Friday, August 29, 2008

Change has arrived - cutting over to SMB Dude

Good day everyone - with the end of August at hand, I am cutting this blog over to SMB Dude and will no longer post up here.

So please join me at blog.smbdude.com

Thanks for reading HERE and I will see you THERE!

enjoy...harrybbbb
Harry Brelsford, CEO at smb nation www.smbnation.com
Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP
PS - did u know I host an annual conference in Seattle each october for SBSers and SMB consultants? This year we help launch SBS 2008 and Essential Business Server (EBS) between October 4-6!

Thursday, August 28, 2008

Early bird flying away on fall wings and wind

SMB Nation 2008 fall conference, the 6th annual, will bring Small Business Server 2008 and Essential Business Server 2008 into the world with a monster launch party plus over 40 content sessions. Be there in Seattle!

Hurry - early bird rate expires next Monday - so you still have time to save a couple $$$

thanks...harrybbb

ceo at smb nation

www.smbnation.com

Wednesday, August 27, 2008

Faxing in S BS 2003 [book excerpt]

Good morning - I am harry brelsford, author of the Windows Small Business Server 2003 Best Practices book and each day I am posting up a few pages for the community. I will do this until (1) SBS 2008 ships or (2) I run out of pages!

Today we look at Chapter 9 which is faxing with the shared fax service in SBS 2003.

enjoy...harrybbbb

Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS - did u know I host an annual conference in Seattle each october for SBSers and SMB consultants? This year we help launch SBS 2008 and Essential Business Server (EBS) between October 4-6!

###

Chapter 9 Faxing


In working with SBS as both a user and consultant, I’ve noticed that the true value of some of its features can only be appreciated over time. SBS’s faxing capability is one such feature.


The faxing topic is appropriately placed here, later rather than sooner, because it is usually one of those features my clients suddenly discover well after the installation and deployment of the SBS solution. Whereas the main priorities out of the gate for most SBS sites are Internet connectivity, e-mail, and being secure, faxing is usually something I can demonstrate when things settle down and I have the client’s undivided attention. After other core SBS features, such as Outlook 2003, are accepted and widely used, the time is ripe to introduce faxing.


To balance my introduction of the faxing topic, full disclosure is necessary. I have some clients who view faxing as akin to religion. Implementing an electronic, network-based faxing solution, such as that found in SBS, acted as a key driver in their approval of the SBS network implementation project. And not only do I know this firsthand from selected clients, but I also know it from the e-mails you—the readers of my past SBS books—have sent me. Many of you commented at length how important faxing is in a small business environment networked with SBS. In fact, the dialog between reader and writer (that’s me) revealed a couple of interesting points:


• Faxing, when used, is considered very important.

• In general, SBSers were disappointed with the reliability and capability of the faxing application in the SBS 4.x era (late 1990s).






• SBSers in the past (specifically, the SBS 4.x era) have opted to deploy third-party faxing solutions, such as GFI Fax, instead of using the native faxing capabilities inside SBS.

• Readers also reported that they truly got what they paid for in fax modems. Those who went with the low-cost modems (often included with workstations) frequently experienced poor performance. Contrast that with the experience of those who invested in a superior fax modem such as the external V.Everything modem. For an investment of about $250 USD, the folks using the V.Everything modem found that they could achieve five 9’s or six sigma of reliability with the Shared Fax Service in SBS. It just flat out works!




The good news about the Shared Fax Service is that Microsoft listened over the years to the feedback on faxing within the SBS community. In the prior SBS 2000 release (the predecessor to SBS 2003), the fax application, is one area that received some of the greatest attention. And the results showed. Truth be told, it was actually a crack team of developers at Microsoft Israel who “rewrote” or reprogrammed the fax application from the ground up to take advantage of a more stable and robust Windows 2000 code base. This occurred in the summer of 2000. I share this historical insight with you because knowing how we got to where we’re at with faxing in SBS 2003 makes you wiser about the faxing function offered in SBS. That is, I’m providing historical context for ya! More important, if SBS previously lost your trust with respect to faxing, I think this release will restore that trust.


BEST PRACTICE: It’s the crime of the century. It’s the Shared Fax Service caper. It’s a big brother ripping off a little brother. What am I getting to? That the Shared Fax Service that was built for SBS 2000 just after the beginning of the new century was stolen by the Windows Server team for inclusion in the traditional Windows Server 2003 family. That’s right! The Shared Fax Service perfected for SBS was soooo good that it’s been, shall we say, borrowed for the other server products at Microsoft. In the world of intellectual property, there is certainly no greater compliment than theft, so the Fax Service


developed for SBS being co-opted for the other Microsoft Servers


operating systems is quite an affirmation of its value!


In the first part of the chapter, basic SBS faxing is defined as well as configured. You will also learn how to send and receive a fax. In the second half of the chapter, I discuss fax reporting and other advanced fax topics.

Tuesday, August 26, 2008

Beyond Remote Desktop in SBS 2003

Hi gang - I am Harry Brelsford, the author of Windows Small Business Server 2003 Best PRactices and I am writing this today from Ocean Shores WA where I am fitting in a few vacation days before fall!

Each day - I like to post up a few pages from my book for your reading pleasure. I will do this unitl SBS 2008 ships and my new Small Business Server 2008 Blueprint book is on the shelves (around November 12th).

Today is a guest column from Frank Ohlhorst, well-known industry media guy now at Ziff-Davis. He speakes towards looking beyond RDP or remote desktop in SBS 2003. This concludes Chapter 8 of my book.

cheers....harrybbbbb

Harry Brelsford | CEO at SMB Nation | www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, CNE, CLSE, CNP, MCP

And don't forget my SMB Nation 2008 fall conference is just five weeks aways in Seattle where we host a SBS 2008 and EBS 2008 luanch party!

Beyond Remote Desktop, the path to remote control.


Frank J. Ohlhorst


Small Business Server 2003 does a wonderful job of bundling remote access capabilities, but there are some drawbacks to how the product goes about that.


First off, there are some minimum requirements that must be met for those features to be viable, namely having Windows XP professional on the client PCs. That requirement leaves those using earlier operating systems out in the cold. Another limitation is that Microsoft’s Remote Desktop Connection uses Terminal Services, in other words it is a remote session, not a remote control solution. That prevents sharing the desktop with a remote user, a key requirement


for training or troubleshooting problems remotely. To overcome those limitations, integrators can turn to several third party


vendors for remote control packages, ranging from Symantec’s PCanywhere to hosted services such as GoToMyPC.com, but selecting one of those products requires an additional expense, which can be a hard sell, especially as SBS2003


includes the “remote desktop connection” feature. Savvy integrators can turn to a freeware/open source product called VNC


(Virtual Network Computing), which can be downloaded from www.realvnc.com. What makes VNC unique (beyond it being free) is that it is a multiplatform


product, in other words you can control a windows system from a linux system or solaris system or vice versa and VNC is quite compact and easy to use. VNC is a two part product, there is a server component and viewer component. The server component is installed on the system to be controlled, while the remote user uses the viewer component to take control of a remote system. VNC is a barebones product, and just offers basic remote control capabilities, with that in mind there are a few tricks integrators need to know to use the product. First off, VNC will not search for a system on the network, you must know the destination system’s IP address. Secondly, you will need access to the internal network to connect to a system. That can be a problem, but one easily solved by


Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.


just using the included VPN server that comes with SBS2003. Once you have established a VPN connection, just input the IP Address of the target PC into the VNC viewer application, enter a password and the remote control session becomes active.


While third party products may offer more robust features, such as file transfer and search features, integrators will find that VNC fits the bill for most remote support needs and at a price that can’t be beat.


Summary


I started the chapter emphasizing how important it is for mobile workers to have robust remote connectivity. SBS 2003 is positioned very well to support these individuals with services such as the amazing RWW and an impressive update to OWA. You were educated on other mobility matters such as VPN and Terminal Services. So now it’s your moment to fly away and join the ranks of the upwardly mobile!


See you next chapter.

Monday, August 25, 2008

funny hahah - did I really just say that!?!?!?

The small business technology consultant is hyper-sensitive to being sold to or duped by vendors or sponsors.

Harry Brelsford, founder and CEO of SMB Nation.

Read: http://www.echannelline.com/canada/story.cfm?item=DLY082508-4

Advanced Mobility in SBS 2003

Happy late August Monday to y'all!
I am the author of Windows Small Business Server 2003 Best Practices and each day, out of the kindness of my heart (not!?!?) I post up a few pages of my book for you to read. I will do this until SBS 2008 ships this fall.
Today we explore advanced mobility topics at the end of Chapter 8.
cheers...harrybbbb
Harry Brlesford | ceo at SMB Nation | www.smbnation.com
Microsoft Small Business Specialist, SBSC, MBA, CNE, MCSE, MCT, CLSE, CNP, and MPC
ps - I host an annual SBS and SBSC conference in Seattle each October - this year we celebrate SBS 2008 - see u there?

Advanced Topics


How ‘bout an advanced bushel of “quick hitters” on mobility and remote connectivity before we move on to the next chapter? Cool!


• VPN and Terminal Services expectation management. Something I spend tons of time on in my SMB Consulting Best Practices book relates to VPN versus Terminal Services. An SBS customer will hear the VPN buzz word and ask you to come out to their house and set it up so that she can VPN into to SBS network back at the office. Upon completing your


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.






8-58

Section 2 ☛ Extending SBS 2003



duties, she is disappointed that “nothing changed” and the only evidence is a dancing green computer in the lower right. Turns out many custom­ers really want to use Terminal Services with its coolness of having a remote session, but they didn’t know to ask for it.



HTTP compression is enabled by default. One of the buzz words floating around building 43 in Redmond, where the Microsoft SBS development and marketing teams are housed, is HTTP Compression. HTTP compression speeds up OWA and is turned on by default in SBS 2003. To see for yourself, expand Advanced Management in the Server Management console. Expand SPRINGERSLTD (Exchange), Serv­ers, SPRINGERS1, HTTP. Right-click on Exchange Virtual Server and select Properties. Select the Settings tab. Observe that Compres­sion is set to High.



Shared Modem Service removed. I mentioned it earlier in the book





and it’s true. The Shared Modem Service, which facilitated outbound remote connectivity (such as dialing up a bulleting board system), can not be natively accomplished in SBS 2003. But leave it to Burl, the SBS consultant who works for me, to find a couple of third-party modem-sharing solutions: Spartacom (www.spartacom.com/products/ modemshare.htm) and DialOut/Server (www.pcmicro.com/ dialoutserver/).


