tested and true: www.sbsmigration.com.

A Swing Migration works really well, is quite simple to do as long as you follow the steps, and involves very little down time ... especially when migrating to new server hardware.

Reading over the document you mention ... as we too are evaluating the procedure ... we are not putting too much effort into it because Swing Migrations are a lot simpler to accomplish than the steps required by the MS Migration Paper.

Make sure you have a good backup before running either procedure.

Philip

Comment from the Author - joshsfinn:

TechSoEasy -

Please elaborate more for me. The client bought a new server and is installing from a CD that is SBS 2003 R2 (as far as I know) up to the point of joining it to the domain. That's where I'm supposed to take over.

From the guide I linked in my question, step 2 says:

_____________

Step 2. Install Windows Small Business Server 2003 and join the domain

In this step, you install Windows SBS 2003 and join the domain by completing the following tasks:

* Start Windows SBS 2003 Setup on the destination server.

* Join the destination server to the domain.

* blah blah blah

_____________

I don't follow you when you say "The new server won't be running SBS at all when you start the process described in that guide."

To me it seems like if I'm installing the OS from a SBS 2003 R2 CD, I'm going to end up with SBS 2003 R2 on the new server before the migration has even really begun.

Thanks - sorry if I'm missing something obvious. :)

Comment from the Author - joshsfinn:

MPECSInc - thanks for your reply also. A Swing migration isn't out of the question, it just seems like I can do this process fairly easily without it.

We'll be able to make a better decision after we get our facts straight.

Thanks!

Comment from MPECSInc:

Josh,

After working through the logistics of the MS document, a Swing is WAY easier. There is a huge reduction in the number of steps, and the amount of down time relative to the MS document's method.

Philip

Accepted Solution from TechSoEasy:

"The client bought a new server and is installing from a CD that is SBS 2003 R2 (as far as I know) up to the point of joining it to the domain. That's where I'm supposed to take over."

I guess you've never installed SBS before?

I would first recommend that you do NOT split up the tasks like this. The migration process is one that needs very careful planning and a full understanding of what you're migrating. If you don't do Step 1 yourself you will definitely make mistakes with the remainder of the process. You should understand that you MUST complete the migration process in seven days or you will have a MAJOR problem because at that point the "can't have two SBS Servers on the same network" restriction kicks in.

"To me it seems like if I'm installing the OS from a SBS 2003 R2 CD, I'm going to end up with SBS 2003 R2 on the new server before the migration has even really begun."

SBS 2003 R2 comes on a set of 5 CD's. The first one contains primarily Windows Server 2003 which is NON-R2 and will remain as NON-R2 even after you've installed SBS's R2 bits. I know this is a bit confusing and it's really too bad Microsoft used the "R2" designation on SBS 2003 because it makes folks think that the Windows Server 2003 included in the SBS bundle will be running R2 as well... but it doesn't.

SBS's R2 version is primarily the addition of new features (WSUS) and a change in the licensing structure to allow for additional SQL and Exchange servers in the domain without needing separate CALs. The R2 Components are on a separate CD which is installed AFTER you get EVERYTHING in that guide completed.

My second recommendation to you is that if you've never installed SBS before you need to do it yourself first before doing this for a client. It's not at all the same as standard Windows Server 2003 (see my profile for an explanation of this http://e-e.com/M_3383094.html) and it generally takes a few times to fully understand how to get it right. See http://sbsurl.com/3x for more info on that.

I disagree with Philip about which method is better. Even though I haven't yet tried out this method (since it was just published a few days ago), my first impression is that it's quite similar. I don't see the steps or downtime being vastly different, nor do I think that Swing is "WAY" easier. The major difference is that with a Swing Migration, you don't have the 7-day limit and you have a fully functioning server to go back to in case something goes wrong. If something goes wrong with this method, even if you imaged your original server, you wouldn't have a current backup to revert to. So that is something to be aware of. But as long as you continue to back everything up as the article describes you should be okay.

I would state that there are other methods for migrating new hardware which I've outlined here http://e-e.com/Q_21987041.html. One of which is using Acronis True Image, which is my preferred method of hardware migration. It works great and can be done in a few hours.

Jeff

From the Official SBS Team Blog

As opposed to following the published Microsoft Migration method (http://sbsurl.com/migrate), this is a procedure allows you to keep the same domain name but you do need to use a different servername.

A few months ago, I posed the following question on Experts-Exchange:

Title: The Great SBS Wizard Challenge

 

I've now been posting here on EE for about three years.  Most of that time spent in the Small Business Server Zone (ne Topic Area).  There have been a number of recurring themes in the few thousand questions I've participated in during that time, but none that causes more controversy than whether the SBS Wizards should be used, or if you can configure an SBS without them.

Since I've always taken the stand that in order to properly configure an SBS you must use all the wizards.  I guess this has often been interpreted as "you cannot properly configure an SBS unless you use all the wizards".  But since the wizards are really just advanced scripting tools, you could obviously make all of the same settings or even different ones manually.

So, the question I now pose to all who care to respond is:  Why?