BEST PRACTICE: So you’re thinking about pulling a fast one, eh? Not so fast, pardner. When you upgrade from SBS 2000 to SBS 2003, you lose the Shared Modem Service. So the old upgrade switch-a-roo won’t work, buddy boy. Sorry.


• KBase article 821438. As of this writing, you should put this on your SBS 2003 radar screen for RWW. This article, titled “FIX: Antivirus Programs May Cause Some Web Applications to Restart Unexpect­edly,” relates to SBS 2003 in that RWW might be affected by this (your antivirus program could impact RWW).




• License Ticks. This is an interesting question from SBS 2003 hands-on labs students, in nearly every town, related to RWW and licensing. Basically some folks were looking for a way to purchase few client access licenses (CALs) and have many folks log on remotely (essen­tially for free). The answer I received from a Microsoft product man­ager was “No and no!” The Windows authentication process during the RWW logon “ticks” against the SBS CAL count. You gotta pay full freight for the remote users.

• Third-party. Third-party mobile worker/remote connectivity solutions you could be aware of include Symantec’s infamous PCAnywhere (ver­sion 11, $199.95). A popular grassroots solution is VNC (www.realvnc.com) shareware that relies on contributions, t-shirt sales, and mouse pad sales). Take a look at GoToMy PC, which was acquired by Citrix in late December 2003 (see the CRN article at www.crn.com/ sections/BreakingNews/breakingnews.asp?ArticleID=46811). Also consider learning more about NetSupport 8.1 as a remote management tool (www.mcpmag.com/reviews/products/article.asp?Edit­orialsID=458). See Frank Ohlhorst’s column in a moment.




Next Steps


You guessed it. Forward to dig deeper into the remote connectivity area. There are entire books on remote connectivity, VPN, and the like. A quick search at Amazon revealed several capable books on VPN computing, such as Stephen Northcutt’s Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems (Que, ISBN: 0735712328).

Sunday, August 24, 2008

Download next week's SMB PC magazine TBA Cover Story

hey gang - just a lazt summer sunday post-up.

You can now download next week's SMB Partner Community magazine.

The cover story from Robert Cohen really fits this group with the TBA discussion in SMB....selling the business services\consulting instead of being a box pusher.

there is also extensive WPC Houston coverage including a tell all photo essay....see Jeff Middleton standing next to a short MS RP product manager....man Jeff is tall!

Download now: http://www.smbnation.com/products_listpage.asp?Category=Publications&Category2=Magazine

(most of you will receive in the mail next week = if you want printed version - you must JOIN THE TRIBE at www.smbnation.com)

cheers...harrybbbb

T-41 days to SMB Nation Fall Conference :)

Get Your Geek On – SMB Nation 2008, October 4-6, 2008, Seattle

Join hundreds of Small Business Specialists to learn more about Windows Small Business Server 2008, Essential Business Server and Microsoft Response Point plus many other technologies. BusinessSpeak track features sales activation content, issues sensitive to owners and much more. How To track provides practical hands-on business knowledge that you can apply immediately. Visit www.smbnation.com to sign up. Extended tuition payment plans available.

PRESS RELEASE

SMB Nation 2008 Fall Conference to Hold Launch Party: Small Business Server 2008 and Essential Business Server 2008.



MarketPlace Expo SOLD OUT!



Seattle, WA – August 22, 2008 - Boasting a completely sold out tradeshow hall and host hotel, SMB Nation 2008 will hold a Small Business Server 2008 (SBS) and Essential Business Server (EBS) LAUNCH PARTY on the Saturday night of its October 4-6, 2008 annual conference in Seattle. A 58’ Hatteras yacht will be christened the M.V. SBS 2008 on the pier at the party.





When: Saturday, October 04, 2008
Where: 2211 Alaskan Way, Pier 66 Seattle, WA 98121

Webinars: SBS 2008 security, merger and acquisitions with your SBS consultancy, more

hey gang - got a couple Webinar coming you way over the next few weeks....see ya there!


August 28, 2008 2PM PDT (UTC-7) Last Call for SMB Nation 2008 Fall Conference
September 9, 2008 9:00AM PDT: Security and SBS 2008 Webinar with Untangle
September 10, 2008 8:00AM PDT: Time To Sell Your SMB or SBS Consulting Practice?

cheers....harrybbbb

Harry Brelsford, CEO at SMB Nation, www.smbnation.com

Microsoft Small Business Specialist and SBS 2003 author!

ps - did u know I am holgin a SBS 2008 and EBS 2008 launch party on October 4th in Seattle?!?!?

SBS 2003 and Terminal Servcies [book excerpt]

g’day folks - I am harrybbbb, the author of Windows Small Business Server 2003 Best Practices and I am delighted to give away my book - I am posting up a few pages per day until SBS 2008 ships!

Today we take a quick peek at Terminal Services in SBS 2003.

enjoy…harrybbbb

Harry Brelsford

CEO at SMB Nation www.smbnation.com, Microsoft Small Business Specialist, SBSC, MBA, CNE, MCSE, MCT, CLSE, CNP, MCP….whew!

ps - I am holding a raging SBS 2008 and Essential Business Server 2008 launch party in Seattle on October 4th…be there!

###

Terminal Services


An oldie but a goodie in the world of mobility and remote connectivity is Terminal Services. Funny how times change. My Small Business Server 2000 Best Practices book had an entire chapter dedicated to Terminal Services. This book has a mere section of discussion, as Terminal Services has become a well-established remote management tool that doesn’t warrant extensive discussion in the SBS 2003 time frame.


Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.


By default, Terminal Services is implemented in remote administration mode. This allows two users to connect remotely for administrative and management purposes without special licensing. Terminal Services has another mode called “application sharing mode” that is most commonly associated with a server machine (acting as a member server) dedicated to serving Terminal Services sessions to many remote mobile workers simultaneously.


BEST PRACTICE: I mentioned it early in the book and I’ll do so again. Never ever place Terminal Services in application sharing mode on the SBS 2003 server machine. Microsoft doesn’t give you the option to do this with SBS 2003 and please don’t delve deep under the hood to try and figure out how to do it!


With Terminal Services, you enjoy a remote computing session with the server, with only screen activity passed to the remote client computer. This results in a very “fast” remote computing experience, but it’s not as a network node. It’s kinda like PCAnywhere just pushing screens! But remember that in its native form (remote administration mode) in SBS 2003, Terminal Services is designed to manage the server machine (again, an additional member server would be the way for everyone to enjoy Terminal Services).


BEST PRACTICE: I’d be remiss if I didn’t honor the fact that Terminal Services has some funky licensing issues. Read the latest at www.microsoft.com/terminalservices.


You will work with Terminal Services again in Chapter 11 to manage the SBS 2003 network for SPRINGERS.

Saturday, August 23, 2008

SBS 2008 exam in BETA until Sept 12th = take for free!

Tell em harrybbbb sent ya!

http://msmvps.com/blogs/herlesonpontes/archive/2008/08/22/1645564.aspx

Harry Brelsford
SMB Nation www.smbnation.com

Under the hood VPN looksy in SBS 2003

Happy HOT summer Saturday to you - at least if you are reading in North America!

I am the author fo Windows Small Business Server 2003 best Practices (SBS 2003) and I am posting up a few pages per day unitl SBS 2008 ships!

Today the topic is a under-the-hood lookat SBS 2003's VPN/ architecture. Enjoy!

cheers....harrybbbb

Harry Brelsford

CEO at smb nation, www.smbnation.com Microsoft Small Business Specialist (SBSC), MBA and other goodness like CNE, MCSE, MCT, CLSE, CNP

PS did u know I host a major rager SBS conference in early october in Seattle?

###

Under the Hood: VPN


So what’s the technical view of the VPN connection just made? Figure 8-32 shows the port-activity related to the VPN connection.


Figure 8-32


Observe that Port 1723 is being used for the VPN connection between a remote computer and SBS 2003.





Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


BEST PRACTICE: Regarding the day-to-day use of VPN connectivity in SBS 2003, I suggest you view this as a dial-on-demand approach. Whenever I’ve seen SBS sites that view the VPN area as full-time, 7/ 24 connectivity between branch offices, I’ve actively discouraged such thinking, because SBS isn’t positioned as a branch office solution. But it’s fine if a traveling Norm Hasborn needs to VPN into the SPRINGERS network to do some voodoo.


VPN and NAT-T


Finally, it’s beyond the scope of this text and it’s something I’ll pursue in the advanced SBS book later (with step-by-step procedures), but be advised there is an issue with respect to having VPN connections when you place a hardware-based firewall router out in front of SBS 2003 and want to tunnel into the SBS network (especially if you’re adhering to the best practice of a dual firewall). This area is NAT-T over IPSec across the firewall. Technically speaking, IPSec NAT Traversal (NAT-T) allows IPSec clients and server to work when behind a NAT. To use NAT-T, both the remote access VPN client and the remote access server must be IPSec NAT-T-capable. IPSec NAT-T provides UDP encapsulation of IPSec packets to enable Internet Key Exchange (IKE) and Encapsulating Security Payload (ESP)-protected traffic to pass through a NAT. IKE automatically detects that a NAT is present and uses User Datagram Protocol-Encapsulating Security Payload (UDP-ESP) encapsulation to enable ESP-protected IPSec traffic to pass through the NAT.


IPSec NAT-T is supported by the Windows Server 2003 family. As such, it’s supported in SBS 2003. Your next step might be to delve deeper into the issue with the Microsoft Press Windows Server 2003 Resource Kit or look up some articles on TechNet.

Friday, August 22, 2008

VPN and SBS 2003

Hello folks - I am the author of the Windows Small Buisness Server 2003 Best Practices book (ye olde purple book) and I am posting up a few pages per day because (1) I own the copyright and (2) I like helping folks!

Today we are deep into Chapter 8 discussing mobility and remote access. The topic is Virtual Private Networks (VPN) in SBS 2003.

BTW - I will keep postung up unitl SBS 2008 ships!

cheers...harrybbbb

Harry Brelsford

CEO at SMB Nation | www.smbnation.com

Microsoft Small Business Specialist (SBSC), MBA, MCSE, CNE, MCP, MCT, CLSE and CNP - man - I am tired from earning those titles!

ps - we are hosting the SBS 2008 and Essential Business Server EBS launch party in Seattle at our fall conference in early October...see ya there!

###

VPN Connectivity


Building on the high-level VPN discussion we had in Chapter 5, this section is gonna do the step-by-step thing to have Norm Hasborn VPN in from his trusty HP Evo N800c laptop.