Why would you want to manually make these settings when there is a tool that will do it for you in a fraction of the time?  On this point, I believe there is no debate on whether or not working with the wizards will take less time if one were to make ALL of the same settings manually.  The issues seem to be that either the wizards do things that you don't want them to do, or that you have special circumstances which seem to conflict with the way the wizards configure things.  So, to clarify the question, I will ask, "What situations have you found that they prevent you from implementing a customized solution?"  or "What situations have you found that the wizards do something you don't want them to do and your only option is to not run them (ie, the wizard makes 10 settings and you like 7 of them but don't like 3)?

Your answer should have a concrete example of a situation as well as an explanation of how the wizard causes the problem.

Of course if you disagree with my time premise, (that making the exact same settings manually would take longer), I'd be interested in hearing about that as well.

I would have posted this in the Experts Lounge area, but since it's focused on SBS only and many of you don't even go to the Experts Lounge, it makes more sense here.

Thanks in advance for your comments.

Jeff
TechSoEasy

The crux of the question was this: 

"What situations have you found that they prevent you from implementing a customized 
 solution?" or "What situations have you found that the wizards do something you don't 
 want them to do and your only option is to not run them (ie, the wizard makes 10
 settings and you like 7 of them but don't like 3)?

Since nobody actually answered the question I decided to give feedback to a few notable comments:

"the last month and a half have read all over this site that terrible things
are going to happen at some point in the future because i didn't use the
wizards. So far nothing has happened to my own server or any of the half dozen
or so that i have worked on."

          I think you're looking at this from the wrong end of the equation.  I don't
          think anyone said that terrible things are going to happen if you don't use the
          wizards.  The basic question I posed above is that given that it takes a
          significant amount of time to manually configure things compared to the wizards,
          why would you do something that takes so much longer?  And while I don't want to
          suggest that you are guilty of this, I am aware of a number of consultants who
          charge by the hour -- so if they are doing things manually, they are ultimately
          being unethical towards their clients.

          But it's actually more than just how much is being billed out to a client.
          Consider that there are some features of SBS which you may not be aware of which
          could save your clients significant amounts of time and money if they took
          advantage of these benefits which are part of SBS natively.  Most of the
          features are installed and configured automatically when the wizards are used...
          but when the wizards aren't used, the features go unused.  The priorities of
          what features are imporatant are different for every client, but if they aren't
          even aware of what some of them are, such as centralized fax, Exchange deleted
          item recovery, Volume Shadow Snapshot file recovery, Intelligent Message Filter
          for reducing SPAM, Document libraries that are easier to manage, automatic
          backup of My Documents folders, remote access to their office desktops, full
          synchronization with their windows mobile smartphone or PDA, daily, easy to
          understand monitoring reports to let them know the health of their system so
          they don't worry as much... All of these things (among others) are installed and
          configured automatically through just the wizards listed in the To-Do list of
          the Server Management Console.

          You may know what you want done... but you've admitted to not having any
          experience in the Small Business realm... perhaps you should find out what Small
          Business owners want?  (and you can't just ask them... because they don't know
          the answers to the "direct" questions about technology... instead you have to
          keep abreast of the multitude of studies and surveys which interpret the views
          of small business: http://snipr.com/1qrn2  (then ignore at least half of those
          and make up your own predictions... but make sure that whatever you do, you
          aren't using your "enterprise network" mentality because that is never in step
          with what small business owners want).

"I think I spend more time troubleshooting errors from what the wizard did to my
users and computers than I would spend if I didn't run them and did it all
manually. Example: trying to figure out why I can't reset the power management
scheme on all the computers so they don't go to sleep... I still haven't
completely figured that out yet."

          I will cover this a bit more down below... but suffice it to say that if you are
          troubleshooting errors from the wizards, you haven't learned how to properly
          install and configure an SBS.  While I sometimes run into errors when running
          the wizards, they are easily found and corrected.  Usually it's something that I
          just forgot to do, like plug in an ethernet cable, and if I didn't have the
          wizard to remind me, it might have been missed overall and caused a need even
          greater troubleshooting.
          As for the power management on workstations?  It can't be managed by group
          policy on Windows XP... it has nothing to do with SBS at all.  But you can
          download a third party tool called EZ GPO to help you with this: 
               http://www.energystar.gov/index.cfm?c=power_mgt.pr_pm_ez_gpo.  

          Vista does support power management through group policy... and there is also a nice
          Wake-on-LAN plugin for Remote Web Workplace for XP Machines.  You can read about
          both of those things here: 
               http://sbs.seandaniel.com/2007/03/interesting-in-conserving-little-power.html

"Single NIC installations where I have an upstream proxy/firewall cause problems
in themselves.  You need to really bypass CEICW and ignore the nags about not
being complete - not clean IMHO.  I have it running in my lab on a VM and it
works fine, but I continue to get nagged about running this wizard even though
there is no option for my configuration."