BEST PRACTICE: If you have run the Remote Access Wizard, you can then run the Connect My Remote Computer to the Network link in RWW to install Connection Manager on the mobile laptop or home computer. Here is the key point. Connection Manager automates the process of establishing a VPN connection to the SBS


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


2003 network. Connection Manager can be used across any type of connection (such as dial-up modem).


Connection Manager can be installed three ways:


• Add User Wizard/Setup Computer Wizard: You can specify that Con­nection Manager should be installed for a user on a machine. Revert to discussion in the latter part of Chapter 4 to refresh your memory on this. This approach will place a shortcut on the client computer desktop to run Connection Manager and initiate the VPN session.

• Connection Manager diskette. Yes, diskettes still exist in SBS 2003! This diskette can be created and given to an employee to take home to easily set up the VPN connection to the SBS 2003 network. Create the Connection Manager diskette from the Create Remote Connection Disk link on the Manage Client Computers page under Standard Manage­ment in the Server Management Console.

• RWW: Pick Download Connection Manager from RWW, which is what we’ll do in the following procedure.




BEST PRACTICE: Connection Manager will only work with a FQDN that you’ve registered as a resource record with your ISP to point to the wild-side NIC card on the SBS 2003 server machine. If you want to use the wild-side IP address, you’ll have to configure the connection manually.


VPN Step-by-Step Procedure


Time to have Norm VPN into SPRINGERS!


1 Log on locally as NormH using the password Purple3300 on his laptop, NormLap.

2 Click Start, Internet to launch Internet Explorer.

3 Type springers1.springersltd.com/remote in the Address field.

4 Respond affirmatively to the security alerts (OK, Yes)




5. On the RWW logon screen, log on as NormH with the password Purple3300. But if you want to avoid the message in Figure 8-30, then deselect the I’m using a public or shared computer checkbox.


Figure 8-30


Microsoft will not allow Connection Manager to run on a public or shared computer.








6. Select Download Connection Manager. Click OK after reading the warning that you should ensure all users have strong passwords after you install Connection Manager.




7. Click Open on the File Download dialog box to open Connection Manager (sbspackage.exe).




8. Click Yes when asked if you want to install the connection to SBS 2003 in the Connect to Small Business Server dialog box. The installation process commences.




9. On the desktop, double-click on the Shortcut to Connect to Small Business Server.




10. Complete the Connect to Small Business Server logon box, as seen in Figure 8-31. Type NormH in the User name field, and Purple3300 in the Password field. Click Connect. Your computer will be regis­tered on the SBS network.




Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-31


Simple stuff, Maynard! Connecting via the Connection Manager approach shields users from having to manually configure the VPN stuff on their computer.





You have now established a VPN connection to the corporate network and the client computer acts as a “node” on the LAN at this point. The visual evidence of this will be a green dancing computer (connection icon) in the lower right corner of the screen. VPN connections are often appropriate to access network resources from afar and run business databases (where you truly need to be a network node).

SMB Nation 2008 Sold Out (?) and Launch Party

PRESS RELEASE

SMB Nation 2008 Fall Conference to Hold Launch Party: Small Business Server 2008 and Essential Business Server 2008.

MarketPlace Expo SOLD OUT!

Seattle, WA – August 22, 2008 - Boasting a completely sold out tradeshow hall and host hotel, SMB Nation 2008 will hold a Small Business Server 2008 (SBS) and Essential Business Server (EBS) LAUNCH PARTY on the Saturday night of its October 4-6, 2008 annual conference in Seattle. A 58’ Hatteras yacht will be christened the M.V. SBS 2008 on the pier at the party.

“With the SBS 2008 release-to-manufacturing (RTM) yesterday, we are thrilled to be timed perfectly for the SBS 2008 and EBS 2008 products debut and look forward to toasting its great success,” said Harry Brelsford, founder and CEO of the 20,000 member SMB Nation. “Our conference is uniquely positioned to motivate and educate the small and medium business (SMB) technology consultant, channel partner and computer guy and gal!”

SMB Nation 2008 appears to be outperforming similar technology events with the complete sellout of the MarketPlace Expo tradeshow hall and with attendance figures ahead of last year. “We believe the 600+ attendees will be treated to a unique educational experience and BE THERE for the start for the next generation of SBS and the first release of EBS!” Brelsford added. Over three busy days and nights, attendees will select from three (3) academic tracks including BusinessSpeak, GeekSpeak and “How To” that provide bona fide content without “being sold to.” SMB Nation 2008 has even added a “Speakers Behaving Badly” hotline where attendees can report any speaker from the 40+ content sessions that make commercial statements to insure the most pure attendee experience possible. “We want to avoid the wolf in sheep clothing phenomena,” emphasized Brelsford.

Sponsors and attendees will meet in the spacious Bell Harbor Conference Center. “At a time when similar technology shows are behind plan, we are ahead of plan” said Brelsford. “We believe this underscores the strength of the SMB segment and the optimism our sponsors have about the SBS 2008 and EBS 2008 opportunity.” Intel and Trend Micro are the platinum sponsors leading the event followed by HP and Microsoft. Gold sponsors include Autotask, CMIT Solutions, Aastra, SonicWall and Labtech. Silver sponsors include D&H, The Planet, Connectwise, Citrix, N-able, Reflexion, Tigerpaw Software, Nero, 19Marketplace, Symantec, StorageCraft, Acronis, Calyptix, MaxSP, Doyenz, EMC Retrospect, Quanta\Syspine, Zenith Infotech, Linked In, Backup Assist, CRU DataPort and WatchGuard. Bronze sponsors include Netgear, Untangle, CTL Computers, Level Platforms (LPI), MSP Partners, Linksys by Cisco, Comcast, Diskeeper, Expetec, New Global Telecom (NGT), Pronto Marketing, eFolder, CoreConnex, Highly Reliable Systems, SMB Books & Results Software, Technology Marketing Toolkit, Napera Networks, Independent Computer Consultants Association (ICCA) and Integrated mar.com.

Attendees can expect a high-quality conference with content that has been rigorously scrutinized by esteemed industry conference chairs (Dana Epp, Mikael Nystrom, Curt Hicks and Joe Moore). That has resulted in outstanding speaker selections such as Jeff Middleton, Susan Bradley, Ramon Ray and Amy Babinchak and popular topics such as How to Sell Your SBS\SMB Consulting Practice and Security in SBS 2008.

“So the last question is this. Where will you be October 4-6, 2008?” concluded Brelsford. Attendees can learn more and register at www.smbnation.com.

About SMB Nation
Founded ten years ago by Small Business Server author Harry Brelsford, Bainbridge Island, Washington-based SMB Nation supports small and medium business technology consultants to improve their business and technical skills with publications (books, SMB PC magazine) and events (SMB Nation conferences and workshops). SMB Nation boasts worldwide tribal membership in 30+ countries exceeding 20,000 consultants, resellers, VARs\VAPs and channel partners. Harry Brelsford is a Microsoft Small Business Specialist (SBSC) and holds an MBA from the University of Denver in addition to MCSE, MCT, MCP, CNE, CLSE and CNP certifications.

Contact:
Harry Brelsford
CEO, SMB Nation
206-915-3072
harryb@smbnation.com


Harry Brelsford | CEO | SMB Nation, Inc. | www.smbnation.com
Please attend our SMB Nation 2008 fall conference, October 4-6, 2008

Read Harry's SMB Dude Blog here
Download your copy of SMB PC magazine here

Thursday, August 21, 2008

SBS 2008 Released To Manufacturing RTM

Folk - in your hands in early October - just in time for the SMB Nation 2008 fall conference in Seattle (Oct 4-6). Details at www.smbnation.com.

This from Microsoft:
We are very excited to announce the RTM of Small Business Server 2008 today! This is a huge milestone for the team here, as well as all of you who have played a pivotal role in providing feedback on this product. We on the product team want to say "THANK YOU!" for the hours you've spent installing builds, discussing issues on the newsgroups, and filing all of those bugs we love! The SBS Community CANNOT be topped, and this release is just another example of that!
What's next?
• We'll be making the Evaluation builds available on the Microsoft CARE site within a month
• Complimentary Not for Resale copies of SBS will be awarded to Beta participants, based on participation.details from Kevin Beares coming soon!
• RTM product to be available in Retail and Volume Licensing early October, stay tuned to your favorite OEMs for launch plans
Please join us in celebrating this important day! We couldn't have done it without you!
Cassie Hicks and Dean Paron
Windows Small Business Server 2008

Remote Outlook Use in SBS 2003

Hi there - I am HArry Brelsford, the author of the Windows Small Business Server 2003 Best Practices book and each day a I post up a few pages for your reading pleasure. I will do this until SBS 2008 ships!

Today is the REMOTE USE of MICROSOFT OUTLOOK in an SBS 2003 world. Guess I am shouting for empahsis, eh?

Anyways - until tomorrow - harrybbbbb

Harry Brelsford |CEO at SMB NATION | www.smbnation.com

Microsoft Small Business Specialist (SBSC) and other non-sense like an MBA!

ps - I hold an annual conference each year in Seattle for SBSers...this year is early October to discuss SB S 2008 and EBS 2008.

###







Real Outlook 2003 Used Remotely


This section speaks to the ability to utilize your real Outlook 2003 client application across the Internet and connect to your SBS 2003 server machine. This might be used in lieu of OWA. There are two ways to make real Outlook speak to SBS 2003’s Exchange Server 2003 messaging application: VPN and RPC over HTTP. The VPN method is fairly straightforward. You simply establish a VPN connection (discussed in the next section below) and launch your Outlook 2003 client application. Your mailbox is then presented to you.


But a more hip, cool, and exciting way to remotely connect your Outlook 2003 client application to SBS 2003 is to use RPC over HTTP. RPC, which stands for “remote procedure call,” is how Outlook 2003 communicates over with Exchange Server 2003 on a local area network (LAN). The difference is that you are going to do it remotely over the Internet without having to first establish a VPN connection or present other authentication stuff like smart cards or security


tokens. This allows a remote worker to use real Outlook 2003 and get through the firewall.