          What do you mean there is no option for your configuration???  Single NIC with a
          FIREWALL is absolutely supported and documented.  Even if it's a PROXY (because
          you would set all local traffic to bypass the proxy). You most definitely do not
          have to bypass the CEICW, nor should you. See configuration option number 5 or 6
          at http://sbsurl.com/msicw.  I've deployed MANY SBS networks with this
          configuration... primarily using SonicWall Firewalls

"1.  DHCP...It sets the scope range to be your ENTIRE subnet (i.e.
192.168.1.1-255) then puts in exclusions.  This is quite possibly the worst way
of doing a DHCP scope."

          Why would that be the worst way of doing a DHCP scope?  A default installation
          of SBS would create a scope range of 192.168.16.1-254, then exclude
          192.168.16.1- 10 and when you then run the Remote Access Configuration Wizard,
          it will grab 192.168.16.11 - 19 for RRAS connections.  I will often go back and
          then exclude 192.168.16.200-254 to use for printers and other such devices, but
          perhaps you can explain what a better method would be?

"2.  Firewall GPO...I always have to go back and disable the firewall on all
machines because the Wizard creates this Firewall GPO.  This especially becomes
annoying when installing a server based AV system that pushes out installs over
WMI (which needs the Firewall disabled)."

          If you have to go back and disable the firewall on all machines, then you aren't
          really allowing SBS to manage the network centrally.  I've run many programs
          that use WMI to push out a client program and the only time I've ever seen a
          problem is when I came into a network that the workstations weren't joined using
          the ConnectComputer wizard.  If you are not joining the workstations to the
          domain using http://<servername>/connectcomputer, then the permissions may not
          be getting set correctly to allow access via WMI.  Then, that problem is being
          compensated for by disabling the Windows Firewall which unnecessarily weakens
          the security of the network.

          ** I would note that there is a small issue with the WMI Provider when joining a
          Vista Client to an SBS Domain, but that's been fully covered by this KB article
          & Patch:  http://support.microsoft.com/kb/926505

"I agree with Netman, they need to have a Standard and an Advanced mode for
their wizards, and have it ask you at the beginning of the install which method
you want.  This way people like me could better control the Wizards functions
(I.E. tell it the CORRECT DHCP Scope options)"

          In my opinion, if you are a more advanced user you should understand that
          because there are so many different things running concurrently in SBS, it is
          even more important to make sure that all these parts are carefully synchronized
          so you don't spend hours upon hours troubleshooting some problem that could have
          been avoided if you used the wizard to simultaneously configure all the parts.
          The additional benefit is that if you can be much more confident that making a
          small modification to one part of the network won't create a conflict with
          another.

          Let's say, for instance, that you needed to change the server's local IP address
          so that it doesn't conflict with a new VOIP system (this has happened to me a
          couple of times -- some of those VOIP folks like their IP addresses to be set
          their way and I didn't really want or need to argue with them).  Normally, on a
          stand-alone network that had all that SBS is running you'd have to change
          settings in at least eight different places (including rewriting dozens of ISA
          rules) and then hope you got them all while you watched the event logs for
          errors and ran diags.  With SBS, it's as simple as running the Change Server IP
          Address Wizard which will take care of everything.
          (See:  http://techsoeasy.spaces.live.com/blog/cns!AB2725BC5698FCB8!303.entry for
          details).

          Basically a task that could otherwise take half a day is accomplished in 5
          minutes.

"I would say use the wizards simply because it has then been done 'by the book'
and so is easier for the next person to maintain because it has MS standard
settings rather than your customisation."

          andyalder, who I think stumbled upon this thread by accident, has provided the
          most brilliant answer of all (http:#19618127 -- which leew and red were quick to recognize).  
          This whole notion of "not trusting Microsoft" (leew you are such a flip-flopper on
          this) is really hogwash.  You don't have to trust Microsoft or anyone when you
          use the wizards.  I've already demonstrated that they are wholey
          transparant...you just need to read what's on your screen to see that.  And the
          wizards along with SBS's default configuration was not just "decided upon" by
          some Microsoft project manager.  The process was guided by the input from the
          entire SBS development team, over 50 SBS MVP's, hundreds of beta testers and now
          tens of thousands of successful implementations are proving that it works in
          most every instance.  I know for sure that even though I've installed and
          configured over 100 SBS networks to date, that I certainly believe that I know
          better than all these folks.  I absolutely know enough at this point to question
          the process though... and I do that regularly.  However, since the vast majority
          of my career life has not been spent in IT Consulting, but like most of my
          clients I was running a small business, so my perspective remains from the view
          of the business owner who doesn't spend $10,000 or $15,000 very often and wants
          to make sure that he gets the BEST possible value for the money... not just
          today, but for the life of the asset.

          One small business I was involved with for over 10 years was my family's fine
          dining restaurant in Arizona.  We had a rich history that spanned over 50 years
          with three generations of family involvement.  During my time there, the
          restaurant earned the Mobil Travel Guide Five-Star Award and the AAA
          Five-Diamond Award for many consecutive years.  Usually, when you think of
          Five-Star Restaurants, you think of a charismatic chef who produces masterful
          creations and is perhaps the "star" of the establishment.  But our family had a
          philosophy that if a single person created recipes that only a select few could
          produce, we would just be another one of those popular places that disappears
          after a few months or a couple of years.  Instead, because we had a recipe book
          that was managed by my Aunt in consultation with the chef, Maitre d', and the
          rest of the management team, which could be produced consistently to high
          standards by any number of our kitchen staff, our restaurant maintained the
          position of being the highest rated restaurant in Arizona for almost 40 years.
          Although it is no longer there today (due to urban development), it is still
          thought of as "the best that ever was".

          I tell that story because I think it says a lot about my committment to
          consistency, which most of you feel probably doesn't exist in the IT world. I can
          tell you that the food world is no different... maintaining a level of unfailing
          quality that your customers can count on requires keeping the your efforts well
          rooted in the foundation of what's proven to work so that you can build upon
          success.  Then, when you take a chance or two with something new and different
          (SharePoint Services, or a CRM implementation), your customers will be right
          there with you instead of second guessing every suggestion you make.
          Furthermore, I'd point out that while I don't quite understand the context that
          ChiefIT's comment "Anyone who says they know everything there is to know about
          computers, is just lying" was aimed towards, I can't help but think that anyone
          who chooses to ignore the wizards falls into the category of those who think they
          know everything.

"I like hearing advice from folks who are more knowledgeable than I am with
computers while looking at the grass roots of the system. I learn better and
quicker that way."

          Of course every project we undertake is ultimately a learning experience,
          but learning is not the primary objective when deploying a Server and complete
          network infrastructure for a paying client.  That's something you need to do on
          your own time with your own test installations.  When you do that, you will find
          that the wizards don't hide anything.  Everything is spelled out VERY CLEARLY on
          both the first page (which tells you what it's going to do) and the last page
          which provides you the EXACT details of what it's doing.  If you like, you can
          print out that last page, quit the wizard and then make the entries manually if
          that helps you understand it better.  But when deploying an SBS for a paying
          client who expects the product to deliver everything it claims, the server
          should be installed and configured in the quickest method possible to provide
          all features that will benefit the organization including it's low, long-term
          management costs.

Let me also add...
Every time a wizard is run, a complete log of it's actions is created in
C:\Program Files\Microsoft Windows Small Business Server\Support
I highly recommend that you poke around in the C:\Program Files\Microsoft Windows Small Business Server
directory to see what else is there.  In doing so, you'll find that every time the CEICW is run
it creates both a full outline of what its doing, plus it creates a .vbs file of its settings
in case you need to revert back to a previous setting.  (You'll find that in
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW)
I welcome any comments or feedback.

It seems though, as though nobody could rise to the challenge.  RTFW!

Changing the IP address on your SBS is much more than just changing the IP address of the Local Area Network Interface. There are at least EIGHT areas that must be modified and some of those require multiple changes. Luckily, SBS has the Change IP Address Tool! Many enterprise network administrators wish they had this on their servers. Here's what it does (as quoted from Microsoft's SBS Training Guide):

Configuration Actions

Once the user specifies a new IP address by running the Change IP Address Wizard and clicking "OK," the wizard will perform a series of actions to configure the server and appropriate services to use the new IP address.

Note: The tool will need to be able to detect whether the ISA, DHCP, and WINS services are enabled; if any of them are not, then the Wizard will not perform the configuration actions for those services.

Network Card

The tool will modify the IP address of the local network card to the new IP address and set the subnet mask appropriately. The Default Gateway of the internal network card will not be changed, so if there was a Default Gateway defined, it will still be defined after running the tool. If the Default Gateway is blank, (as it should be in most cases), then it will stay blank. In addition, the DNS and WINS server entries for the server will be changed to point back to the server itself. Therefore, on the external network adapter, the DNS settings will be configured to point to the internal network adapter.

DHCP Service

If the new IP address is in the same scope of the old IP address, the tool will simply add a new exclusion to the DHCP scope for the new server IP address. It will also set the following DHCP Scope Options. The tool will check the 003 Router option of the DHCP service, and if the router option is not set to the SBS server itself, it will not modify this option. Otherwise, it will reset the 003 Router option to match the new IP address of the SBS server.

If the new IP address is in a different scope from the old IP address, the tool will create a new scope based off of the new IP address, and follow the same configuration tasks that Server Setup performs.

DNS Service

The tool will update the DNS listeners by adding the new IP address to the list of IP addresses to listen to. It will also delete the reverse lookup zone if the zone no longer matches the new IP address, and create a new reverse lookup zone.

ISA/RRAS

If ISA is installed, the tool will need to construct a new LAT based upon the new IP address, and the outgoing Web requests configuration of ISA to remove the old IP address and add a listener for the new IP address.

If the server has been configured for a dial-up connection, the tool will modify the client address set created by ICW to change the IP address to the new private IP address of the SBS server.

If ISA is not installed, then the tool will check to see if RRAS is being used for firewall. If it is, the tool will update the IP address for inbound filters on the external network card.

Exchange

If Exchange is installed, and relay restrictions are defined for the SMTP service, the tool will delete the current relay restrictions, and add in a new set using the new IP address and subnet mask defined.

WINS

After making all changes, restart the WINS service to make sure changes are picked up.

Client Setup

The tool will update the server.txt file that is in the directory %system root%\Inetpub\ConnectComputer. It will need to modify the value for the server IP address to the new IP address of the server.