BEST PRACTICE: Be advised there are some minimum requirements to using this cool messaging retrieval method. The client computer must be running Windows XP Professional with XP Service Pack 1 (SP1) and have the Microsoft Knowledge Base article 331320 updates installed. You must be running SBS 2003 (which includes Windows Server 2003 and Exchange Server 2003). The Exchange Server 2003 must be configured to allow connections via HTTP (fortunately, this is enabled by default in SBS 2003). You can see HTTP connection support in Exchange Server 2003 in SBS 2003 from Start, Server Management, Advanced Management, SPRINGERSLTD (Exchange), Servers, Springers1, Protocols, HTTP, Exchange Virtual Server. Notice the virtual server is configured and running (compare this to the POP3 virtual server that is not).


Given the baseline prerequisites have been met, complete the following procedure.


1 On the remote client computer (NormLap), have NormH log on locally with the password Purple3300.

2 Launch Outlook 2003 from Start, E-mail. If this is the first time you’ve launched Outlook 2003, complete the configuration screens to configure Exchange e-mail to point to SPRINGERS1 for the user Norm Hasborn.

3 Click Tools, E-mail accounts. The E-mail accounts wizard commences.

4 Select View or Change existing e-mail accounts and click Next.

5 Select the Exchange e-mail account on the E-mail Accounts page and click Change.

6 Click More Settings and select the Connections tab on the Microsoft Exchange properties dialog box.

7 Under Exchange over the Internet, select Connect to my Exchange mailbox using HTTP. This is shown in Figure 8-27.




Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-27


Selecting the option to connect over the Internet to your Exchange-based mailbox.





BEST PRACTICE: So let me guess. You don’t see the menu option in Step 7 above. If that is the case, you didn’t download and apply the patch specified above (331320). This can be found as www.microsoft.com/technet by entering 331320 in the Search field. The Microsoft search result should look similar to article page in Figure 8-28. Apply it now and restart the above procedure. See you back at Step 7, mate!


Notes:


Figure 8-28


Download and install this to complete the Outlook 2003 RPC over HTTP example.








8. Click on the Exchange Proxy Setting button.




9. Complete the Exchange Proxy Settings screen with https://spring­ers1.springersltd.com and verify the Connect using SSL only checkbox is selected. This is shown in Figure 8-29. Accept the default settings and click OK.




10. Click OK to close the Microsoft Exchange properties dialog box.




11. Click OK when notified you will need to restart Outlook.




12. Click Next on the E-mail Accounts wizard, followed by Finish.




13. Close and start Outlook again. Outlook 2003 will appear and ready for your use.




Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-29


Completing the final RPC over HTTP steps for Outlook 2003.





BEST PRACTICE: How ‘bout a little bit more discussion on RPC over HTTP. Try on this advanced stuff for size. As you might have guessed, Outlook 2003 is capable of wrapping an HTTP/HTTPS header around each MAPI RPC request. This gives Outlook 2003 the capability of communication to the Exchange Server using direct HTTP or HTTPS. With the correct configuration (such as you did above), this feature allows a rich client experience to a corporate mailbox server over the Internet (as you know by now) where no RPC ports or VPN are required. Where Exchange front-end servers have been deployed in the DMZ, these act as RPC/HTTP proxy servers to the back-ends on the corporate network (oops - I just went beyond the scope of SBS there).


The Windows RPC over HTTP feature provides an RPC client (in this case, Outlook 2003) with the ability to establish connections across the Internet by tunneling the RPC traffic over HTTP. Because standard RPC communication is not designed for use on the Internet and doesn’t work well with perimeter firewalls, RPC over HTTP makes it possible to use RPC clients in conjunction with perimeter firewalls (again, this is kinda beyond the scope of SBS). If the RPC client can make an HTTP connection to a remote computer running Internet Information Services (IIS), the client can connect to any available server on the remote network and execute remote procedure calls. Furthermore, the RPC client and server programs can connect across the Internet - even if both are behind firewalls on different networks.


So now for a real advanced issue! You and I have likely read popular trade journal media stories that the RPC stack on Windows (NT/ 2000/XP/2003) having been exploited by hackers (Blaster). Hell ­you might have seen it! So is RPC over HTTP vulnerable to this type of attack? Nope would be the official reply. Nope because only authenticated users are allowed access to RPC over HTTP. That’s why you’re prompted to log on in again when you try to get Outlook to connect to the Exchange server using RPC over HTTP. The cited exploit could only use anonymous access to RPC.


And that’s that!

Wednesday, August 20, 2008

Exchange ActiveSync in Windows Small Business Server 2003 (SBS)

Good day everyone - I am posting up a few pages per day from my book Windows Small Business Server 2003 Best Practices (da purple book) for your pleasure until SBS 2008 ships!

Today in Chapter 8 we explore Exchange ActiveSync - enjoy the ride...

cheers...harrybbb

HArry Brelsford CEO at SMB NAtion www.smbnation.com

Microsoft Small Business Specialist - SBSC - MBA - MCSE - MCP - CNE - MCT - CLSE - CNP

PS - did u know we are holding a big SBS 2008 and EBS 2008 launch party in early October 2008 in Seattle at our SMB Nation 2008 conference!

###

Exchange Server ActiveSync
Sync directly and with high levels of security to your Exchange mailboxes from Microsoft Windows powered devices such as Pocket PC 2002, the Pocket PC Phone, and Windows Powered SmartPhone. Stay in direct contact over the air with a server running Exchange 2003 so you can:
• Work both online and offline. Synchronize your e-mail messages, calendar, and contacts based on various settings from your device. Syn¬chronization can be on-demand or scheduled. When coupled with Out¬look Mobile Access, you can gain access to your Tasks list and the Global Address List.
• Get up-to-date notifications. Receive specially formatted short mes¬sage service (SMS) messages from Exchange 2003 that wake up your Windows-powered device and prompt your device to initiate a synch.


This feature, new in Exchange 2003, enables you to set the conditions of these alerts by using your Inbox rules.


• Choose your synchronization method. Select from on-demand or scheduled synchronization. This includes remote access to your e-mail messages, calendar, and contacts list, and when coupled with Outlook Mobile Access, you can gain access to Tasks list and the Global Address List.


Those of you who have had Pocket PCs for a while are familiar with cradling the device at your desktop as you synchronize. You must have Outlook running on the desktop while you use Outlook to synchronize and connect to the Exchange Server, and as soon as you remove that device from the cradle, you’re out of sync. That’s not the case anymore with Exchange ActiveSync. You can still use the cradle, but you can also synchronize directly to Exchange over a wireless connection. Exchange ActiveSync does integrate with the desktop ActiveSync. So any settings you’ve created from your desktop translate over to the device and can be altered there. Any settings from the device translate over to the desktop.

Tuesday, August 19, 2008

Outlook Mobile Access (OMA) in SBS 2003

Hello-hello! I am Harry Brelsford, author of the Windows Small Business Server 2003 Best Practices book and each day I am posting up several pages from this purple book. I am delighted to report that we start the subject of Outlook Mobile Access (OMA) from Chapter 8 with today's post. Good stuff!

enjoy....harrybbb

Harry Brelsford | ceo at smb nation | www.smbnation.com

Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT, MCP, CNE, yadda yadda yadda

PS - did u know we are hosting a SBS conference in early october in Seattle?

###

Outlook Mobile Access


Back in Chapter 6, I wrote about forwarding e-mails to your cell phone. The forwarding works, but an even better solution is to use the newly included feature of Exchange 2003 and SBS 2003 called Outlook Mobile Access (OMA). OMA is simply OWA for web-enabled phones and PocketPC browsers. The basic features of OMA were formerly offered in Mobile Information Server 2002 and also in third party devices - now they are free!


During the SBS 2003 launch events, I met Kim Walker in Columbus, Ohio. Everyone has a gadget that they can’t live without and Kim’s addiction is e-mail on her cell phone. She has been using and managing third-party add-ins for several years and is promoting the feature to her clients. Kim has offered up some OMA info and best practices. She’s the OMA Momma and what follows in this section are her words! Go Kim!


Defining OMA


OMA offers a live text interface to your e-mail messages, calendars, tasks, and contacts. It replaces third-party add-ins at client computers or on additional servers. Therefore, it helps lower the total cost of ownership by reducing the need to deploy additional mobile server products in the corporate environment and by utilizing one mobile user device instead of multiple devices.


OMA supports Wireless Application Protocol (WAP) 2.x as well as XHTML browser-based devices, full HTML browsers and i-Mode devices such as mobile phones and personal digital assistants (PDAs).


OMA Server-Side


From the server-side, OMA setup is very simple. OMA is easier to manage than third party or desktop applications - everything is configured through Exchange System Manager. One important note is that in Standard Exchange Server 2003, OMA is disabled by default, but within SBS 2003 the default is OMA enabled (Figure 8-21).


Figure 8-21


The default Mobile Services Properties for Exchange has everything enabled.





Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Notice the section titled Enable unsupported devices. Many devices have not been fully tested by Microsoft and are not on the supported device list. By default this box is checked, allowing a user to access Exchange on theses untested devices. The user gets an error that says: The device type you are using is not supported. Press OK to continue. This is shown in Figure 8-22. Once you press OK on the device, the service is generally available.


Figure 8-22


This is a screenshot from a mobile phone showing a failed connection.





BEST PRACTICE: Keep the Enabled unsupported devices checkbox


selected.


You can grant OMA access on an individual case-by-case basis. Say Norm Hasborn, owner of SPRINGERS, gets a new cell phone and doesn’t tell you. If Outlook Mobile Access is disabled for him (see Figure 8-23), he might test out OMA and get an error. He won’t have OMA access until he calls you, the SBSer, for support.


Figure 8-23


You can disable Mobile Services for individual user.





BEST PRACTICE: If you decide to manually add a user e-mail alias rather than run a custom recipient policy, your user will get an error accessing OMA: Item no longer exists. The item you are attempting to access may have been deleted or moved.


OMA Client-Side


From the client-side OMA is also fairly simple. It does not have all of the bells and whistles some third-party software has had, but it is definitely functional. OMA is customized for low-bandwidth high-latency type environments, but it still has the same feature set. Reply still means reply. Decline a meeting still means decline a meeting.


Time to use the SPRINGERS methodology where you will send an e-mail, enter contact records, and perform other such tasks from OMA. OMA can be


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


accessed from a desktop computer as well - you don’t have to have a mobile device. In fact, if you are using your laptop in a location with a very slow connection, OMA will get you to your e-mail without any OWA overhead.


Sending an E-mail


Time for some step-by-step to have NormH check his e-mail.


1 From the mobile device, point your browser to the following address: http://springers1.springersltd.com/oma.

2 At the Authentication required screen, type NormH in the User field and click OK.

3 On the Password screen, enter Purple3300 and click OK.

4 If you get the device type not supported error (wording may vary), click OK.

5 You are taken to the Exchange Mailbox for the user (Figure 8-24). You can scroll (down arrow on cell phone) to see all of the Mailbox options (such as Calendar, Contacts, Tasks, etc.).