IIS

The tool will check the IIS permissions on the Default Web Site and its directories. For any directories that have had specific IP permissions set, the tool will modify those permissions to match the new local IP range.

If ISA is running on the server, the tool will run SBSIISConfig to configure IIS appropriately.

Logging

When the Change IP Address Tool is run, the tool will maintain a log of actions that it performs. This log file is kept in the directory %sbsprogramdir%\support. The file will be called changeiplog.txt. If the file does not already exist then the tool will create it. If the file does already exist, the tool will not overwrite the file but will instead append the new content to the end of the current file.

At the start of each run, the tool will log:

• Date/time of this run.

• Username of the user running the tool.

• Old IP address and subnet mask.

• New IP address and subnet mask.

• For each action performed by the tool, a success or failure message.

• If a failure occurs, log the error information provided by the service being configured.

• Any additional debugging information required.

I can't tell you how many times I've posted these steps in my answers to questions received on Experts-Exchange.com.  But more often than not, someone is trying to use one of the nifty SBS features and can't get it going because they never joined their workstations to the domain using the Connectcomputer wizard. 

You can find a list of all the things that Connectcomputer does over on Susan Bradley's Blog.  But what do you do if you didn't originally use this wizard to add the clients to the domain?  It's not as simple as just unjoining the domain and rejoining it with the wizard because of all the places that need to be touched and all the features that need to be configured.

So, after many revisions, here are the current steps that must be taken at each workstation:

At the client machine:

• Log in with THAT machine's LOCAL administrator account.
• Unjoin the domain into a WORKGROUP
• Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
• Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients
• Delete the following Registry Key entirely: HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer (if it exists)
• Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
• Reboot

Then on the server, from the Server Management Console:

• Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
• Add the client with it's NEW name using the Setup Client Computers wizard.  When it finishes you will get a warning telling you how to finish the installation:

Then, go back to the client machine, log back in with the local Administrator account.

• If there is more than one network interface, make sure that the only one that's enabled is the one connected to the SBS.
• Open IE and enter http://<servername>/connectcomputer in the address bar
• Supply the domain Administrator credentials when requested and assign appropriate user to the machine.  This will make sure that the user that was already assigned to the machine retains their profile.   The following screens are self explanatory:

• After the machine reboots the second time, log in with the assigned user's credentials to complete the process.

Once complete you will be able to enjoy all the client functionality that SBS promises and helps to make your users more productive.

If you have any problems with the user's settings not being the same, please see this article on how to restore their original profile:

Migrate Profiles on Small Business Server Networks

You can quick-link to this article by using this URL:  http://sbsurl.com/rejoin

This comes from Microsoft's document on how to secure your SBS network which I thought was a good example of how SBS makes it easier to deploy and manage a small business network. Take note that all templates allow users to connect remotely --- which comes from Microsoft's philosophy of empowerment .

Windows SBS 2003 comes with predefined templates that are designed to give users only the level of access they need. For example, user accounts that are based on the User template do not have remote access to the local network by using a VPN connection, but user accounts based on the Mobile User template do have this access. The four templates are as follows:

Template Names and Descriptions

Template Name	Description
User	Accounts based on this template have access to shared folders, printers and faxes, e-mail, and the Internet. Accounts assigned this template can access the local network from a remote location by using Remote Web Workplace. Additionally, user accounts assigned with this template can open a Remote Desktop Connection to a computer that is running Windows XP Professional but not to a computer that is running Windows SBS 2003.
Mobile User	Accounts based on this template have all the permissions of the User template and can also access the local network from a remote location using Remote Web Workplace or a remote access connection.
Power User	Accounts based on this template have all the permissions of the Mobile User template and can also perform delegated management tasks. A Power User can log on remotely, but not locally, to a computer that is running Windows SBS 2003.
Administrator	Accounts based on this template have unrestricted system access to the Windows SBS network.

Of the thousands of questions I've answered at  Experts-Exchange, plenty have been seeking a way to solve the symptom of a much larger problem.  It's quite easy to tell if the question was asked by someone who has a vested interest in the success of the business, or is merely concerned about solving the problem of the moment, by the way they react to my response.  (Which will always focus on the larger problem rather than providing a quick fix).

Sometimes the larger problem is technical, such as those caused by trying to use Windows XP Home workstations in an Active Directory domain.  There are certainly a lot of work-arounds, but if they can't understand that IT is an investment (see my previous post about this) then I wonder why they installed an SBS to begin with.  There are other questions where the network administrator or IT consultant is asked to provide a solution for something when the larger problem has nothing to do with technology, but rather it's caused by management (mismanagement, actually).

In the past few days, I have seen no less than 8 questions on Experts-Exchange seeking an answer of how to block or restrict user access to the Internet.  Here are a few examples (with original spelling/grammar):

What is the best way to restrict user access to the internet while ensuring that windows updates and antivirus defintions are being received.  All users and Power Users on their XP Machines

I am trying to deny internet access to certain users. I have looked up solutions on this web site and followed them. I create a GPO then stop the users from running iexplore.exe. No matter what a change the users are still able to access the internet

I want to block all Internet Explorer traffic on user's PCs in my office. I want to make an exception on 3 paticular websites though.  I'm using Windows Server 2003 SBS.  Any ideas?

If you search for similar types of questions asked in the past, you'll find thousands of requests.  This is one that I found particularly amusing:

ive got 4 people who are misusing the internet at work, and so i need to block their computers from accessing any websites at all, if possible to block their usernames also, so that no matter what comp they log into they cannot access the net.  ive been thinking if it is possible to do so with the lmhosts files on each computer?

ok so not only do i need to revoke all internet access i need it so that if they do try and access the net, they get directed to a file on their computers that i will emplace which will send a report to someone.

cheers for any light you can spread! :)

When I see these questions, I am often compelled to respond with something like this:

Instead of blocking Internet access, why not get a few 42" display monitors and hang them in visible locations.  Then, use a remote control session to display employee activity for everyone to see.  That sure would stop Bob from viewing wildbabes.com or make it difficult for Susie to order a new pair of shoes from supershoedeals.com!  Because public humility in the workplace is much quicker than waiting for the HR director to get the report of attempted Internet use.

The fact is that the "computer activity monitoring" software industry, which was originally a hacker's favorite tool and then became a legitimate tool when marketed to parents who needed to keep tabs on their 12-year-old's activities, is now being offered as a "valuable" management tool.  Making such promises as allowing you to "efficiently spy on your employees from your own desk".  Below is a screen shot of the control panel from a program called StaffCop, which I'm sure was named by someone who has absolutely no concept of employee morale -- (I think it's made in Russia):



All of this reminds me of a wonderful story about an emperor who procured the most luxurious suit of invisible cloth.  Why do all of these managers think that the appropriate way to have someone do their work is to prevent them from doing something else?  When will that small child point out to them that the problem isn't the Internet, but their own lack of management skills?  Not only are they unable to provide these employees with clear expectations and attainable goals, they somehow think that Internet access will prevent them from doing their work.

The irony, of course, is that the questions themselves are being asked on the very Internet which these folks seeking to block for others.  Apparently, these other employees know everything there is to doing their job correctly and efficiently, and never need to come up with new and innovative ideas which may improve their results. 

I couldn't imagine using Microsoft Office without things like Office Online help



or the myriad of templates provided by Office Online.  These tools not only make my work look better, they have saved me countless hours of being frustrated with creating a document from scratch. 



Then, if I can't find what I'm looking for, there are always the discussion groups.



But, remember, if you block them from all of that... then they'll also be blocked from this



So, wake up people!  Take the time to sit with your employees and ensure that they have the proper tools, training and support to do their jobs well.  Provide them with clear expectations and attainable, measurable goals which are regularly reviewed (which used to mean annually, and now means either monthly or even weekly).  Most of all, give them respect.  If they respond well, you'll both be rewarded.  If they don't, then you'll be glad you stopped treating them like children because can't fire your kids.

These are the things worth taking your time to review:

Top Five Small Business Internet Security Threats » Small Business Trends

New York-based analyst firm Access Markets International (AMI) Partners, Inc has released a new projection of the top 10 IT trends for global SMB markets.  Read more about it here:  [ eChannel Online: Integrated mar.com ]

If you run a business or are the person responsible for Information Technology and are constantly looking at ways to cut your IT expense... look no further because I have your solution!

Sell all of your computers and buy one of these:

And a few of these:

You should also check to see if the typewriter that's under those boxes of last year's invoices in the back of the storage closet still works, just in case you need to send a formal letter or fill out a government form.

Before you judge my perfect solution, take a moment and think about how you view the computers in your office and write down the functions they provide.  Now, look at that list and if all of those functions can be accomplished with a Rolodex and a few legal pads, its obvious that your computers are an unnecessary expense.  Getting rid of them would certainly eliminate some of your daily frustrations.

On the other hand if you had just one item on your list of functions that could not be done by these two wonders of the world, such as "pop-up an alert and ring a chime to remind me of my 3:00pm meeting each Tuesday", then you may want to reconsider how you view IT expenditures.  Because that little pop-up alert is just the tip of the ROI iceberg.  Computers provide you with a MEASURABLE RETURN ON INVESTMENT and the problem that most people have is actually taking a few moments to decide what to measure.  Once you do start measuring the return generated from your IT investment, you will also start finding new ways to optimize and improve your results.  You may cut IT expense in one area, but you will likely increase IT spending overall as your business profits and grows due to your insightful and successful management skills.

Check out the Forbes report on the ROI of Microsoft Small Business Server:  http://sbsurl.com/roi

On Experts-Exchange.com, I often have to describe the set of FOUR default web sites that are initially installed by SBS.  Because the formatting on EE's posting tool does not provide for pre-formatted text, the list always comes out rather jumbled.  So, in the interest of clarity, I will post the information here:

Please note. There are two items above which may be different on your SBS:

1. Microsoft SharePoint Administration Port – 8109 is a random port assigned during installation. Yours may be different.
2. Companyweb IP address. This should be the INTERNAL IP address of your SBS. Yours may be different.