Figure 8-24


The OMA-based Mailbox on the mobile phone.





6. To read Norm’s inbox, press the 1 or the Go menu button.. This will bring you to his Inbox listing (Figure 8-25).


Figure 8-25


This is an Inbox on a mobile phone.





The asterisk on the first message in Figure 8-24 means that this is unread. Also notice the second message is the Standard SBS 2003 Server Performance report


-it might take a little while to read through on the small screen, but in a pinch it’s great. To read any message just select Go while highlighted or hit the corresponding number (there will not be numbers in standard Internet Explorer form a desktop). OMA provides full-featured e-mail functionality, including compose new, read, reply, reply all, forward, delete, flag, and mark as unread. From the details view of messages, you can browse to previous message or next message, close, or go home.


In the OMA calendar view, you can view today, next/previous day, or go to the day of your choice. For any OMA calendar item, you can accept, tentative, decline, reply, reply all, forward, delete, and view details.


Comparing OMA to Other Approaches


So how does OMA compare to cellular-provided desktop assistant programs? Functionality is similar, but the major advantage is that the phone now connects directly to the server. In order for one of the Desktop Assistant programs to


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


function, the desktop must remain turned on with the forwarding program running. This places the failure point at the desktop and also uses both LAN and Internet bandwidth.


How does OMA on a standard cell phone compare to a SmartPhone or blackberry device? Generally cell telephones have smaller screens, but as you can see from the screen shots, if the phone is set to a small text, it is still readable. It is not as easy to type a reply, but it is possible and you can still check messages anywhere.


One important difference between OMA browser access and synchronization devices is that the information is only accessible when the user is in cellular coverage. The data does not get stored on the phone, but can be viewed only in the browser while the user is authenticated to the server.


As of this writing, I dearly miss some of the tricks that third party software offered. One of these tricks is a text message/page notification of mail - a rule that tells the user to check the mailbox rather than forward the message. For now, you can use the forward message from Chapter 6 for specific messages. In the past I have used notifications to page me when I received a message of high importance or a server message (based on words in the subject) or by sender. I check my e-mail frequently, but if I was in a meeting it would alert me to an issue that might be critical.


Daily OMA Use


I use OMA all of the time. Personally, I have a separate folding keyboard that attaches to my cell phone - I can send and receive e-mails without pulling up my laptop, but when I don’t need it I still have a small form factor phone. Without a keyboard, you don’t want to type long e-mails or replies, but you could send a short message saying “YES” (literal telephone pad keystroke sequence is: yes - Y - 999, E - 33, S - 7777 - it’s the new Morse code). OMA is also great for checking calendar updates. While running from one meeting to another, you can quickly check to see if the upcoming meeting time or location has been moved.


Thanks, Kim, for the OMA expertise. Won’t you consider speaking on this at the SMB Nation conference in Fall 2004? I can’t resist sharing a photo from the Fall 2003 SBS hands-on lab tour where a student in San Francisco implemented OMA right in the class room (Figure 8-26).


Figure 8-26


Live from San Francisco! It’s OMA and SBS 2003.

Monday, August 18, 2008

OWA Security in SBS 2003

Happy Monday to u!

I am Harry Brelsford, the author Windows Small Business Server 2003 Best Practices and I am posting up a few pages per day to the Web (my blog) for your reading pleasure. This will continue until SBS 2008 ships!

So please enjoy a few pages today concerning OWA security in SBS 2003!

cheers…harrybbbb

Harry Brelsford

CEO at SMB Nation, www.smbnation.com, Microsoft Small Business Specialist (SBSC)

PS - I host a fantastic fall confernece in Seattle surrounding all this and more - everything SBS and Eseential Busienss Server (EBS)

###

OWA Security


There are a couple of security matters relating to OWA.


• Public vs. private computer. In Figure 8-18, you can see the OWA logon screen. A public or shared computer has a shorter time-out period (akin to the same setting in RWW). A private computer informs the Exchange server to tolerate a longer period of inactivity before enforcing a log off.

• HTTPS. I mentioned earlier but I need to mention again. When you configured SBS properly (that is, run the EICW and create the self-sign­ing certificate that is discussed in both Chapter 4 and 5), you’ll always




operate OWA under HTTPS. The translation for the BDM is that this is more secure and the data (in addition to the logon activity) is encrypted via PPTP. The port session related to this is shown in Figure 8-20.


Figure 8-20


Observe Port 443 making the OWA session operate under HTTPS.





Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


• Challenging. When you log on the old fashioned way or the local host way, you must complete the OWA logon. In SBS 2000, a local host OWA session did not issue this logon challenge. When you access OWA via RWW, you are not challenged for an OWA-specific logon because RWW passes logon authentication to OWA.


BEST PRACTICE: Always have your SBS users properly log off OWA when they leave an OWA session. The logoff button is found on the far right of the upper OWA toolbar. Not logging off lays the foundation for sinister behavior, such as someone clicking Back several times in Internet Explorer to get to your mailbox! LOG OFF!

Sunday, August 17, 2008

OWA - finer points in SBS 2003

Hello everyone - its sunday and I am posting up a few pages from Chapter 8 of my Windows Small Business Server 2003 Best PRactices book (the purple book) for your reading pleasure. Today we look at some of the finer points of Outlook Web Access (OWA) in SBS 2003. I will keep posting up book pages each day until SBS 2008 ships.

Thanks for reading - hope this helps!

cheers...harrybbbb

Harry Brelsford ceo at SMB Nation www.smbnation.com

I am a Microsoft Small Business Specialist (SBSC), MBA< MCSE< MCT< CNE, CLSE and CNP!

Did u know I host a raging SBS conference in Seattle in early october?

###

Meet OWA


Less talk, more look-see at this point. The new and improved OWA is presented in Figure 8-17 for your pleasure.


Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-17


Here is OWA in the SBS 2003 time frame. Notice in the Address that the URL identifies local host (running on the SBS server machine).





There are three ways to access OWA in SBS 2003.


• Old-fashioned. You’re probably familiar with this approach. Type the fully qualified domain name (FQDN) appended with the term “exchange” for the external interface (that’s the wild-side NIC card) on the SBS server machine) like springers1.springersltd.com/exchange. This approach assumes you have an “A” resource record registered in the DNS of your ISP that points to the wild-side NIC card. Of course, you could always point to the wild-side IP address in the following manner -207.202.238.215/exchange - and you’ll start the OWA authen­tication process.

• RWW. If necessary, revisit the RWW discussion early in this chapter where you learned to authenticate over the Internet. The RWW menu has the Read my company e-mail link to launch OWA. From the




outside, RWW is best accessed by FQDN/remote (spring­ers1.springersltd.com/remote).


• Local Host. In Figure 8-17, I hinted at the use of OWA on the SBS server machine. This is possible with the localhost/exchange address. This is an excellent way to read e-mail messages et. al. on the actual SBS server machine and avoid the MAPI conflict I discussed in Chap­ter 6 (see Figure 6-26).


There are two types of OWA experiences:


• Premium. If ya want the good stuff, you need to select the Premium radio button on the OWA logon screen.

• Basic. While providing fewer OWA features, selecting the Basic radio button results in a session that runs faster and is recommended for slow links.




Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


I compare OWA Premium and OWA Basic on a deeper level (focused on security) in Table 8-1.


Table 8-1: Security: OWA Premium versus Basic




Capability
Description
OWA Premium
OWA Basic

Logon page
This has a new custom­ized form for logging on to OWA. Includes cookie-based valid­ation where OWA cookie is invalid after user logs out or is inactive for a predefined amount of time (or eats the cookie - just kidding).
Yes -and allows you choice to use OWA Basic
Yes - but only allows use of OWA Basic

Clear credentials cache on logoff
After logofff all the credentials in IE SP1 credentials cache are cleared automatically.
Yes
No

Public/Share computer and Private computer logon options
To provide SBSers with more protection, two logon page security options can be used. You can set the private logon page with a longer period before user is logged off because of inactivity.
Yes
Yes

“Web Beacon” blocking
Users can control options for blocking external content in e-mail.
Yes
Yes

Attachment blocking
Administrator options restrict access to some or all attachments in messages.
Yes
Yes

Junk mail filtering
Options to set up safe-and blocked-sender lists.
Yes
Yes

Encrypted/ signed mail
Sending and receiving encrypted and/or signed e-mail is supported.
Yes. IE 6 on Micro­soft Windows 2000 or later.
No.





It’s time for Norm Hasborn to check his e-mail via OWA.


1 Log on to the remote computer (in my example: NormLap). I’ll assume you can log on as NormH (a local user) with the password Purple3300.

2 Launch Internet Explorer from Start, Internet. Type springers1.springersltd.com/exchange in the Address field. Note you can explore OWA via RWW on your own by repeating the RWW steps earlier in the chapter (from RWW, select Read my company e-mail). Here I want to expose you to the native OWA logon screen (RWW suppresses this screen, as I’ll discuss in the security section).

3 Click OK at the two Security Alert dialog boxes that appear (a third such box may appear if you didn’t install the SPRINGERS certifi­cate earlier in the chapter and requires Yes).

4 Complete the OWA logon screen similar to Figure 8-18. NormH is the user with the password Purple3300. The Client is Premium and the Security is Public or shared computer (I discuss security in the next section). Click Log On.




Figure 8-18


Norm Hasborn is logging on to OWA here. The session has flipped to HTTPS at this point.





Visit www.microsoft.com/technet for the latest updates for any Microsoft product.




1 OWA can be seen for NormH in Figure 8-19. Notice the e-mail in the figure relates to the alert you configured in the prior chapter (Chapter 7 on WSS) relating to the Breeder1.doc document. Cool!

2 Go ahead and horse around with OWA for a few minutes. When you’re done, log off via the Log Off button on the far right.




Figure 8-19


OWA time, baby!

Friday, August 15, 2008

Outlook Web Access (OWA) in Windows Small Business Server 2003 (SBS)

Call it a case of tomorrow's new today!

I am posting up my Outlook Web Access (OWA) introduction in the SBS 2003 realm today (Friday) because tomorrow (Saturday) I will be jammed with my niece's wedding here in San Francisco. What is interesting about this wedding is that it is an openly gay wedding which is now legal in the State of California and I am thrilled and excitred to see how this all plays out! I will post up a blog on my first experience at this type of wedding.

Back to the business at hand. I am the author of the Window Small Business Server 2003 Best Practices book (purple book) and I live on Bainbridge Island, WA. I am posting up a few pages of this SBS 2003 bok each and every day until SBS 2008 ships on November 12th (worldwide, multiple languages). Today - as I mentioned - we meet OWA.

cheers...harrybbbb

Harry Brelsford, CEO at smb nation, www.smbnation.com

Microsoft Small Business Specialist - SBSC

did u know we have a gr8t fall conference in sEattle in early October?!?! :)

###

Outlook Web Access


Meanwhile, back at the BBQ where the steaks are sizzling, another compelling SBS 2003 feature that “sizzles” in front of business decision makers (BDMs) is the massively improved Outlook Web Access (OWA). My infamous SBS customer, Bob in real estate, did back flips when I showed him the new OWA in SBS 2003. Why? For these reasons.


• Look and feel. The new OWA just looks more like “real” Outlook. That has been a major sticking point with Bob and other BDMs. It wasn’t so much like reading an e-mail message in past OWA releases


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


was that bothersome. Rather, things like calendar entries and contact records were downright rude!


• Feature creature. OWA, when compared to past OWA versions (apples to apples) and not compared to “real” Outlook (apples to oranges), is much richer. An example of improved features is the stronger integra­tion with Outlook and its rules and options (such as Privacy and Junk E-mail Prevention options now accessible via OWA).

• Sir Speedy. This OWA version boogies. Older OWA releases were slow and seconds of delay felt like hours to Type-A businessmen like Bob. It was so bad in the past that I set up Outlook Express with IMAP as per Chapter 6 to workaround the OWA slowness.

• Security improvements. I felt honor-bound to show my customers, such as Bob the BDM, some improvements to security. As an SBSer in the early 21st century, I’m trying to use every opportunity to talk up security (and no, this isn’t make-work or a self-employment act, but advice offered in a sincere way). See the security section below for details, but I’ll share one now: OWA natively runs under HTTPS when you configure the default configuration of SBS.




BEST PRACTICE: So are there any limitations with the new OWA? Yes, there are a few. A bright student in Mumbai/Bombay India SBS 2003 hands-on lab correctly taught me (the instructor) that OWA doesn’t display multiple mailboxes at the same time while real Outlook can. This is bothersome if you’re a BDM that uses multiple e-mail aliases to look larger than life in the business community and you travel extensively and need to use OWA from Internet cafés or your laptop in a hotel room. With OWA and multiple mailboxes, you’d need to log on multiple times (as the different e-mail account) and view each mailbox separately (e.g., jobs@springersltd.com).


Another student at the San Francisco, California, SBS 2003 hands-


on lab (October 2003) correctly pointed out that, when viewing a


Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.


contact record in a public folder in the new OWA, the New Message to Contact toolbar button is disabled. Translation: You can’t send an e-mail to a contact in a public folder with a single click using OWA. Rather, you have to manually copy and paste the SMTP e-mail address into a new message. He seemed really bothered by this (must have been having a bad SBS day).


Beatrice Mulzer from Cocoa Florida informs me that the search folder feature isn’t available in OWA.


I personally noticed that, when entering a contact record in OWA in the SBS 2003 time frame, that the Address, City, State, Zip fields (ACSZ) are divided in the UI for OWA (you have separate fields for ACSZ). But, in real Outlook 2003, ACSZ is entered into a single field and then parsed in the background.

Remote Desktop Protocol (RDP) in Windows Small Business Server 2003

Top of the morinng to ya! I am up and at 'em here in Seattle on the 520AM ferry enroute to the airport and some time in the San Francisco area...really starting to spend more time down there what with the hot technology sector (can u say SOMA?). So a quick post from Chapter 8 of my Windows Small Business Server 2003 Best Practices book - as u might know - I am posting up several pages per day from this book into the WILD for your reading pleasure. Why do I do this? Because I am a nice person! I will keep posting until SBS 2008 ships!

Today we explore the Remote desktop Protocol (RDP) in the mobility realm of SBS 2003.

cheers...harrybbbb

harry brelsford, smb nation's ceo www.smbnation.com

Microsoft Small Business Specialist (SBSC), MBA MCSE MCT CNE CLSE CNP

Did u know I host my big annual conference in early OCtober in Seattle!

###

Exploring RDP


Oops! I almost forgot some more stuff on RDP that I wanted to share (this has an advanced tone to it). RDP allows for separate virtual channels for carrying device communication and presentation data from the server, as well as encrypted client mouse and keyboard data. RDP uses its own video driver on the server-side to render display output by construction rendering information in network packets using the RDP protocol and sending them over the network to the client. On the client-side, it receives the rendering data and interprets them into the corresponding Win32 Graphic Display Interface (GDI) application programming interface (API) calls. On the input path, client mouse and keyboard messages are redirected from the client to the server. On the server-side, RDP uses its own virtual keyboard and mouse driver to receive these keyboard and mouse events.


Without encrypting the display protocol, it would be very easy to “sniff” the wire to discover the user’s passwords as they log on to the system. Allowing an administrator to log on using a non-encrypted protocol exposes the entire domain resources that are now vulnerable to hackers, especially if connecting over a public network without a VPN. It is both darn interesting and important to note


that protocols using “scrambling” to protect data are just as vulnerable to this


sort of attack as protocols that send data using clear text. The activity involved in sending and receiving data through the RDP stack is essentially the same as the seven-layer Open Standards Interconnection (OSI) model for the LANs on this planet. Data from an application or service to be transmitted is passed down through the protocol stacks, sectioned (sounds like a Ginsu knife commercial with slicing and dicing, eh?), directed to the channel (through MCS), encrypted, wrapped, framed, packaged onto the network protocol, and finally (really and truly) addressed and sent over the wire to the client. The returned data works the same way only in reverse, with the packet being stripped of its address, then unwrapped, decrypted, and so on (and on and on) until the data is presented to the application for use (Whew!). Key portions of the protocol stack modifications occur between the fourth and seventh layer, where the data is encrypted, wrapped and framed, directed to a channel and prioritized.


Lastly, every version of RDP uses RSA Security’s RC4 cipher, a stream cipher


designed to efficiently encrypt small amounts of varying data size. RC4 is designed for secure communications over networks and is also used in protocols such as SSL, which encrypts traffic to and from secure Web sites. By default, Windows XP Remote Desktop and Windows Server 2003 Remote Desktop and Terminal Services use high (128-bit) encryption to encrypt most data transmissions in both the client-to-server direction and the server-to-client direction.


BEST PRACTICE: Don’t forget the 128-bit encryption point raised here.


It is frequently brought up in technology conversations about SBS.

Thursday, August 14, 2008

RWW Security Summary in SBS 2003

Hello gang - today I have a shorter post-up from my Windows Small Business Server 2003 Best PRactices book - it is a summary of Remote Web Workplace security.

enjoy...harrybbbb

Harry Brelsford, ceo at smb nation, www.smbnation.com

did u know we have a raging conference comin' to Seattle in early October: SBS 2008 and EBS 2008 launch party!

Microsoft Small Business Specialist (SBSC) and MBA

###

RWW Security Summary


Before moving on and looking at Outlook 2003 remote approaches, oblige me and view the following RWW security summary:


• SSL connections required for access to the Web site.

• User authentication required for access to the Web site.

• Log out allows users to close sessions and clear any cached logon credentials.

• Timeout feature automatically closes sessions after a period of inactivity.




Visit www.microsoft.com/technet for the latest updates for any Microsoft product.




• Public or shared computer mode provides additional safety require­ments in those environments (browser version checking, shorter timeouts).

• Web site is throttled through IIS.

• Web site files are strongly ACL’ed (governed by the Access Control List) to prevent unauthorized editing.

• Remote Desktop connections are encrypted and send only mouse clicks and keystrokes over the connection.

• Reduces or eliminated the need for VPN connections at the business.




BEST PRACTICE: Use the above list as “talking points” when talking about RWW.

Wednesday, August 13, 2008

RWW under the hood in SBS 2003

Good evening folks - been a crazy busy day but I am honoring my commitment to post up several pages per day from my Windows Small Business Server 2003 Best Practices book (the purple book). I really like the part of Chapter 8 where we debunk, prove and otherwise party on with Remote Web Workplace.

Looking forward to SBS 2008 and more madness!

cheers...harrybbbb

Harry Brelsford, ceo at smb nation, www.smbnation.com

Microsoft Small Business Specialist, MBA, MCSE, CNE, MCT, MCP, CLSE and CNP - whew - I am tired!

ps - funky groovy fall conference is less than 60-days away in Seattle!

###

Under the Hood RWW Architecture


Specialists like specialist in the professional world, perhaps because there is an element of mutual respect. So when this SBS specialist (yours truly) needed some help digging deeper in this subject area, I went to fellow SBS 2003 hands-on lab instructor Beatrice Mulzer from Florida. Beatrice is an RWW nicher and provided the screen shots in this section showing a glimpse of how things work under the hood with RWW.


First off, it helps to see a Visio diagram that outlines the RWW architectural experience. This is shown in Figure 8-10.


Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.


Figure 8-10


This diagram outlines the RWW mechanics.





Now for the step-by-step figures that bring definition to the chart above.


Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-11


Initial connection to SBS 2003 external Web page over port 80. Note HTTP in the Address field of Internet Explorer.





BEST PRACTICE: Note the above figure (Figure 8-11) assumes that you have selected the Business Web option on the Web Services Configuration page in the EICW. We did NOT do this back in Chapter 4 for the purpose of SPRINGERS. But please heed this advice, as imparted to me by the Microsoft program manager who owns this area. IN THE REAL WORLD, Microsoft discourages you from opening port 80 in the EICW via the Business Web selection. Rather, they’d rather have the address for RWW typed by external users be the FQDN followed by /remote (e.g., springers1.springersltd.com/ remote). The /remote component of the address makes the external listening port become 443 and the address is appended to HTTPS.


Another real worldism for NOT opening port 80 if you can help it. Beside exposing your IIS root to the world (and Web search engine crawling), you also expose RWW to Web search engine crawling. This is something you probably don’t want to do, as it might be the source of future vulnerabilities and attacks (as of this writing, this hasn’t been exploited). A really interesting exercise to see this in action is to go to Google and search on the terms “remote web workplace” and view the results. You’ll see pages of hits returned with Remote Web Workplace highlighted. These are SBS 2003 sites that have opened port 80 (again, likely via the Business Web selection on the Web Services Configuration page in the EICW). Stunning how many RWW sites you’ll see.


Finally, if you must have port 80 open because you really do host a business Web site and you’ve accepted the risks, then please consider using a robots.txt file to restrict Web search engine crawling. Details on robots.txt at www.robotstxt.org/wc/robots.html and in Chapter 10.


Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-12


Approving the security certificate (SSL) pop-up to log on to Remote Web Workplace (this process started by selecting the Remote Web Workplace link). Note the port switch from port 80 to port 443. This would be the case when you’ve published your root page via the Business Web selection on Web Services Configuration in the EICW.





Figure 8-13


The SSL pop-up was approved and the RWW logon dialog box appears. Session traffic is over port 443 and the HTTP protocol has switched to HTTPS at this point.





Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-14


An RWW session underway with HTTPS and port 443.





BEST PRACTICE: Did you look closely at the above figure and see the entry titled “View Server Usage Report”? How did that appear? If you have run the Monitoring Configuration Wizard (which you will do in Chapter 12) and the user (in this case Beatrice) has permission to view the server usage reports, this option will appear on the RWW page.


Notes:


Figure 8-15


Internally accessing the WSS Home page (Intranet) over port 443 under RWW. Protocol is HTTPS. Note that external access to WSS is over 444 (which isn’t being depicted in this figure).





Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-16


When you click the Connect to my computer at work, port 4125 is used for the Remote Desktop session traffic (note port 4125 doesn’t become active and listen until you click this Connect to my computer at work button; listening actually occurs on port 443). This is in addition to port 443 that remains open (ports 4125 and 443 are simultaneously open under this scenario). At this juncture, some background voodoo is performed by SBS to authenticate you and prove you are who you say you are (that’s about as well as I can explain it in this introductory text).





BEST PRACTICE: A common question in the Fall 2003 SBS hands-on labs related to which ports on a hardware-based firewall/router needed to be opened to allow RWW traffic through. RWW uses the following ports for its entire experience: 443, 444, 4125. Port 80 would be used if you published the root page (not recommended). And by the way, the other SBS-related port you’ll need open is 1723 (VPN, which I discuss more later).


By the way, you can see the port 4125 setting for RWW in the


Registry at:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal


and look at the Port key where the REG_DWORD value is 4125.


Another common question concerns whether you must first establish a VPN connection to drill down and take control of your Windows XP Pro workstation via Remote Desktop. The answer is no. You are using RDP over HTTP, not VPN tunneling to access the Windows XP Pro workstation.


So hopefully a few pictures here have saved over a thousand words. I thought that by starting with a diagram and then witnessing the port traffic, you could “feel” RWW first hand under the hood. More of this good stuff in my advanced SBS 2003 book in the second part of 2004.

my first time (at a virtual tradeshow)

Hi gang - busy week here. YEsterday our firm distributed 300+ magazines at a busy Boston trade show (D&H New England show) and today we are participating in the MSP Partners virtual tradeshow using the Ziff-Davis engine. It is really cool. We have a booth ont eh tradeshow floor, are getting some great traffic and having some amazing conversations via the CHAT features.

I totall encourage u to check it out if you have never seen one of these before: http://www.virtualtradeshowslive.com/

(tell harryb sent ya')

My good friend Ken Thoresen is leading a panel discussion at 2pm EDT so HURRY!

cheers...harrybbbb

harry brelsford | ceo at smb nation | www.smbnation.com

check out our big fall show in seattle in early october!

Microsoft Small Business Specialist SBSC and darn proud of it

Tuesday, August 12, 2008

SBSC and OnForce party...err..Webinar

Hey - I plan to attend this - I am very interested in how OcForce will play with SBSCs.

See the Power of Partnering with OnForce

Join Microsoft and OnForce on August 26th at 10:00 AM Pacific time for a webinar to hear from other Small Business Specialists on how to partner with OnForce to win new IT service work without investing in sales, marketing and receivables. OnForce will help you build your business reputation and become a preferred partner based on your SBSC designation and onsite performance. It is 100% free to join – no upfront costs. Simply create your profile and choose the work that fits your schedule, matches your skills, and meets your rates. The first 10 partners to create an active OnForce profile by September 9th may be eligible to win a $100 AMEX gift card.* Webinar is open only to active members of the Small Business Specialist Community. Register today.

Thoughts? Let me know!

harrybbbbb

Harry Brelsford CEO at SMB Nation www.smbnation.com

ps - we are holding a raging SBS 2008 and EBS 2008 conference soon - early October!

Just Announced: 15 city evening tour in USA for SBS 2008 look and feel

Hey - MS Redmond justa announced this goodness:
The creators of Small Business Server 2008 are coming to a city near you!

The engineering team that built Small Business Server 2008 is traveling to 15 cities across the United States, showcasing the new technology in the latest version of the award-winning product.

Hear first-hand from the creators and ask those tough questions only they can answer! This information-packed, three-hour presentation will highlight the technology changes and explain the changes in pricing and licensing of the product. You will also learn about key programs and offers Microsoft is making available to help you get more business today!

If you sell into the Small Business space, you won’t want to miss this special opportunity brought to you jointly by Microsoft and your local SBS partner group. Space is limited, so sign up today!

Learn more about what we have in store > Here's what we'll cover:
Technical Content Overview
• What's new in SBS 2008
• Technical demonstrations
• Special Q&A Section:
Get information and answers,
direct from the
SBS development team!
Marketing and Business Content Overview
• Technology Assessment toolkit
• Licensing and pricing changes overview
• Key programs and offers available to you today


https://training.partner.microsoft.com/plc/search_adv.aspx?ssid=32a99fba-74bd-4403-8a99-1650a1168c05



Click here to choose your date and city >


City
Date
Time

Redmond, WA
Sat, September 6
12:00-3:00pm

Alpharetta, GA
Tues, September 9
3:00-8:30pm

Charlotte, NC
Wed, September 10
6:00-9:00pm

Fort Lauderdale, FL
Thurs, September 11
7:00-10:00pm

Houston, TX
Fri, September 12
6:00-9:00pm

Cincinnati, OH
Mon, September 15
7:00-10:00pm

Downers Grove, IL
Tue, September 16
6:30-9:30pm

Irving, TX
Wed, September 17
6:30-9:30pm

South Field, MI
Wed, September 17
6:30-9:30pm

Minneapolis, MN
Thurs, September 18
6:00-9:00pm

Waltham, MA
Thurs, September 18
6:00-9:00pm

New York, NY
Fri, September 19
4:00-7:00pm

San Francisco, CA
Mon, September 22
6:00-9:00pm

Irvine, CA
Tues, September 23
6:00-9:00pm

San Diego, CA
Wed, September 24
6:00-9:00pm

Best regards,
Your local partner group Lead and Microsoft

https://training.partner.microsoft.com/plc/search_adv.aspx?ssid=32a99fba-74bd-4403-8a99-1650a1168c05

Enjoy....harrybbb
Harry Brelsford CEO at smb nation www.smbnation.com
Microsoft Small Business Specialist SBSC

Geeky Goodness: SBS 2008 and EBS 2008 online training

Folks - I can attest that this is geeky goodness:

Get Ready for the Windows Essential Server Solutions Launch with Technical Training Series

The November 12, 2008 launch for Windows Essential Server Solutions is fast approaching! Prepare by attending Partner Academy Live technical training sessions for Windows Small Business Server 2008 and Windows Essential Business Server 2008 starting on August 15, 9am PDT with “The Small and Midsize Business Server Platform: Which Is Right for Your Customer?”. Topics include planning and installation, migration, security, management, virtualization, and more for both Windows SBS 2008 and Windows EBS 2008.

https://partner.microsoft.com/global/40075344

RWW procedure in SBS 2003

Hello! I am Harry Brelsford, the author of Windows Small Business Server 2003 Best Practices (da' purple book). I am posting up several pages per day of this book until SBS 2008 ships.

Today we explore the Remote Web Workplace (RWW) usage procedure in SBS 2003.

enjoy....harrybbbb

Harry Brelsford | ceo at SMB Nation | www.smbnation.com

Microsoft Small Business Specialist (SBSC), MBA< MCSE< MCT< CNE and other stuff!

PS - we have a raging fall geeky conference in Seattle in early October...SBS 2008 and EBS 2008 launch party!

###

RWW Procedure: Daze and Amaze!


As you start this procedure, there is a big assumption you will introduce a remote computer into the SPRINGERS scenario (so far you’ve worked with the SPRINGERS1 server machine and the PRESIDENT client computer). A favorite way to describe the mobility area in SBS 2003 time frame is to say you’re using a laptop over WIFI from a Starbucks coffee shop to access the office network!


What you need is a client computer that is not part of the SBS 2003 network and could be considered as being on the “outside” (not on the 192.168.16.x subnet). In Appendix D, you’ll receive guidance for setting this up as a virtual network using either VMWare or Virtual PC from Microsoft. To facilitate this, I created a Windows XP Pro workstation in a workgroup called HASBORN (the machine name is NormLap). I assigned the static IP address of


207.202.238.225 with a Class C subnet to this external client computer. The naming isn’t as important here as the concept of having an external client computer up and running in the SPRINGERS storyline.


1. Log on as NormH to the remote computer (in my case, NormLap) with the password Purple3300 (in this case, Norm is a local user in the Windows XP Pro workgroup model). Also - please make sure the PRESIDENT workstation is powered on and running. And I guess the SBS 2003 server machine (SPRINGERS1) better be running too! That’ll make this procedure infinitely easier to complete!


BEST PRACTICE: Later on, when you attempt to connect to PRESIDENT from NormLap, you’ll appreciate the following. If PRESIDENT were not powered on and attached to the network in


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


our case, you’d receive an error in the Remote Desktop connection process the reads: “Connectivity to the remote computer could not be established. Ensure that the remote computer is on and connected to the Windows Small Business Server Network.”


1 Launch Internet Explorer from Start, Internet. Type in the follow­ing address in the Address field: springers1.springersltd.com.

2 If you did not select the Business Web on the Web Services Configu­ration page in Chapter 4 when you ran the EICW, you’d receive a 403 error saying that the page could not be displayed. If you did publish the root page by selecting Business Web on the Web Services Configuration page, the Welcome page appears as seen in Figure 8-1. You will now plow through each link. But notice that the address line reads “http” at this point. This is important as you progress through the examples.




Figure 8-1


The external public Web page on an SBS 2003 server machine. It kindly welcomes you aboard! This occurs when you publish the root Web page over port 80 in SBS 2003 (which is not recommended).





BEST PRACTICE: Slow down there, pardner! How did a FQDN address resolve itself in our simple SPRINGERS methodology when I didn’t point you to an authoritative DNS server to resolve the address? Did I brain hiccup on ya there? Nope! I got sneaky and entered the following HOSTS file entry on the NormLap workstation:


207.202.238.215 springers1.springersltd.com


Note the host file on a Windows XP Pro is located by default at: c:\windows\system32\drivers\etc


1 Click My Company’s Internal Web Site and nothing will happen. This was designed to be a simple placeholder for you to place a link to your company’s Web site. It will not access the internal Web site despite the name of this link (the command being executed is http:// companyweb which is an internal, not external reference). Click Back to return to Welcome.

2 Click Network Configuration Wizard. This is an internal LAN pro­cess to join the computer as an Active Directory object on the net­work. This certainly has a time and place, but you’re going to defer on the opportunity to do this now because I want to maintain the sanctity of my methodology whereby NormLap is truly an external client computer. In fact, this wont’ work externally. Click Back.

3 If you clicked Remote Web Workplace, you’d access RWW from the public root Web page. But read on.

4 So now I want to reverse course and do things properly! In the Address field, type springers1.springersltd.com/remote and click Go. You’ve commenced your connection to RWW.

5 Click OK when you see the Security Alert dialog box.

6 Another Security Alert dialog box appears and relates to the self-signed security certificate described in Chapter 6. Click View Cer­tificate and select Install Certificate. Click Next when the Cer­tificate Import Wizard launches. Click Next on the Certificate Store page (the default selection is Automatically select the cer­tificate store based on the type of certificate). Click Finish fol­lowed by OK. Click OK to close the Certificate dialog box. So what did you just do? You installed the certificate in Internet




Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Explorer on the external client computer. Finally, click OK to clear the Security Alert dialog box that greeted you at the start of this step.


BEST PRACTICE: If you purchase a real signed certificate (e.g. Verisign), the stuff in the step above won’t happen. Consider that a best practice (Microsoft is supportive of purchased real certificates).


10. The Remote Web Workplace logon dialog box appears (Figure 8-2). Type NormH in the User name field. Type Purple3300 in the password field. Observe the other settings (using a public/shared computers, broadband connection). Click Log on.


BEST PRACTICE: Notice the Address line has switched to HTTPS. It’s self-signed security certificate time, baby! Observe the little golden padlock on the lower right of IE. HUMOR ZONE: Back before July 2003 (when Microsoft went to stock grants), stock options for full-time Microsoft employees (“blue badges”) have been referred to as the golden handcuffs, so this must be the origins of the golden padlock for IE in HTTPS mode!


Figure 8-2


The Remote Web Workplace logon page.





11. Observe the official Remote Web Workplace page that has four menu options by default (Figure 8-3). The first selection, Read my company e-mail, simply launches Outlook Web Access, which I’ll discuss a little later in the chapter. The fourth option, Download Connection Man­ager, is also discussed later in the chapter. For now the focus is on the middle two options. So click Connect to my computer at work.


Figure 8-3


The infamous Remote Web Workplace welcome page. The ability to connect to your computer is only one of four options on this menu.





BEST PRACTICE: Exactly how does the RWW welcome page get built and know what options to display? In part, the RWW welcome page menu options are built from the options you select on the Web Services Configuration page in the EICW (refer to Figure 4-10). Another element is that an Active Directory query is run to look for computer objects. If none are found, the link to connect to desktop computers is suppressed. If you haven’t completed the Remote Access Wizard from the To Do List in Server Manager, the Connection


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Manager link is suppressed. That’s what does it for mere mortals, but read on.


If you want to manually light up links in RWW, you can flip the DWORD value in the Registry for any menu link. Go to the following SBS 2003 Registry location in the Registry Editor (REGEDIT):


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal


and then drill into the two folders (AdminLinks, KWLinks) and look at the DWORD values (these line items list each RWW menu link). Choose the AdminLinks folder when you use RWW as Administrator. Select the KWLinks folder when you use RWW as a user who has Mobile User template membership or Power User template membership.





12. Click Yes when asked by the Security Warning dialog box to install the Remote Destkop Active X control. This control will install in the background. Note this is a one-time event that runs the first time you perform this procedure. You won’t see it again.




13. Select PRESIDENT from the Computers list. Click the Optional Settings link and observe the settings. Select the Enable files and folders to be transferred between the remote computer and this computer and Hear sounds from the remote computer on this com­puter. The options you have just selected are self-explanatory. Your screen should look similar to Figure 8-4 (I realize the figure is slightly cropped). Click Connect.




14. Click OK after reading the Remote Desktop Connection Security Warning (Figure 8-5).




15. On the Log on to Windows dialog box that appears for the PRESI­DENT client computer, type NormH as the user and Purple3300 as the password. This step is identical to logging on to a Terminal Ser­vices server machine from a remote location, so it’s likely within your comfort level.




Figure 8-4


Explore the options on the page where you select the computer you want to log on to remotely.





BEST PRACTICE: Hold the phone! Didn’t you observe in step 13 that the RWW session had you log on as NormH yet you were challenged and had to log on as NormH in the Log on to Windows dialog box? This relates to the fact that user authentication credentials from the RWW sign on (step 10) aren’t being passed on to step 15.


Technically speaking, here is what’s up. The Remote Desktop ActiveX Control can only accept credentials in clear text before connecting to a client. Once you connect, the channel is encrypted, and passwords are sent securely. Microsoft could not allow people to have their credentials stored in clear text on a client ever, which is what would have to occur in order to automatically sign you in. It’s too risky. Who knows? Maybe in the future this pass through will be securely perfected, saving that step. Good news, though. The step


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


does preset your user name for you, saving you some typing (e.g., not having to type NormH again).


Figure 8-5


Approve this security warning which speaks towards local drive mappings.





16. You are now using the PRESIDENT machine at work as NormH. THIS IS SO COOL (NormH’s exact words as he sipped a triple cappuccino at Starbucks!). Go ahead and perform a simple action such as launching his Outlook 2003 e-mail client from Start, E-mail and perhaps launch Microsoft Word from Start, All Programs, Microsoft Office, Microsoft Office Word 2003 (the result would be similar to Figure 8-6).


BEST PRACTICE: Can anyone log on to any client computer on the SBS 2003 network using this RWW-based work from home or Starbucks approach? Nope! Remember back in Chapter 4 that the Add User Wizard process made the assigned user a local administrator and eligible to log on to the client computer via the Remote Desktop capability in Windows XP Pro (see from Start, right-click My Computer, select Properties, select Remote tab and explore the Remote Desktop section of the tab sheet). Bottom line: You have to be allowed to log on to a client computer.


Figure 8-6


Working remotely, Norm has hijacked his desktop machine back at SPRINGERS and typed a document in Word 2003. Cool!





BEST PRACTICE: By the way, I remember a heated debate between individuals at the Fall 2003 Miami SBS 2003 hands-on lab regarding the Remote Desktop logon behavior in RWW. It was like witnessing a beer battle with one side claiming the brew was less filling, the other side insisting the brew tasted great. One party claimed that the auto-logoff that occurs, for example, on Norm’s PRESIDENT machine (assuming it was logged on at the time back at the office) when Norm uses RWW to initiate a Remote Desktop session is a flaw. His point was someone could be working on PRESIDENT and receive no prior notification they are being logged off (work could be lost, etc.). The other party to the debate saw the situation much differently and claimed it was a feature! Performing this log off on the local desktop when a Remote Desktop session via RWW


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


commenced enforced security and prevented snooping. So one man’s flaw is another man’s feature!


Oh-oh. Just one minor clarification to the story above. When Norm, who is working remotely, commences the Remote Desktop session, he will receive a notice that he’s about to log off the local user (in this case we’ll say Linda). It’s Linda who doesn’t receive the log off notification (Linda just finds herself being logged off).


17. Let’s pretend you walked up to the counter and ordered another triple cappuccino. The line was long with worker bees and it was over 20 minutes before you returned to your remote session on your laptop (e.g., NormLap). You’re greeted by Figure 8-7. Why? Because back in Step 9 at the RWW logon box, you told SBS 2003 that you were logging on from a public or shared computer. Knowing that, SBS 2003 will terminate your session after 20 minutes of idle time (a private or non-public computer has two hours). Note that you will always receive a RWW warning that you’re about to time out at the remaining one-minute mark. Click on the Return to the Remote Web Workplace link.


Notes:


Figure 8-7


Oops. You took to much time getting the cappuccino and were logged off for security purposes!





BEST PRACTICE: When you were auto-logged off, this wasn’t just a termination of the Remote Desktop session with the PRESIDENT desktop machine. No sir! This was a total log out from RWW (that’s going back a couple of steps there).


18. Complete the logon (again) to RWW in a manner similar to Step 10 above as NormH. Select Connect to my computer at work. Select PRESIDENT and click Connect. Log on as NormH using the Purple3300 password. Whew! You’re returned to the Word 2003 document shown in Figure 8-6. Yes Virginia, Windows XP Pro has session maintenance upon disconnect or forced logoff.


BEST PRACTICE: Note that RWW will display a list of Windows XP Pro machines with Remote Desktop and Windows 2000 Server/ Windows Server 2003 machines running Terminal Services in


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Application Sharing Mode here. This is accomplished by a background query that pools network membership for machines that meet this specific criteria. This is an SBS 2003 feature and not found in the full Windows Server 2003 network. Yee-haw.


And by the way, if you connect to a server machine running Terminal Services in Application Sharing Mode via RWW, it will be over port 4125, not port 3389 (the traditional way). You read it here first.





19. You will now disconnect properly! Close Word 2003 (save the file if you like). Close Outlook 2003. Click Start, Disconnect. Select Dis­connect when the Disconnect Windows dialog box appears. When you perform this step, a local user could log on to the machine again and commence working (e.g., Linda uses the desktop computer again).




20. You are returned to RWW’s screen displaying computer names. Click the Main Menu link.




21. Click on the Use my company’s internal Web site link.




22. Complete the connection dialog box that appears as NormH in the User name and Purple3300 in the Password field.




23. The Windows SharePoint Services (WSS) Home page appears as seen in Figure 8-8.




Notes:


Figure 8-8


The WSS Home page as you left it in Chapter 7 but viewed via RWW.





24. Select Log Off. Then click Close. When asked to close the window in the Microsoft Internet Explorer dialog box, click Yes.


Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.