As you may know, Small Business Server 2003 requires that you keep the default Organizational Units (OUs) within Active Directory that are created during the initial setup of SBS.  Modifying even the names (ie, changing MyBusiness to some other less non-descript name) will cause all sorts of things to go wrong with your server and your domain.  Even though you are required to keep the SBS order to your Active Directory, you can still use OUs to organize your users and to apply specific Group Policies to certain groups. 

First you will need to create the new OU in the proper SBS-defined location, which is within the Users container directly under MyBusiness.  Since all of the SBS default group policies are linked at the domain level, there's no benefit to placing the OU anywhere else in the Active Directory structure.  But, by creating it within the MyBusiness\Users Container, your new OU will work just great with SBS's management tools.

After creating the OU, the next step is to create a User Template which will be used when adding new users via SBS's Add User Wizard.  User Templates ensure that you have all the proper settings applied to a new user without having to manually tweak each item.  Because you've created a new OU, there will be this additional OU selection screen in the Add Template Wizard that you otherwise wouldn't see:

You'll note that once the first additional OU is created, you can create other ones on the fly by clicking on the "Create new OU..." button.

You can then create any Group Policy Objects you like and link them to the specific OU for which they apply.  Of course, creating additional Computer OUs would be done in much the same way with any new OU residing within the MyBusiness\Computers container.

I've been using Zipcar now for about six months and for the most part I love the service.  Especially since I moved into an apartment building that has a bunch of Zipcars parked in the garage below.  For those that aren't familiar with the company or it's concept, Zipcar is a car-sharing company that rents cars by the hour which can be reserved within seconds once you've been approved for the program. 

One thing that I've always loved about Zipcar is that I can easily make a reservation or extend my current reservation right from my Motorola Q Smartphone.  Well, I could do that up until a few days ago. That's when Zipcar launched "the redesign of its web-reservation and patent-pending "Z3D Knowledge Center." 

When the folks at Zipcar were hinting about this new system last month and allowed members to try it out, the first thing I noticed was that it didn't work at all from my phone.  Not even in the "Full Desktop" view that I can normally use for even the worst designed websites.  I then went to send feedback regarding the new site, and the Operating System choices were as follows:

Windows 2000
Windows XP
Windows Vista
Mac
Linux
Other

I thought for sure this must just be an oversight during the pre-launch... that of course they would come out with http://mobile.zipcar.com (or the stylish http://m.zipcar.com).  But it now looks as though they just didn't even think about it.  Now I'm not a web development expert by any means... I do have a fair understanding of the ajax elements though.  More importantly, I use plenty of mobile web applications and sites to know how important it is to make sure that mobile users can freely access your web site.  Especially if your primary busines is mobility!

To be honest, Zipcar does make it rather easy to extend your reservation over the phone on their automated system.  It's just a couple of digits to press.  But, that's only convenient if you are extending an hour or so and the car you are currently using isn't booked after your slot.  Any situation that's more complex really requires a view of availability... and that brings us back to the browser that doesn't work on my phone anymore. 

C'mon Zipcar!  Is it really that sleepy in Boston?

I can't tell you how many SBS Consultants or Admins I talk to regarding their SBS issues begin the conversation with ... "The strangest thing..." or "This is really weird...".  You know what?  These things are hardly ever strange or weird when it's apparent that the server has been misdeployed, misconfigured, or mismanaged.

Unlike many other Topic Areas, if there is an SBS anywhere in the realm of the problem, it's generally an SBS issue. The reason for this is due to SBS's centralized role in its network, and the general misunderstanding of most experts as to the nature of SBS and its unique requirements.

What I generally find, when I go to a site with SBS installed already, are a string of configuration settings that would not only be wrong for an SBS environment, and unfortunately they have often caused damage to the server or network that is only correctable by doing a complete reinstallation.

The nature of SBS is such that it's an integrated platform which contains components that would never be combined in a normal environment. The fact that it looks like a normal server, feels like a normal server and even acts like a normal server makes it all the more difficult to get the point across to folks that it's NOT a normal server. Most often, someone with a tremendous amount of Server 2003 experience will offer up their assistance and then deploy an SBS in a way that would be just fine for a Standard Server.  They make mistakes such as creating new Organizational Units in order to link a new Group Policy. If they are unaware that you cannot create OU's outside of the standard SBS Active Directory structure, then they will end up breaking the server's tools and possibly the entire AD. Most often, these seasoned experts have never installed an SBS, or even seen one operate.

So, please make sure your SBS is installed by someone who is familiar with SBS, or at least is willing to read and follow the manual.  If you want to get your hands on a good book to assist in deploying your SBS check out the list I've put together here:  SBS Book List

A while back, I was responding to a question on Experts-Exchange.com from someone who was struggling with the Connectcomputer wizard.  At some point, he said to me, "my background is from an enterprise-level Windows 2000/2003 environment.  SBS was not even given a sentence in all of the Microsoft books I have read."

So, I thought I'd post my response to him, which I feel sums up quite well why you have to think like an SBSer:

You must have read the wrong Microsoft books.  :-) 

Actually there is a reason for that... the two don't mix.  An enterprise level IT professional would never really have the need for SBS in their normal work environment.  Where the problems occur is when a person such as that decides to do a little work on the side.  Which is why Microsoft has now created the Microsoft Small Business Specialist designation (with exam 70-282 to go along with it).  Any time I hear someone tout their MCSE credentials as being qualified to deploy a Small Business Server, I have to kindof chuckle... no offense to the great effort of achieving an MCSE, but it's like a college professor thinking that they are qualified to be a kindergarten teacher.

(Now I know I'll catch hell for that comparison... but let me say that the kindergarten teachers are far more important in this world than college professors... because without them providing the inspiration for students to endure 12 years of education, the professors would be left with empty classrooms).

So, if you look back at my analogy... let's actually assume that they are equally important in their respective roles.  Both are instructors, yet neither is really suited for the other's job.  

If you are trained as an enterprise  network administrator, then your reality is one in which the cost of resources is spread amongst so many things that a few thousand dollars seems negligible.  If you are going to work with small businesses, you have to think like a small business and act like a small business... and a few thousand dollars is a whole lot of money.... in fact if it's a new start-up business the few thousand dollars could mean the difference between being successful or not.

Get your hands on these two books... they will help you immensely:

http://sbsurl.com/best 

http://sbsurl.com/unleashed.

Then, start thinking like an SBSer!

You don't have the time or resources to set up your or your customer's new Small Business Server in a lab environment?  Then check out these terrific virtual lab demonstration!  The lab is split into two 90-minute parts so that you can digest the information more easily:

Microsoft Small Business Server 2003 Technical Overview Part 1 Virtual Lab

This lab is designed to show the major features in Windows Small Business Server 2003 in a fresh out-of-the-box installation. The majority of time is spent on features that exist in both Standard and Premium Editions, we will also include a demonstra...

[StartDate: 10/24/2005 12:00 AM; EndDate: 12/31/2007 11:59 PM; Duration: 90 min; PrimaryLanguage: English; TargetAudience: IT Professional; StarRating: 0; ]

Microsoft Small Business Server 2003 Technical Overview Part 2 Virtual Lab

This lab is designed to show major features in Windows Small Business Server 2003 in a fresh out-of-the-box installation. The majority of time is spent on features that exist in both Standard and Premium Editions, we will also include a demonstration...

[StartDate: 12/29/2006 12:00 AM; EndDate: 12/31/2007 11:59 PM; Duration: 90 min; PrimaryLanguage: English; TargetAudience: IT Professional; StarRating: 0; ]

I've felt for a long time now that Microsoft has not presented SBS properly to IT Professionals... while they did finally release a paper directed to IT Pros, (http://sbsurl.com/itpro) it was not as technical as you or I would have liked to have seen.

If you read this paper, however, you'll see an example of what I mean in the statement: "so if you use the snap-ins instead of the wizards, you might actually break some Windows SBS functionality".  

I think that part of the problem with Microsoft documenting this is that while SBS does have all these interdependencies, the parts all came from different Microsoft divisions and are only held together because the wizards (which are really just GUI scripts) are written to keep them all attached.  It's quite possible that I AM the only one using this term... if so, then its a defacto description of SBS.

To see what I mean about these different parts, one only has to look at

C:\Program Files\Microsoft Integration\Windows Small Business Server 2003
C:\Program Files\Microsoft Windows Small Business Server
and
C:\Program Files\Windows for Small Business Server

Obviously there is still some work that needs to be done just to get everything in the same directory... but what this shows me is that there certainly might be problems if you don't use the wizards, and if you don't use the server in the way that it was intended... unless you plan on going into each of these directories, and figure out what programs are supposed to do what!

As for whether SBS is "Special"??  Well the differences are pointed out here:  http://www.sbslinks.com/Us_v_them.htm

Now, most folks that I point to that site will skip over the intro paragraphs and go right to the tables, so I'll post those here for emphasis:

"Why Small Business Server 2003 Service pack 1 is better for small businesses:

SBS 2003 SP1 isn't perfect.  It isn't for everyone.  There are limitations to the product that are listed in the lower section..but here's the thing.  If you can live with these minor 'warts', in return you get features that the big guys are drooling over.  Remember where SBS fits on the pricing SKU code range.  This is the 'first server in the firm", the one you begin with and grow with.  And as any small business knows...there are some things that you do compromise on.  But in reality, there are so many more features in this product that make it so right for a small firm that to say it's crippled or cut down or any other words like that, you just don't understand the potential and possibilities of this box.

Microsoft's Small Business Server 2003 sp1 is a business in a box.  All it needs is your commitment and imagination.  To all small businesses my prescription would be....take one box of SBS... add to it a few XP sp2 workstations.... add a little sweat equity and elbow grease and stand back and watch what happens.  SBS brings "automagic" to a small business."

I created  a Custom Live Search today to look up answers I've given on Experts-Exchange.com.  Unfortunately it isn't very effective considering that when I searched for "redirect" it gave me two answers and a similar search on Google produced over 100.  Either Live Search doesn't index EE as well as Google does, or I have some tweaking to do on my macro.

Check it out if you like: