SMB Nation 2008 fall conference, the 6th annual, will bring Small Business Server 2008 and Essential Business Server 2008 into the world with a monster launch party plus over 40 content sessions. Be there in Seattle!
Hurry - early bird rate expires next Monday - so you still have time to save a couple $$$
thanks...harrybbb
ceo at smb nation
www.smbnation.com
Showing posts with label Windows Small Business Server. Show all posts
Showing posts with label Windows Small Business Server. Show all posts
Thursday, August 28, 2008
Wednesday, August 27, 2008
Faxing in S BS 2003 [book excerpt]
Good morning - I am harry brelsford, author of the Windows Small Business Server 2003 Best Practices book and each day I am posting up a few pages for the community. I will do this until (1) SBS 2008 ships or (2) I run out of pages!
Today we look at Chapter 9 which is faxing with the shared fax service in SBS 2003.
enjoy...harrybbbb
Harry Brelsford, CEO at smb nation www.smbnation.com
Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP
PS - did u know I host an annual conference in Seattle each october for SBSers and SMB consultants? This year we help launch SBS 2008 and Essential Business Server (EBS) between October 4-6!
###
Chapter 9 Faxing
In working with SBS as both a user and consultant, I’ve noticed that the true value of some of its features can only be appreciated over time. SBS’s faxing capability is one such feature.
The faxing topic is appropriately placed here, later rather than sooner, because it is usually one of those features my clients suddenly discover well after the installation and deployment of the SBS solution. Whereas the main priorities out of the gate for most SBS sites are Internet connectivity, e-mail, and being secure, faxing is usually something I can demonstrate when things settle down and I have the client’s undivided attention. After other core SBS features, such as Outlook 2003, are accepted and widely used, the time is ripe to introduce faxing.
To balance my introduction of the faxing topic, full disclosure is necessary. I have some clients who view faxing as akin to religion. Implementing an electronic, network-based faxing solution, such as that found in SBS, acted as a key driver in their approval of the SBS network implementation project. And not only do I know this firsthand from selected clients, but I also know it from the e-mails you—the readers of my past SBS books—have sent me. Many of you commented at length how important faxing is in a small business environment networked with SBS. In fact, the dialog between reader and writer (that’s me) revealed a couple of interesting points:
• Faxing, when used, is considered very important.
• In general, SBSers were disappointed with the reliability and capability of the faxing application in the SBS 4.x era (late 1990s).
• SBSers in the past (specifically, the SBS 4.x era) have opted to deploy third-party faxing solutions, such as GFI Fax, instead of using the native faxing capabilities inside SBS.
• Readers also reported that they truly got what they paid for in fax modems. Those who went with the low-cost modems (often included with workstations) frequently experienced poor performance. Contrast that with the experience of those who invested in a superior fax modem such as the external V.Everything modem. For an investment of about $250 USD, the folks using the V.Everything modem found that they could achieve five 9’s or six sigma of reliability with the Shared Fax Service in SBS. It just flat out works!
The good news about the Shared Fax Service is that Microsoft listened over the years to the feedback on faxing within the SBS community. In the prior SBS 2000 release (the predecessor to SBS 2003), the fax application, is one area that received some of the greatest attention. And the results showed. Truth be told, it was actually a crack team of developers at Microsoft Israel who “rewrote” or reprogrammed the fax application from the ground up to take advantage of a more stable and robust Windows 2000 code base. This occurred in the summer of 2000. I share this historical insight with you because knowing how we got to where we’re at with faxing in SBS 2003 makes you wiser about the faxing function offered in SBS. That is, I’m providing historical context for ya! More important, if SBS previously lost your trust with respect to faxing, I think this release will restore that trust.
BEST PRACTICE: It’s the crime of the century. It’s the Shared Fax Service caper. It’s a big brother ripping off a little brother. What am I getting to? That the Shared Fax Service that was built for SBS 2000 just after the beginning of the new century was stolen by the Windows Server team for inclusion in the traditional Windows Server 2003 family. That’s right! The Shared Fax Service perfected for SBS was soooo good that it’s been, shall we say, borrowed for the other server products at Microsoft. In the world of intellectual property, there is certainly no greater compliment than theft, so the Fax Service
developed for SBS being co-opted for the other Microsoft Servers
operating systems is quite an affirmation of its value!
In the first part of the chapter, basic SBS faxing is defined as well as configured. You will also learn how to send and receive a fax. In the second half of the chapter, I discuss fax reporting and other advanced fax topics.
Today we look at Chapter 9 which is faxing with the shared fax service in SBS 2003.
enjoy...harrybbbb
Harry Brelsford, CEO at smb nation www.smbnation.com
Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP
PS - did u know I host an annual conference in Seattle each october for SBSers and SMB consultants? This year we help launch SBS 2008 and Essential Business Server (EBS) between October 4-6!
###
Chapter 9 Faxing
In working with SBS as both a user and consultant, I’ve noticed that the true value of some of its features can only be appreciated over time. SBS’s faxing capability is one such feature.
The faxing topic is appropriately placed here, later rather than sooner, because it is usually one of those features my clients suddenly discover well after the installation and deployment of the SBS solution. Whereas the main priorities out of the gate for most SBS sites are Internet connectivity, e-mail, and being secure, faxing is usually something I can demonstrate when things settle down and I have the client’s undivided attention. After other core SBS features, such as Outlook 2003, are accepted and widely used, the time is ripe to introduce faxing.
To balance my introduction of the faxing topic, full disclosure is necessary. I have some clients who view faxing as akin to religion. Implementing an electronic, network-based faxing solution, such as that found in SBS, acted as a key driver in their approval of the SBS network implementation project. And not only do I know this firsthand from selected clients, but I also know it from the e-mails you—the readers of my past SBS books—have sent me. Many of you commented at length how important faxing is in a small business environment networked with SBS. In fact, the dialog between reader and writer (that’s me) revealed a couple of interesting points:
• Faxing, when used, is considered very important.
• In general, SBSers were disappointed with the reliability and capability of the faxing application in the SBS 4.x era (late 1990s).
• SBSers in the past (specifically, the SBS 4.x era) have opted to deploy third-party faxing solutions, such as GFI Fax, instead of using the native faxing capabilities inside SBS.
• Readers also reported that they truly got what they paid for in fax modems. Those who went with the low-cost modems (often included with workstations) frequently experienced poor performance. Contrast that with the experience of those who invested in a superior fax modem such as the external V.Everything modem. For an investment of about $250 USD, the folks using the V.Everything modem found that they could achieve five 9’s or six sigma of reliability with the Shared Fax Service in SBS. It just flat out works!
The good news about the Shared Fax Service is that Microsoft listened over the years to the feedback on faxing within the SBS community. In the prior SBS 2000 release (the predecessor to SBS 2003), the fax application, is one area that received some of the greatest attention. And the results showed. Truth be told, it was actually a crack team of developers at Microsoft Israel who “rewrote” or reprogrammed the fax application from the ground up to take advantage of a more stable and robust Windows 2000 code base. This occurred in the summer of 2000. I share this historical insight with you because knowing how we got to where we’re at with faxing in SBS 2003 makes you wiser about the faxing function offered in SBS. That is, I’m providing historical context for ya! More important, if SBS previously lost your trust with respect to faxing, I think this release will restore that trust.
BEST PRACTICE: It’s the crime of the century. It’s the Shared Fax Service caper. It’s a big brother ripping off a little brother. What am I getting to? That the Shared Fax Service that was built for SBS 2000 just after the beginning of the new century was stolen by the Windows Server team for inclusion in the traditional Windows Server 2003 family. That’s right! The Shared Fax Service perfected for SBS was soooo good that it’s been, shall we say, borrowed for the other server products at Microsoft. In the world of intellectual property, there is certainly no greater compliment than theft, so the Fax Service
developed for SBS being co-opted for the other Microsoft Servers
operating systems is quite an affirmation of its value!
In the first part of the chapter, basic SBS faxing is defined as well as configured. You will also learn how to send and receive a fax. In the second half of the chapter, I discuss fax reporting and other advanced fax topics.
Monday, August 25, 2008
funny hahah - did I really just say that!?!?!?
The small business technology consultant is hyper-sensitive to being sold to or duped by vendors or sponsors.
Harry Brelsford, founder and CEO of SMB Nation.
Read: http://www.echannelline.com/canada/story.cfm?item=DLY082508-4
Harry Brelsford, founder and CEO of SMB Nation.
Read: http://www.echannelline.com/canada/story.cfm?item=DLY082508-4
Friday, August 22, 2008
VPN and SBS 2003
Hello folks - I am the author of the Windows Small Buisness Server 2003 Best Practices book (ye olde purple book) and I am posting up a few pages per day because (1) I own the copyright and (2) I like helping folks!
Today we are deep into Chapter 8 discussing mobility and remote access. The topic is Virtual Private Networks (VPN) in SBS 2003.
BTW - I will keep postung up unitl SBS 2008 ships!
cheers...harrybbbb
Harry Brelsford
CEO at SMB Nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, CNE, MCP, MCT, CLSE and CNP - man - I am tired from earning those titles!
ps - we are hosting the SBS 2008 and Essential Business Server EBS launch party in Seattle at our fall conference in early October...see ya there!
###
VPN Connectivity
Building on the high-level VPN discussion we had in Chapter 5, this section is gonna do the step-by-step thing to have Norm Hasborn VPN in from his trusty HP Evo N800c laptop.
BEST PRACTICE: If you have run the Remote Access Wizard, you can then run the Connect My Remote Computer to the Network link in RWW to install Connection Manager on the mobile laptop or home computer. Here is the key point. Connection Manager automates the process of establishing a VPN connection to the SBS
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
2003 network. Connection Manager can be used across any type of connection (such as dial-up modem).
Connection Manager can be installed three ways:
• Add User Wizard/Setup Computer Wizard: You can specify that Connection Manager should be installed for a user on a machine. Revert to discussion in the latter part of Chapter 4 to refresh your memory on this. This approach will place a shortcut on the client computer desktop to run Connection Manager and initiate the VPN session.
• Connection Manager diskette. Yes, diskettes still exist in SBS 2003! This diskette can be created and given to an employee to take home to easily set up the VPN connection to the SBS 2003 network. Create the Connection Manager diskette from the Create Remote Connection Disk link on the Manage Client Computers page under Standard Management in the Server Management Console.
• RWW: Pick Download Connection Manager from RWW, which is what we’ll do in the following procedure.
BEST PRACTICE: Connection Manager will only work with a FQDN that you’ve registered as a resource record with your ISP to point to the wild-side NIC card on the SBS 2003 server machine. If you want to use the wild-side IP address, you’ll have to configure the connection manually.
VPN Step-by-Step Procedure
Time to have Norm VPN into SPRINGERS!
1 Log on locally as NormH using the password Purple3300 on his laptop, NormLap.
2 Click Start, Internet to launch Internet Explorer.
3 Type springers1.springersltd.com/remote in the Address field.
4 Respond affirmatively to the security alerts (OK, Yes)
5. On the RWW logon screen, log on as NormH with the password Purple3300. But if you want to avoid the message in Figure 8-30, then deselect the I’m using a public or shared computer checkbox.
Figure 8-30
Microsoft will not allow Connection Manager to run on a public or shared computer.
6. Select Download Connection Manager. Click OK after reading the warning that you should ensure all users have strong passwords after you install Connection Manager.
7. Click Open on the File Download dialog box to open Connection Manager (sbspackage.exe).
8. Click Yes when asked if you want to install the connection to SBS 2003 in the Connect to Small Business Server dialog box. The installation process commences.
9. On the desktop, double-click on the Shortcut to Connect to Small Business Server.
10. Complete the Connect to Small Business Server logon box, as seen in Figure 8-31. Type NormH in the User name field, and Purple3300 in the Password field. Click Connect. Your computer will be registered on the SBS network.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-31
Simple stuff, Maynard! Connecting via the Connection Manager approach shields users from having to manually configure the VPN stuff on their computer.
You have now established a VPN connection to the corporate network and the client computer acts as a “node” on the LAN at this point. The visual evidence of this will be a green dancing computer (connection icon) in the lower right corner of the screen. VPN connections are often appropriate to access network resources from afar and run business databases (where you truly need to be a network node).
Today we are deep into Chapter 8 discussing mobility and remote access. The topic is Virtual Private Networks (VPN) in SBS 2003.
BTW - I will keep postung up unitl SBS 2008 ships!
cheers...harrybbbb
Harry Brelsford
CEO at SMB Nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, CNE, MCP, MCT, CLSE and CNP - man - I am tired from earning those titles!
ps - we are hosting the SBS 2008 and Essential Business Server EBS launch party in Seattle at our fall conference in early October...see ya there!
###
VPN Connectivity
Building on the high-level VPN discussion we had in Chapter 5, this section is gonna do the step-by-step thing to have Norm Hasborn VPN in from his trusty HP Evo N800c laptop.
BEST PRACTICE: If you have run the Remote Access Wizard, you can then run the Connect My Remote Computer to the Network link in RWW to install Connection Manager on the mobile laptop or home computer. Here is the key point. Connection Manager automates the process of establishing a VPN connection to the SBS
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
2003 network. Connection Manager can be used across any type of connection (such as dial-up modem).
Connection Manager can be installed three ways:
• Add User Wizard/Setup Computer Wizard: You can specify that Connection Manager should be installed for a user on a machine. Revert to discussion in the latter part of Chapter 4 to refresh your memory on this. This approach will place a shortcut on the client computer desktop to run Connection Manager and initiate the VPN session.
• Connection Manager diskette. Yes, diskettes still exist in SBS 2003! This diskette can be created and given to an employee to take home to easily set up the VPN connection to the SBS 2003 network. Create the Connection Manager diskette from the Create Remote Connection Disk link on the Manage Client Computers page under Standard Management in the Server Management Console.
• RWW: Pick Download Connection Manager from RWW, which is what we’ll do in the following procedure.
BEST PRACTICE: Connection Manager will only work with a FQDN that you’ve registered as a resource record with your ISP to point to the wild-side NIC card on the SBS 2003 server machine. If you want to use the wild-side IP address, you’ll have to configure the connection manually.
VPN Step-by-Step Procedure
Time to have Norm VPN into SPRINGERS!
1 Log on locally as NormH using the password Purple3300 on his laptop, NormLap.
2 Click Start, Internet to launch Internet Explorer.
3 Type springers1.springersltd.com/remote in the Address field.
4 Respond affirmatively to the security alerts (OK, Yes)
5. On the RWW logon screen, log on as NormH with the password Purple3300. But if you want to avoid the message in Figure 8-30, then deselect the I’m using a public or shared computer checkbox.
Figure 8-30
Microsoft will not allow Connection Manager to run on a public or shared computer.
6. Select Download Connection Manager. Click OK after reading the warning that you should ensure all users have strong passwords after you install Connection Manager.
7. Click Open on the File Download dialog box to open Connection Manager (sbspackage.exe).
8. Click Yes when asked if you want to install the connection to SBS 2003 in the Connect to Small Business Server dialog box. The installation process commences.
9. On the desktop, double-click on the Shortcut to Connect to Small Business Server.
10. Complete the Connect to Small Business Server logon box, as seen in Figure 8-31. Type NormH in the User name field, and Purple3300 in the Password field. Click Connect. Your computer will be registered on the SBS network.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-31
Simple stuff, Maynard! Connecting via the Connection Manager approach shields users from having to manually configure the VPN stuff on their computer.
You have now established a VPN connection to the corporate network and the client computer acts as a “node” on the LAN at this point. The visual evidence of this will be a green dancing computer (connection icon) in the lower right corner of the screen. VPN connections are often appropriate to access network resources from afar and run business databases (where you truly need to be a network node).
Thursday, August 21, 2008
Remote Outlook Use in SBS 2003
Hi there - I am HArry Brelsford, the author of the Windows Small Business Server 2003 Best Practices book and each day a I post up a few pages for your reading pleasure. I will do this until SBS 2008 ships!
Today is the REMOTE USE of MICROSOFT OUTLOOK in an SBS 2003 world. Guess I am shouting for empahsis, eh?
Anyways - until tomorrow - harrybbbbb
Harry Brelsford |CEO at SMB NATION | www.smbnation.com
Microsoft Small Business Specialist (SBSC) and other non-sense like an MBA!
ps - I hold an annual conference each year in Seattle for SBSers...this year is early October to discuss SB S 2008 and EBS 2008.
###
Real Outlook 2003 Used Remotely
This section speaks to the ability to utilize your real Outlook 2003 client application across the Internet and connect to your SBS 2003 server machine. This might be used in lieu of OWA. There are two ways to make real Outlook speak to SBS 2003’s Exchange Server 2003 messaging application: VPN and RPC over HTTP. The VPN method is fairly straightforward. You simply establish a VPN connection (discussed in the next section below) and launch your Outlook 2003 client application. Your mailbox is then presented to you.
But a more hip, cool, and exciting way to remotely connect your Outlook 2003 client application to SBS 2003 is to use RPC over HTTP. RPC, which stands for “remote procedure call,” is how Outlook 2003 communicates over with Exchange Server 2003 on a local area network (LAN). The difference is that you are going to do it remotely over the Internet without having to first establish a VPN connection or present other authentication stuff like smart cards or security
tokens. This allows a remote worker to use real Outlook 2003 and get through the firewall.
BEST PRACTICE: Be advised there are some minimum requirements to using this cool messaging retrieval method. The client computer must be running Windows XP Professional with XP Service Pack 1 (SP1) and have the Microsoft Knowledge Base article 331320 updates installed. You must be running SBS 2003 (which includes Windows Server 2003 and Exchange Server 2003). The Exchange Server 2003 must be configured to allow connections via HTTP (fortunately, this is enabled by default in SBS 2003). You can see HTTP connection support in Exchange Server 2003 in SBS 2003 from Start, Server Management, Advanced Management, SPRINGERSLTD (Exchange), Servers, Springers1, Protocols, HTTP, Exchange Virtual Server. Notice the virtual server is configured and running (compare this to the POP3 virtual server that is not).
Given the baseline prerequisites have been met, complete the following procedure.
1 On the remote client computer (NormLap), have NormH log on locally with the password Purple3300.
2 Launch Outlook 2003 from Start, E-mail. If this is the first time you’ve launched Outlook 2003, complete the configuration screens to configure Exchange e-mail to point to SPRINGERS1 for the user Norm Hasborn.
3 Click Tools, E-mail accounts. The E-mail accounts wizard commences.
4 Select View or Change existing e-mail accounts and click Next.
5 Select the Exchange e-mail account on the E-mail Accounts page and click Change.
6 Click More Settings and select the Connections tab on the Microsoft Exchange properties dialog box.
7 Under Exchange over the Internet, select Connect to my Exchange mailbox using HTTP. This is shown in Figure 8-27.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-27
Selecting the option to connect over the Internet to your Exchange-based mailbox.
BEST PRACTICE: So let me guess. You don’t see the menu option in Step 7 above. If that is the case, you didn’t download and apply the patch specified above (331320). This can be found as www.microsoft.com/technet by entering 331320 in the Search field. The Microsoft search result should look similar to article page in Figure 8-28. Apply it now and restart the above procedure. See you back at Step 7, mate!
Notes:
Figure 8-28
Download and install this to complete the Outlook 2003 RPC over HTTP example.
8. Click on the Exchange Proxy Setting button.
9. Complete the Exchange Proxy Settings screen with https://springers1.springersltd.com and verify the Connect using SSL only checkbox is selected. This is shown in Figure 8-29. Accept the default settings and click OK.
10. Click OK to close the Microsoft Exchange properties dialog box.
11. Click OK when notified you will need to restart Outlook.
12. Click Next on the E-mail Accounts wizard, followed by Finish.
13. Close and start Outlook again. Outlook 2003 will appear and ready for your use.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-29
Completing the final RPC over HTTP steps for Outlook 2003.
BEST PRACTICE: How ‘bout a little bit more discussion on RPC over HTTP. Try on this advanced stuff for size. As you might have guessed, Outlook 2003 is capable of wrapping an HTTP/HTTPS header around each MAPI RPC request. This gives Outlook 2003 the capability of communication to the Exchange Server using direct HTTP or HTTPS. With the correct configuration (such as you did above), this feature allows a rich client experience to a corporate mailbox server over the Internet (as you know by now) where no RPC ports or VPN are required. Where Exchange front-end servers have been deployed in the DMZ, these act as RPC/HTTP proxy servers to the back-ends on the corporate network (oops - I just went beyond the scope of SBS there).
The Windows RPC over HTTP feature provides an RPC client (in this case, Outlook 2003) with the ability to establish connections across the Internet by tunneling the RPC traffic over HTTP. Because standard RPC communication is not designed for use on the Internet and doesn’t work well with perimeter firewalls, RPC over HTTP makes it possible to use RPC clients in conjunction with perimeter firewalls (again, this is kinda beyond the scope of SBS). If the RPC client can make an HTTP connection to a remote computer running Internet Information Services (IIS), the client can connect to any available server on the remote network and execute remote procedure calls. Furthermore, the RPC client and server programs can connect across the Internet - even if both are behind firewalls on different networks.
So now for a real advanced issue! You and I have likely read popular trade journal media stories that the RPC stack on Windows (NT/ 2000/XP/2003) having been exploited by hackers (Blaster). Hell you might have seen it! So is RPC over HTTP vulnerable to this type of attack? Nope would be the official reply. Nope because only authenticated users are allowed access to RPC over HTTP. That’s why you’re prompted to log on in again when you try to get Outlook to connect to the Exchange server using RPC over HTTP. The cited exploit could only use anonymous access to RPC.
And that’s that!
Today is the REMOTE USE of MICROSOFT OUTLOOK in an SBS 2003 world. Guess I am shouting for empahsis, eh?
Anyways - until tomorrow - harrybbbbb
Harry Brelsford |CEO at SMB NATION | www.smbnation.com
Microsoft Small Business Specialist (SBSC) and other non-sense like an MBA!
ps - I hold an annual conference each year in Seattle for SBSers...this year is early October to discuss SB S 2008 and EBS 2008.
###
Real Outlook 2003 Used Remotely
This section speaks to the ability to utilize your real Outlook 2003 client application across the Internet and connect to your SBS 2003 server machine. This might be used in lieu of OWA. There are two ways to make real Outlook speak to SBS 2003’s Exchange Server 2003 messaging application: VPN and RPC over HTTP. The VPN method is fairly straightforward. You simply establish a VPN connection (discussed in the next section below) and launch your Outlook 2003 client application. Your mailbox is then presented to you.
But a more hip, cool, and exciting way to remotely connect your Outlook 2003 client application to SBS 2003 is to use RPC over HTTP. RPC, which stands for “remote procedure call,” is how Outlook 2003 communicates over with Exchange Server 2003 on a local area network (LAN). The difference is that you are going to do it remotely over the Internet without having to first establish a VPN connection or present other authentication stuff like smart cards or security
tokens. This allows a remote worker to use real Outlook 2003 and get through the firewall.
BEST PRACTICE: Be advised there are some minimum requirements to using this cool messaging retrieval method. The client computer must be running Windows XP Professional with XP Service Pack 1 (SP1) and have the Microsoft Knowledge Base article 331320 updates installed. You must be running SBS 2003 (which includes Windows Server 2003 and Exchange Server 2003). The Exchange Server 2003 must be configured to allow connections via HTTP (fortunately, this is enabled by default in SBS 2003). You can see HTTP connection support in Exchange Server 2003 in SBS 2003 from Start, Server Management, Advanced Management, SPRINGERSLTD (Exchange), Servers, Springers1, Protocols, HTTP, Exchange Virtual Server. Notice the virtual server is configured and running (compare this to the POP3 virtual server that is not).
Given the baseline prerequisites have been met, complete the following procedure.
1 On the remote client computer (NormLap), have NormH log on locally with the password Purple3300.
2 Launch Outlook 2003 from Start, E-mail. If this is the first time you’ve launched Outlook 2003, complete the configuration screens to configure Exchange e-mail to point to SPRINGERS1 for the user Norm Hasborn.
3 Click Tools, E-mail accounts. The E-mail accounts wizard commences.
4 Select View or Change existing e-mail accounts and click Next.
5 Select the Exchange e-mail account on the E-mail Accounts page and click Change.
6 Click More Settings and select the Connections tab on the Microsoft Exchange properties dialog box.
7 Under Exchange over the Internet, select Connect to my Exchange mailbox using HTTP. This is shown in Figure 8-27.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-27
Selecting the option to connect over the Internet to your Exchange-based mailbox.
BEST PRACTICE: So let me guess. You don’t see the menu option in Step 7 above. If that is the case, you didn’t download and apply the patch specified above (331320). This can be found as www.microsoft.com/technet by entering 331320 in the Search field. The Microsoft search result should look similar to article page in Figure 8-28. Apply it now and restart the above procedure. See you back at Step 7, mate!
Notes:
Figure 8-28
Download and install this to complete the Outlook 2003 RPC over HTTP example.
8. Click on the Exchange Proxy Setting button.
9. Complete the Exchange Proxy Settings screen with https://springers1.springersltd.com and verify the Connect using SSL only checkbox is selected. This is shown in Figure 8-29. Accept the default settings and click OK.
10. Click OK to close the Microsoft Exchange properties dialog box.
11. Click OK when notified you will need to restart Outlook.
12. Click Next on the E-mail Accounts wizard, followed by Finish.
13. Close and start Outlook again. Outlook 2003 will appear and ready for your use.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-29
Completing the final RPC over HTTP steps for Outlook 2003.
BEST PRACTICE: How ‘bout a little bit more discussion on RPC over HTTP. Try on this advanced stuff for size. As you might have guessed, Outlook 2003 is capable of wrapping an HTTP/HTTPS header around each MAPI RPC request. This gives Outlook 2003 the capability of communication to the Exchange Server using direct HTTP or HTTPS. With the correct configuration (such as you did above), this feature allows a rich client experience to a corporate mailbox server over the Internet (as you know by now) where no RPC ports or VPN are required. Where Exchange front-end servers have been deployed in the DMZ, these act as RPC/HTTP proxy servers to the back-ends on the corporate network (oops - I just went beyond the scope of SBS there).
The Windows RPC over HTTP feature provides an RPC client (in this case, Outlook 2003) with the ability to establish connections across the Internet by tunneling the RPC traffic over HTTP. Because standard RPC communication is not designed for use on the Internet and doesn’t work well with perimeter firewalls, RPC over HTTP makes it possible to use RPC clients in conjunction with perimeter firewalls (again, this is kinda beyond the scope of SBS). If the RPC client can make an HTTP connection to a remote computer running Internet Information Services (IIS), the client can connect to any available server on the remote network and execute remote procedure calls. Furthermore, the RPC client and server programs can connect across the Internet - even if both are behind firewalls on different networks.
So now for a real advanced issue! You and I have likely read popular trade journal media stories that the RPC stack on Windows (NT/ 2000/XP/2003) having been exploited by hackers (Blaster). Hell you might have seen it! So is RPC over HTTP vulnerable to this type of attack? Nope would be the official reply. Nope because only authenticated users are allowed access to RPC over HTTP. That’s why you’re prompted to log on in again when you try to get Outlook to connect to the Exchange server using RPC over HTTP. The cited exploit could only use anonymous access to RPC.
And that’s that!
Wednesday, August 20, 2008
Exchange ActiveSync in Windows Small Business Server 2003 (SBS)
Good day everyone - I am posting up a few pages per day from my book Windows Small Business Server 2003 Best Practices (da purple book) for your pleasure until SBS 2008 ships!
Today in Chapter 8 we explore Exchange ActiveSync - enjoy the ride...
cheers...harrybbb
HArry Brelsford CEO at SMB NAtion www.smbnation.com
Microsoft Small Business Specialist - SBSC - MBA - MCSE - MCP - CNE - MCT - CLSE - CNP
PS - did u know we are holding a big SBS 2008 and EBS 2008 launch party in early October 2008 in Seattle at our SMB Nation 2008 conference!
###
Exchange Server ActiveSync
Sync directly and with high levels of security to your Exchange mailboxes from Microsoft Windows powered devices such as Pocket PC 2002, the Pocket PC Phone, and Windows Powered SmartPhone. Stay in direct contact over the air with a server running Exchange 2003 so you can:
• Work both online and offline. Synchronize your e-mail messages, calendar, and contacts based on various settings from your device. Syn¬chronization can be on-demand or scheduled. When coupled with Out¬look Mobile Access, you can gain access to your Tasks list and the Global Address List.
• Get up-to-date notifications. Receive specially formatted short mes¬sage service (SMS) messages from Exchange 2003 that wake up your Windows-powered device and prompt your device to initiate a synch.
This feature, new in Exchange 2003, enables you to set the conditions of these alerts by using your Inbox rules.
• Choose your synchronization method. Select from on-demand or scheduled synchronization. This includes remote access to your e-mail messages, calendar, and contacts list, and when coupled with Outlook Mobile Access, you can gain access to Tasks list and the Global Address List.
Those of you who have had Pocket PCs for a while are familiar with cradling the device at your desktop as you synchronize. You must have Outlook running on the desktop while you use Outlook to synchronize and connect to the Exchange Server, and as soon as you remove that device from the cradle, you’re out of sync. That’s not the case anymore with Exchange ActiveSync. You can still use the cradle, but you can also synchronize directly to Exchange over a wireless connection. Exchange ActiveSync does integrate with the desktop ActiveSync. So any settings you’ve created from your desktop translate over to the device and can be altered there. Any settings from the device translate over to the desktop.
Today in Chapter 8 we explore Exchange ActiveSync - enjoy the ride...
cheers...harrybbb
HArry Brelsford CEO at SMB NAtion www.smbnation.com
Microsoft Small Business Specialist - SBSC - MBA - MCSE - MCP - CNE - MCT - CLSE - CNP
PS - did u know we are holding a big SBS 2008 and EBS 2008 launch party in early October 2008 in Seattle at our SMB Nation 2008 conference!
###
Exchange Server ActiveSync
Sync directly and with high levels of security to your Exchange mailboxes from Microsoft Windows powered devices such as Pocket PC 2002, the Pocket PC Phone, and Windows Powered SmartPhone. Stay in direct contact over the air with a server running Exchange 2003 so you can:
• Work both online and offline. Synchronize your e-mail messages, calendar, and contacts based on various settings from your device. Syn¬chronization can be on-demand or scheduled. When coupled with Out¬look Mobile Access, you can gain access to your Tasks list and the Global Address List.
• Get up-to-date notifications. Receive specially formatted short mes¬sage service (SMS) messages from Exchange 2003 that wake up your Windows-powered device and prompt your device to initiate a synch.
This feature, new in Exchange 2003, enables you to set the conditions of these alerts by using your Inbox rules.
• Choose your synchronization method. Select from on-demand or scheduled synchronization. This includes remote access to your e-mail messages, calendar, and contacts list, and when coupled with Outlook Mobile Access, you can gain access to Tasks list and the Global Address List.
Those of you who have had Pocket PCs for a while are familiar with cradling the device at your desktop as you synchronize. You must have Outlook running on the desktop while you use Outlook to synchronize and connect to the Exchange Server, and as soon as you remove that device from the cradle, you’re out of sync. That’s not the case anymore with Exchange ActiveSync. You can still use the cradle, but you can also synchronize directly to Exchange over a wireless connection. Exchange ActiveSync does integrate with the desktop ActiveSync. So any settings you’ve created from your desktop translate over to the device and can be altered there. Any settings from the device translate over to the desktop.
Tuesday, August 19, 2008
Outlook Mobile Access (OMA) in SBS 2003
Hello-hello! I am Harry Brelsford, author of the Windows Small Business Server 2003 Best Practices book and each day I am posting up several pages from this purple book. I am delighted to report that we start the subject of Outlook Mobile Access (OMA) from Chapter 8 with today's post. Good stuff!
enjoy....harrybbb
Harry Brelsford | ceo at smb nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT, MCP, CNE, yadda yadda yadda
PS - did u know we are hosting a SBS conference in early october in Seattle?
###
Outlook Mobile Access
Back in Chapter 6, I wrote about forwarding e-mails to your cell phone. The forwarding works, but an even better solution is to use the newly included feature of Exchange 2003 and SBS 2003 called Outlook Mobile Access (OMA). OMA is simply OWA for web-enabled phones and PocketPC browsers. The basic features of OMA were formerly offered in Mobile Information Server 2002 and also in third party devices - now they are free!
During the SBS 2003 launch events, I met Kim Walker in Columbus, Ohio. Everyone has a gadget that they can’t live without and Kim’s addiction is e-mail on her cell phone. She has been using and managing third-party add-ins for several years and is promoting the feature to her clients. Kim has offered up some OMA info and best practices. She’s the OMA Momma and what follows in this section are her words! Go Kim!
Defining OMA
OMA offers a live text interface to your e-mail messages, calendars, tasks, and contacts. It replaces third-party add-ins at client computers or on additional servers. Therefore, it helps lower the total cost of ownership by reducing the need to deploy additional mobile server products in the corporate environment and by utilizing one mobile user device instead of multiple devices.
OMA supports Wireless Application Protocol (WAP) 2.x as well as XHTML browser-based devices, full HTML browsers and i-Mode devices such as mobile phones and personal digital assistants (PDAs).
OMA Server-Side
From the server-side, OMA setup is very simple. OMA is easier to manage than third party or desktop applications - everything is configured through Exchange System Manager. One important note is that in Standard Exchange Server 2003, OMA is disabled by default, but within SBS 2003 the default is OMA enabled (Figure 8-21).
Figure 8-21
The default Mobile Services Properties for Exchange has everything enabled.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Notice the section titled Enable unsupported devices. Many devices have not been fully tested by Microsoft and are not on the supported device list. By default this box is checked, allowing a user to access Exchange on theses untested devices. The user gets an error that says: The device type you are using is not supported. Press OK to continue. This is shown in Figure 8-22. Once you press OK on the device, the service is generally available.
Figure 8-22
This is a screenshot from a mobile phone showing a failed connection.
BEST PRACTICE: Keep the Enabled unsupported devices checkbox
selected.
You can grant OMA access on an individual case-by-case basis. Say Norm Hasborn, owner of SPRINGERS, gets a new cell phone and doesn’t tell you. If Outlook Mobile Access is disabled for him (see Figure 8-23), he might test out OMA and get an error. He won’t have OMA access until he calls you, the SBSer, for support.
Figure 8-23
You can disable Mobile Services for individual user.
BEST PRACTICE: If you decide to manually add a user e-mail alias rather than run a custom recipient policy, your user will get an error accessing OMA: Item no longer exists. The item you are attempting to access may have been deleted or moved.
OMA Client-Side
From the client-side OMA is also fairly simple. It does not have all of the bells and whistles some third-party software has had, but it is definitely functional. OMA is customized for low-bandwidth high-latency type environments, but it still has the same feature set. Reply still means reply. Decline a meeting still means decline a meeting.
Time to use the SPRINGERS methodology where you will send an e-mail, enter contact records, and perform other such tasks from OMA. OMA can be
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
accessed from a desktop computer as well - you don’t have to have a mobile device. In fact, if you are using your laptop in a location with a very slow connection, OMA will get you to your e-mail without any OWA overhead.
Sending an E-mail
Time for some step-by-step to have NormH check his e-mail.
1 From the mobile device, point your browser to the following address: http://springers1.springersltd.com/oma.
2 At the Authentication required screen, type NormH in the User field and click OK.
3 On the Password screen, enter Purple3300 and click OK.
4 If you get the device type not supported error (wording may vary), click OK.
5 You are taken to the Exchange Mailbox for the user (Figure 8-24). You can scroll (down arrow on cell phone) to see all of the Mailbox options (such as Calendar, Contacts, Tasks, etc.).
Figure 8-24
The OMA-based Mailbox on the mobile phone.
6. To read Norm’s inbox, press the 1 or the Go menu button.. This will bring you to his Inbox listing (Figure 8-25).
Figure 8-25
This is an Inbox on a mobile phone.
The asterisk on the first message in Figure 8-24 means that this is unread. Also notice the second message is the Standard SBS 2003 Server Performance report
-it might take a little while to read through on the small screen, but in a pinch it’s great. To read any message just select Go while highlighted or hit the corresponding number (there will not be numbers in standard Internet Explorer form a desktop). OMA provides full-featured e-mail functionality, including compose new, read, reply, reply all, forward, delete, flag, and mark as unread. From the details view of messages, you can browse to previous message or next message, close, or go home.
In the OMA calendar view, you can view today, next/previous day, or go to the day of your choice. For any OMA calendar item, you can accept, tentative, decline, reply, reply all, forward, delete, and view details.
Comparing OMA to Other Approaches
So how does OMA compare to cellular-provided desktop assistant programs? Functionality is similar, but the major advantage is that the phone now connects directly to the server. In order for one of the Desktop Assistant programs to
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
function, the desktop must remain turned on with the forwarding program running. This places the failure point at the desktop and also uses both LAN and Internet bandwidth.
How does OMA on a standard cell phone compare to a SmartPhone or blackberry device? Generally cell telephones have smaller screens, but as you can see from the screen shots, if the phone is set to a small text, it is still readable. It is not as easy to type a reply, but it is possible and you can still check messages anywhere.
One important difference between OMA browser access and synchronization devices is that the information is only accessible when the user is in cellular coverage. The data does not get stored on the phone, but can be viewed only in the browser while the user is authenticated to the server.
As of this writing, I dearly miss some of the tricks that third party software offered. One of these tricks is a text message/page notification of mail - a rule that tells the user to check the mailbox rather than forward the message. For now, you can use the forward message from Chapter 6 for specific messages. In the past I have used notifications to page me when I received a message of high importance or a server message (based on words in the subject) or by sender. I check my e-mail frequently, but if I was in a meeting it would alert me to an issue that might be critical.
Daily OMA Use
I use OMA all of the time. Personally, I have a separate folding keyboard that attaches to my cell phone - I can send and receive e-mails without pulling up my laptop, but when I don’t need it I still have a small form factor phone. Without a keyboard, you don’t want to type long e-mails or replies, but you could send a short message saying “YES” (literal telephone pad keystroke sequence is: yes - Y - 999, E - 33, S - 7777 - it’s the new Morse code). OMA is also great for checking calendar updates. While running from one meeting to another, you can quickly check to see if the upcoming meeting time or location has been moved.
Thanks, Kim, for the OMA expertise. Won’t you consider speaking on this at the SMB Nation conference in Fall 2004? I can’t resist sharing a photo from the Fall 2003 SBS hands-on lab tour where a student in San Francisco implemented OMA right in the class room (Figure 8-26).
Figure 8-26
Live from San Francisco! It’s OMA and SBS 2003.
enjoy....harrybbb
Harry Brelsford | ceo at smb nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT, MCP, CNE, yadda yadda yadda
PS - did u know we are hosting a SBS conference in early october in Seattle?
###
Outlook Mobile Access
Back in Chapter 6, I wrote about forwarding e-mails to your cell phone. The forwarding works, but an even better solution is to use the newly included feature of Exchange 2003 and SBS 2003 called Outlook Mobile Access (OMA). OMA is simply OWA for web-enabled phones and PocketPC browsers. The basic features of OMA were formerly offered in Mobile Information Server 2002 and also in third party devices - now they are free!
During the SBS 2003 launch events, I met Kim Walker in Columbus, Ohio. Everyone has a gadget that they can’t live without and Kim’s addiction is e-mail on her cell phone. She has been using and managing third-party add-ins for several years and is promoting the feature to her clients. Kim has offered up some OMA info and best practices. She’s the OMA Momma and what follows in this section are her words! Go Kim!
Defining OMA
OMA offers a live text interface to your e-mail messages, calendars, tasks, and contacts. It replaces third-party add-ins at client computers or on additional servers. Therefore, it helps lower the total cost of ownership by reducing the need to deploy additional mobile server products in the corporate environment and by utilizing one mobile user device instead of multiple devices.
OMA supports Wireless Application Protocol (WAP) 2.x as well as XHTML browser-based devices, full HTML browsers and i-Mode devices such as mobile phones and personal digital assistants (PDAs).
OMA Server-Side
From the server-side, OMA setup is very simple. OMA is easier to manage than third party or desktop applications - everything is configured through Exchange System Manager. One important note is that in Standard Exchange Server 2003, OMA is disabled by default, but within SBS 2003 the default is OMA enabled (Figure 8-21).
Figure 8-21
The default Mobile Services Properties for Exchange has everything enabled.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Notice the section titled Enable unsupported devices. Many devices have not been fully tested by Microsoft and are not on the supported device list. By default this box is checked, allowing a user to access Exchange on theses untested devices. The user gets an error that says: The device type you are using is not supported. Press OK to continue. This is shown in Figure 8-22. Once you press OK on the device, the service is generally available.
Figure 8-22
This is a screenshot from a mobile phone showing a failed connection.
BEST PRACTICE: Keep the Enabled unsupported devices checkbox
selected.
You can grant OMA access on an individual case-by-case basis. Say Norm Hasborn, owner of SPRINGERS, gets a new cell phone and doesn’t tell you. If Outlook Mobile Access is disabled for him (see Figure 8-23), he might test out OMA and get an error. He won’t have OMA access until he calls you, the SBSer, for support.
Figure 8-23
You can disable Mobile Services for individual user.
BEST PRACTICE: If you decide to manually add a user e-mail alias rather than run a custom recipient policy, your user will get an error accessing OMA: Item no longer exists. The item you are attempting to access may have been deleted or moved.
OMA Client-Side
From the client-side OMA is also fairly simple. It does not have all of the bells and whistles some third-party software has had, but it is definitely functional. OMA is customized for low-bandwidth high-latency type environments, but it still has the same feature set. Reply still means reply. Decline a meeting still means decline a meeting.
Time to use the SPRINGERS methodology where you will send an e-mail, enter contact records, and perform other such tasks from OMA. OMA can be
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
accessed from a desktop computer as well - you don’t have to have a mobile device. In fact, if you are using your laptop in a location with a very slow connection, OMA will get you to your e-mail without any OWA overhead.
Sending an E-mail
Time for some step-by-step to have NormH check his e-mail.
1 From the mobile device, point your browser to the following address: http://springers1.springersltd.com/oma.
2 At the Authentication required screen, type NormH in the User field and click OK.
3 On the Password screen, enter Purple3300 and click OK.
4 If you get the device type not supported error (wording may vary), click OK.
5 You are taken to the Exchange Mailbox for the user (Figure 8-24). You can scroll (down arrow on cell phone) to see all of the Mailbox options (such as Calendar, Contacts, Tasks, etc.).
Figure 8-24
The OMA-based Mailbox on the mobile phone.
6. To read Norm’s inbox, press the 1 or the Go menu button.. This will bring you to his Inbox listing (Figure 8-25).
Figure 8-25
This is an Inbox on a mobile phone.
The asterisk on the first message in Figure 8-24 means that this is unread. Also notice the second message is the Standard SBS 2003 Server Performance report
-it might take a little while to read through on the small screen, but in a pinch it’s great. To read any message just select Go while highlighted or hit the corresponding number (there will not be numbers in standard Internet Explorer form a desktop). OMA provides full-featured e-mail functionality, including compose new, read, reply, reply all, forward, delete, flag, and mark as unread. From the details view of messages, you can browse to previous message or next message, close, or go home.
In the OMA calendar view, you can view today, next/previous day, or go to the day of your choice. For any OMA calendar item, you can accept, tentative, decline, reply, reply all, forward, delete, and view details.
Comparing OMA to Other Approaches
So how does OMA compare to cellular-provided desktop assistant programs? Functionality is similar, but the major advantage is that the phone now connects directly to the server. In order for one of the Desktop Assistant programs to
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
function, the desktop must remain turned on with the forwarding program running. This places the failure point at the desktop and also uses both LAN and Internet bandwidth.
How does OMA on a standard cell phone compare to a SmartPhone or blackberry device? Generally cell telephones have smaller screens, but as you can see from the screen shots, if the phone is set to a small text, it is still readable. It is not as easy to type a reply, but it is possible and you can still check messages anywhere.
One important difference between OMA browser access and synchronization devices is that the information is only accessible when the user is in cellular coverage. The data does not get stored on the phone, but can be viewed only in the browser while the user is authenticated to the server.
As of this writing, I dearly miss some of the tricks that third party software offered. One of these tricks is a text message/page notification of mail - a rule that tells the user to check the mailbox rather than forward the message. For now, you can use the forward message from Chapter 6 for specific messages. In the past I have used notifications to page me when I received a message of high importance or a server message (based on words in the subject) or by sender. I check my e-mail frequently, but if I was in a meeting it would alert me to an issue that might be critical.
Daily OMA Use
I use OMA all of the time. Personally, I have a separate folding keyboard that attaches to my cell phone - I can send and receive e-mails without pulling up my laptop, but when I don’t need it I still have a small form factor phone. Without a keyboard, you don’t want to type long e-mails or replies, but you could send a short message saying “YES” (literal telephone pad keystroke sequence is: yes - Y - 999, E - 33, S - 7777 - it’s the new Morse code). OMA is also great for checking calendar updates. While running from one meeting to another, you can quickly check to see if the upcoming meeting time or location has been moved.
Thanks, Kim, for the OMA expertise. Won’t you consider speaking on this at the SMB Nation conference in Fall 2004? I can’t resist sharing a photo from the Fall 2003 SBS hands-on lab tour where a student in San Francisco implemented OMA right in the class room (Figure 8-26).
Figure 8-26
Live from San Francisco! It’s OMA and SBS 2003.
Monday, August 18, 2008
OWA Security in SBS 2003
Happy Monday to u!
I am Harry Brelsford, the author Windows Small Business Server 2003 Best Practices and I am posting up a few pages per day to the Web (my blog) for your reading pleasure. This will continue until SBS 2008 ships!
So please enjoy a few pages today concerning OWA security in SBS 2003!
cheers…harrybbbb
Harry Brelsford
CEO at SMB Nation, www.smbnation.com, Microsoft Small Business Specialist (SBSC)
PS - I host a fantastic fall confernece in Seattle surrounding all this and more - everything SBS and Eseential Busienss Server (EBS)
###
OWA Security
There are a couple of security matters relating to OWA.
• Public vs. private computer. In Figure 8-18, you can see the OWA logon screen. A public or shared computer has a shorter time-out period (akin to the same setting in RWW). A private computer informs the Exchange server to tolerate a longer period of inactivity before enforcing a log off.
• HTTPS. I mentioned earlier but I need to mention again. When you configured SBS properly (that is, run the EICW and create the self-signing certificate that is discussed in both Chapter 4 and 5), you’ll always
operate OWA under HTTPS. The translation for the BDM is that this is more secure and the data (in addition to the logon activity) is encrypted via PPTP. The port session related to this is shown in Figure 8-20.
Figure 8-20
Observe Port 443 making the OWA session operate under HTTPS.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• Challenging. When you log on the old fashioned way or the local host way, you must complete the OWA logon. In SBS 2000, a local host OWA session did not issue this logon challenge. When you access OWA via RWW, you are not challenged for an OWA-specific logon because RWW passes logon authentication to OWA.
BEST PRACTICE: Always have your SBS users properly log off OWA when they leave an OWA session. The logoff button is found on the far right of the upper OWA toolbar. Not logging off lays the foundation for sinister behavior, such as someone clicking Back several times in Internet Explorer to get to your mailbox! LOG OFF!
I am Harry Brelsford, the author Windows Small Business Server 2003 Best Practices and I am posting up a few pages per day to the Web (my blog) for your reading pleasure. This will continue until SBS 2008 ships!
So please enjoy a few pages today concerning OWA security in SBS 2003!
cheers…harrybbbb
Harry Brelsford
CEO at SMB Nation, www.smbnation.com, Microsoft Small Business Specialist (SBSC)
PS - I host a fantastic fall confernece in Seattle surrounding all this and more - everything SBS and Eseential Busienss Server (EBS)
###
OWA Security
There are a couple of security matters relating to OWA.
• Public vs. private computer. In Figure 8-18, you can see the OWA logon screen. A public or shared computer has a shorter time-out period (akin to the same setting in RWW). A private computer informs the Exchange server to tolerate a longer period of inactivity before enforcing a log off.
• HTTPS. I mentioned earlier but I need to mention again. When you configured SBS properly (that is, run the EICW and create the self-signing certificate that is discussed in both Chapter 4 and 5), you’ll always
operate OWA under HTTPS. The translation for the BDM is that this is more secure and the data (in addition to the logon activity) is encrypted via PPTP. The port session related to this is shown in Figure 8-20.
Figure 8-20
Observe Port 443 making the OWA session operate under HTTPS.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• Challenging. When you log on the old fashioned way or the local host way, you must complete the OWA logon. In SBS 2000, a local host OWA session did not issue this logon challenge. When you access OWA via RWW, you are not challenged for an OWA-specific logon because RWW passes logon authentication to OWA.
BEST PRACTICE: Always have your SBS users properly log off OWA when they leave an OWA session. The logoff button is found on the far right of the upper OWA toolbar. Not logging off lays the foundation for sinister behavior, such as someone clicking Back several times in Internet Explorer to get to your mailbox! LOG OFF!
Sunday, August 17, 2008
OWA - finer points in SBS 2003
Hello everyone - its sunday and I am posting up a few pages from Chapter 8 of my Windows Small Business Server 2003 Best PRactices book (the purple book) for your reading pleasure. Today we look at some of the finer points of Outlook Web Access (OWA) in SBS 2003. I will keep posting up book pages each day until SBS 2008 ships.
Thanks for reading - hope this helps!
cheers...harrybbbb
Harry Brelsford ceo at SMB Nation www.smbnation.com
I am a Microsoft Small Business Specialist (SBSC), MBA< MCSE< MCT< CNE, CLSE and CNP!
Did u know I host a raging SBS conference in Seattle in early october?
###
Meet OWA
Less talk, more look-see at this point. The new and improved OWA is presented in Figure 8-17 for your pleasure.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-17
Here is OWA in the SBS 2003 time frame. Notice in the Address that the URL identifies local host (running on the SBS server machine).
There are three ways to access OWA in SBS 2003.
• Old-fashioned. You’re probably familiar with this approach. Type the fully qualified domain name (FQDN) appended with the term “exchange” for the external interface (that’s the wild-side NIC card) on the SBS server machine) like springers1.springersltd.com/exchange. This approach assumes you have an “A” resource record registered in the DNS of your ISP that points to the wild-side NIC card. Of course, you could always point to the wild-side IP address in the following manner -207.202.238.215/exchange - and you’ll start the OWA authentication process.
• RWW. If necessary, revisit the RWW discussion early in this chapter where you learned to authenticate over the Internet. The RWW menu has the Read my company e-mail link to launch OWA. From the
outside, RWW is best accessed by FQDN/remote (springers1.springersltd.com/remote).
• Local Host. In Figure 8-17, I hinted at the use of OWA on the SBS server machine. This is possible with the localhost/exchange address. This is an excellent way to read e-mail messages et. al. on the actual SBS server machine and avoid the MAPI conflict I discussed in Chapter 6 (see Figure 6-26).
There are two types of OWA experiences:
• Premium. If ya want the good stuff, you need to select the Premium radio button on the OWA logon screen.
• Basic. While providing fewer OWA features, selecting the Basic radio button results in a session that runs faster and is recommended for slow links.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
I compare OWA Premium and OWA Basic on a deeper level (focused on security) in Table 8-1.
Table 8-1: Security: OWA Premium versus Basic
Capability
Description
OWA Premium
OWA Basic
Logon page
This has a new customized form for logging on to OWA. Includes cookie-based validation where OWA cookie is invalid after user logs out or is inactive for a predefined amount of time (or eats the cookie - just kidding).
Yes -and allows you choice to use OWA Basic
Yes - but only allows use of OWA Basic
Clear credentials cache on logoff
After logofff all the credentials in IE SP1 credentials cache are cleared automatically.
Yes
No
Public/Share computer and Private computer logon options
To provide SBSers with more protection, two logon page security options can be used. You can set the private logon page with a longer period before user is logged off because of inactivity.
Yes
Yes
“Web Beacon” blocking
Users can control options for blocking external content in e-mail.
Yes
Yes
Attachment blocking
Administrator options restrict access to some or all attachments in messages.
Yes
Yes
Junk mail filtering
Options to set up safe-and blocked-sender lists.
Yes
Yes
Encrypted/ signed mail
Sending and receiving encrypted and/or signed e-mail is supported.
Yes. IE 6 on Microsoft Windows 2000 or later.
No.
It’s time for Norm Hasborn to check his e-mail via OWA.
1 Log on to the remote computer (in my example: NormLap). I’ll assume you can log on as NormH (a local user) with the password Purple3300.
2 Launch Internet Explorer from Start, Internet. Type springers1.springersltd.com/exchange in the Address field. Note you can explore OWA via RWW on your own by repeating the RWW steps earlier in the chapter (from RWW, select Read my company e-mail). Here I want to expose you to the native OWA logon screen (RWW suppresses this screen, as I’ll discuss in the security section).
3 Click OK at the two Security Alert dialog boxes that appear (a third such box may appear if you didn’t install the SPRINGERS certificate earlier in the chapter and requires Yes).
4 Complete the OWA logon screen similar to Figure 8-18. NormH is the user with the password Purple3300. The Client is Premium and the Security is Public or shared computer (I discuss security in the next section). Click Log On.
Figure 8-18
Norm Hasborn is logging on to OWA here. The session has flipped to HTTPS at this point.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
1 OWA can be seen for NormH in Figure 8-19. Notice the e-mail in the figure relates to the alert you configured in the prior chapter (Chapter 7 on WSS) relating to the Breeder1.doc document. Cool!
2 Go ahead and horse around with OWA for a few minutes. When you’re done, log off via the Log Off button on the far right.
Figure 8-19
OWA time, baby!
Thanks for reading - hope this helps!
cheers...harrybbbb
Harry Brelsford ceo at SMB Nation www.smbnation.com
I am a Microsoft Small Business Specialist (SBSC), MBA< MCSE< MCT< CNE, CLSE and CNP!
Did u know I host a raging SBS conference in Seattle in early october?
###
Meet OWA
Less talk, more look-see at this point. The new and improved OWA is presented in Figure 8-17 for your pleasure.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-17
Here is OWA in the SBS 2003 time frame. Notice in the Address that the URL identifies local host (running on the SBS server machine).
There are three ways to access OWA in SBS 2003.
• Old-fashioned. You’re probably familiar with this approach. Type the fully qualified domain name (FQDN) appended with the term “exchange” for the external interface (that’s the wild-side NIC card) on the SBS server machine) like springers1.springersltd.com/exchange. This approach assumes you have an “A” resource record registered in the DNS of your ISP that points to the wild-side NIC card. Of course, you could always point to the wild-side IP address in the following manner -207.202.238.215/exchange - and you’ll start the OWA authentication process.
• RWW. If necessary, revisit the RWW discussion early in this chapter where you learned to authenticate over the Internet. The RWW menu has the Read my company e-mail link to launch OWA. From the
outside, RWW is best accessed by FQDN/remote (springers1.springersltd.com/remote).
• Local Host. In Figure 8-17, I hinted at the use of OWA on the SBS server machine. This is possible with the localhost/exchange address. This is an excellent way to read e-mail messages et. al. on the actual SBS server machine and avoid the MAPI conflict I discussed in Chapter 6 (see Figure 6-26).
There are two types of OWA experiences:
• Premium. If ya want the good stuff, you need to select the Premium radio button on the OWA logon screen.
• Basic. While providing fewer OWA features, selecting the Basic radio button results in a session that runs faster and is recommended for slow links.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
I compare OWA Premium and OWA Basic on a deeper level (focused on security) in Table 8-1.
Table 8-1: Security: OWA Premium versus Basic
Capability
Description
OWA Premium
OWA Basic
Logon page
This has a new customized form for logging on to OWA. Includes cookie-based validation where OWA cookie is invalid after user logs out or is inactive for a predefined amount of time (or eats the cookie - just kidding).
Yes -and allows you choice to use OWA Basic
Yes - but only allows use of OWA Basic
Clear credentials cache on logoff
After logofff all the credentials in IE SP1 credentials cache are cleared automatically.
Yes
No
Public/Share computer and Private computer logon options
To provide SBSers with more protection, two logon page security options can be used. You can set the private logon page with a longer period before user is logged off because of inactivity.
Yes
Yes
“Web Beacon” blocking
Users can control options for blocking external content in e-mail.
Yes
Yes
Attachment blocking
Administrator options restrict access to some or all attachments in messages.
Yes
Yes
Junk mail filtering
Options to set up safe-and blocked-sender lists.
Yes
Yes
Encrypted/ signed mail
Sending and receiving encrypted and/or signed e-mail is supported.
Yes. IE 6 on Microsoft Windows 2000 or later.
No.
It’s time for Norm Hasborn to check his e-mail via OWA.
1 Log on to the remote computer (in my example: NormLap). I’ll assume you can log on as NormH (a local user) with the password Purple3300.
2 Launch Internet Explorer from Start, Internet. Type springers1.springersltd.com/exchange in the Address field. Note you can explore OWA via RWW on your own by repeating the RWW steps earlier in the chapter (from RWW, select Read my company e-mail). Here I want to expose you to the native OWA logon screen (RWW suppresses this screen, as I’ll discuss in the security section).
3 Click OK at the two Security Alert dialog boxes that appear (a third such box may appear if you didn’t install the SPRINGERS certificate earlier in the chapter and requires Yes).
4 Complete the OWA logon screen similar to Figure 8-18. NormH is the user with the password Purple3300. The Client is Premium and the Security is Public or shared computer (I discuss security in the next section). Click Log On.
Figure 8-18
Norm Hasborn is logging on to OWA here. The session has flipped to HTTPS at this point.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
1 OWA can be seen for NormH in Figure 8-19. Notice the e-mail in the figure relates to the alert you configured in the prior chapter (Chapter 7 on WSS) relating to the Breeder1.doc document. Cool!
2 Go ahead and horse around with OWA for a few minutes. When you’re done, log off via the Log Off button on the far right.
Figure 8-19
OWA time, baby!
Friday, August 15, 2008
Outlook Web Access (OWA) in Windows Small Business Server 2003 (SBS)
Call it a case of tomorrow's new today!
I am posting up my Outlook Web Access (OWA) introduction in the SBS 2003 realm today (Friday) because tomorrow (Saturday) I will be jammed with my niece's wedding here in San Francisco. What is interesting about this wedding is that it is an openly gay wedding which is now legal in the State of California and I am thrilled and excitred to see how this all plays out! I will post up a blog on my first experience at this type of wedding.
Back to the business at hand. I am the author of the Window Small Business Server 2003 Best Practices book (purple book) and I live on Bainbridge Island, WA. I am posting up a few pages of this SBS 2003 bok each and every day until SBS 2008 ships on November 12th (worldwide, multiple languages). Today - as I mentioned - we meet OWA.
cheers...harrybbbb
Harry Brelsford, CEO at smb nation, www.smbnation.com
Microsoft Small Business Specialist - SBSC
did u know we have a gr8t fall conference in sEattle in early October?!?! :)
###
Outlook Web Access
Meanwhile, back at the BBQ where the steaks are sizzling, another compelling SBS 2003 feature that “sizzles” in front of business decision makers (BDMs) is the massively improved Outlook Web Access (OWA). My infamous SBS customer, Bob in real estate, did back flips when I showed him the new OWA in SBS 2003. Why? For these reasons.
• Look and feel. The new OWA just looks more like “real” Outlook. That has been a major sticking point with Bob and other BDMs. It wasn’t so much like reading an e-mail message in past OWA releases
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
was that bothersome. Rather, things like calendar entries and contact records were downright rude!
• Feature creature. OWA, when compared to past OWA versions (apples to apples) and not compared to “real” Outlook (apples to oranges), is much richer. An example of improved features is the stronger integration with Outlook and its rules and options (such as Privacy and Junk E-mail Prevention options now accessible via OWA).
• Sir Speedy. This OWA version boogies. Older OWA releases were slow and seconds of delay felt like hours to Type-A businessmen like Bob. It was so bad in the past that I set up Outlook Express with IMAP as per Chapter 6 to workaround the OWA slowness.
• Security improvements. I felt honor-bound to show my customers, such as Bob the BDM, some improvements to security. As an SBSer in the early 21st century, I’m trying to use every opportunity to talk up security (and no, this isn’t make-work or a self-employment act, but advice offered in a sincere way). See the security section below for details, but I’ll share one now: OWA natively runs under HTTPS when you configure the default configuration of SBS.
BEST PRACTICE: So are there any limitations with the new OWA? Yes, there are a few. A bright student in Mumbai/Bombay India SBS 2003 hands-on lab correctly taught me (the instructor) that OWA doesn’t display multiple mailboxes at the same time while real Outlook can. This is bothersome if you’re a BDM that uses multiple e-mail aliases to look larger than life in the business community and you travel extensively and need to use OWA from Internet cafés or your laptop in a hotel room. With OWA and multiple mailboxes, you’d need to log on multiple times (as the different e-mail account) and view each mailbox separately (e.g., jobs@springersltd.com).
Another student at the San Francisco, California, SBS 2003 hands-
on lab (October 2003) correctly pointed out that, when viewing a
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
contact record in a public folder in the new OWA, the New Message to Contact toolbar button is disabled. Translation: You can’t send an e-mail to a contact in a public folder with a single click using OWA. Rather, you have to manually copy and paste the SMTP e-mail address into a new message. He seemed really bothered by this (must have been having a bad SBS day).
Beatrice Mulzer from Cocoa Florida informs me that the search folder feature isn’t available in OWA.
I personally noticed that, when entering a contact record in OWA in the SBS 2003 time frame, that the Address, City, State, Zip fields (ACSZ) are divided in the UI for OWA (you have separate fields for ACSZ). But, in real Outlook 2003, ACSZ is entered into a single field and then parsed in the background.
I am posting up my Outlook Web Access (OWA) introduction in the SBS 2003 realm today (Friday) because tomorrow (Saturday) I will be jammed with my niece's wedding here in San Francisco. What is interesting about this wedding is that it is an openly gay wedding which is now legal in the State of California and I am thrilled and excitred to see how this all plays out! I will post up a blog on my first experience at this type of wedding.
Back to the business at hand. I am the author of the Window Small Business Server 2003 Best Practices book (purple book) and I live on Bainbridge Island, WA. I am posting up a few pages of this SBS 2003 bok each and every day until SBS 2008 ships on November 12th (worldwide, multiple languages). Today - as I mentioned - we meet OWA.
cheers...harrybbbb
Harry Brelsford, CEO at smb nation, www.smbnation.com
Microsoft Small Business Specialist - SBSC
did u know we have a gr8t fall conference in sEattle in early October?!?! :)
###
Outlook Web Access
Meanwhile, back at the BBQ where the steaks are sizzling, another compelling SBS 2003 feature that “sizzles” in front of business decision makers (BDMs) is the massively improved Outlook Web Access (OWA). My infamous SBS customer, Bob in real estate, did back flips when I showed him the new OWA in SBS 2003. Why? For these reasons.
• Look and feel. The new OWA just looks more like “real” Outlook. That has been a major sticking point with Bob and other BDMs. It wasn’t so much like reading an e-mail message in past OWA releases
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
was that bothersome. Rather, things like calendar entries and contact records were downright rude!
• Feature creature. OWA, when compared to past OWA versions (apples to apples) and not compared to “real” Outlook (apples to oranges), is much richer. An example of improved features is the stronger integration with Outlook and its rules and options (such as Privacy and Junk E-mail Prevention options now accessible via OWA).
• Sir Speedy. This OWA version boogies. Older OWA releases were slow and seconds of delay felt like hours to Type-A businessmen like Bob. It was so bad in the past that I set up Outlook Express with IMAP as per Chapter 6 to workaround the OWA slowness.
• Security improvements. I felt honor-bound to show my customers, such as Bob the BDM, some improvements to security. As an SBSer in the early 21st century, I’m trying to use every opportunity to talk up security (and no, this isn’t make-work or a self-employment act, but advice offered in a sincere way). See the security section below for details, but I’ll share one now: OWA natively runs under HTTPS when you configure the default configuration of SBS.
BEST PRACTICE: So are there any limitations with the new OWA? Yes, there are a few. A bright student in Mumbai/Bombay India SBS 2003 hands-on lab correctly taught me (the instructor) that OWA doesn’t display multiple mailboxes at the same time while real Outlook can. This is bothersome if you’re a BDM that uses multiple e-mail aliases to look larger than life in the business community and you travel extensively and need to use OWA from Internet cafés or your laptop in a hotel room. With OWA and multiple mailboxes, you’d need to log on multiple times (as the different e-mail account) and view each mailbox separately (e.g., jobs@springersltd.com).
Another student at the San Francisco, California, SBS 2003 hands-
on lab (October 2003) correctly pointed out that, when viewing a
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
contact record in a public folder in the new OWA, the New Message to Contact toolbar button is disabled. Translation: You can’t send an e-mail to a contact in a public folder with a single click using OWA. Rather, you have to manually copy and paste the SMTP e-mail address into a new message. He seemed really bothered by this (must have been having a bad SBS day).
Beatrice Mulzer from Cocoa Florida informs me that the search folder feature isn’t available in OWA.
I personally noticed that, when entering a contact record in OWA in the SBS 2003 time frame, that the Address, City, State, Zip fields (ACSZ) are divided in the UI for OWA (you have separate fields for ACSZ). But, in real Outlook 2003, ACSZ is entered into a single field and then parsed in the background.
Remote Desktop Protocol (RDP) in Windows Small Business Server 2003
Top of the morinng to ya! I am up and at 'em here in Seattle on the 520AM ferry enroute to the airport and some time in the San Francisco area...really starting to spend more time down there what with the hot technology sector (can u say SOMA?). So a quick post from Chapter 8 of my Windows Small Business Server 2003 Best Practices book - as u might know - I am posting up several pages per day from this book into the WILD for your reading pleasure. Why do I do this? Because I am a nice person! I will keep posting until SBS 2008 ships!
Today we explore the Remote desktop Protocol (RDP) in the mobility realm of SBS 2003.
cheers...harrybbbb
harry brelsford, smb nation's ceo www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA MCSE MCT CNE CLSE CNP
Did u know I host my big annual conference in early OCtober in Seattle!
###
Exploring RDP
Oops! I almost forgot some more stuff on RDP that I wanted to share (this has an advanced tone to it). RDP allows for separate virtual channels for carrying device communication and presentation data from the server, as well as encrypted client mouse and keyboard data. RDP uses its own video driver on the server-side to render display output by construction rendering information in network packets using the RDP protocol and sending them over the network to the client. On the client-side, it receives the rendering data and interprets them into the corresponding Win32 Graphic Display Interface (GDI) application programming interface (API) calls. On the input path, client mouse and keyboard messages are redirected from the client to the server. On the server-side, RDP uses its own virtual keyboard and mouse driver to receive these keyboard and mouse events.
Without encrypting the display protocol, it would be very easy to “sniff” the wire to discover the user’s passwords as they log on to the system. Allowing an administrator to log on using a non-encrypted protocol exposes the entire domain resources that are now vulnerable to hackers, especially if connecting over a public network without a VPN. It is both darn interesting and important to note
that protocols using “scrambling” to protect data are just as vulnerable to this
sort of attack as protocols that send data using clear text. The activity involved in sending and receiving data through the RDP stack is essentially the same as the seven-layer Open Standards Interconnection (OSI) model for the LANs on this planet. Data from an application or service to be transmitted is passed down through the protocol stacks, sectioned (sounds like a Ginsu knife commercial with slicing and dicing, eh?), directed to the channel (through MCS), encrypted, wrapped, framed, packaged onto the network protocol, and finally (really and truly) addressed and sent over the wire to the client. The returned data works the same way only in reverse, with the packet being stripped of its address, then unwrapped, decrypted, and so on (and on and on) until the data is presented to the application for use (Whew!). Key portions of the protocol stack modifications occur between the fourth and seventh layer, where the data is encrypted, wrapped and framed, directed to a channel and prioritized.
Lastly, every version of RDP uses RSA Security’s RC4 cipher, a stream cipher
designed to efficiently encrypt small amounts of varying data size. RC4 is designed for secure communications over networks and is also used in protocols such as SSL, which encrypts traffic to and from secure Web sites. By default, Windows XP Remote Desktop and Windows Server 2003 Remote Desktop and Terminal Services use high (128-bit) encryption to encrypt most data transmissions in both the client-to-server direction and the server-to-client direction.
BEST PRACTICE: Don’t forget the 128-bit encryption point raised here.
It is frequently brought up in technology conversations about SBS.
Today we explore the Remote desktop Protocol (RDP) in the mobility realm of SBS 2003.
cheers...harrybbbb
harry brelsford, smb nation's ceo www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA MCSE MCT CNE CLSE CNP
Did u know I host my big annual conference in early OCtober in Seattle!
###
Exploring RDP
Oops! I almost forgot some more stuff on RDP that I wanted to share (this has an advanced tone to it). RDP allows for separate virtual channels for carrying device communication and presentation data from the server, as well as encrypted client mouse and keyboard data. RDP uses its own video driver on the server-side to render display output by construction rendering information in network packets using the RDP protocol and sending them over the network to the client. On the client-side, it receives the rendering data and interprets them into the corresponding Win32 Graphic Display Interface (GDI) application programming interface (API) calls. On the input path, client mouse and keyboard messages are redirected from the client to the server. On the server-side, RDP uses its own virtual keyboard and mouse driver to receive these keyboard and mouse events.
Without encrypting the display protocol, it would be very easy to “sniff” the wire to discover the user’s passwords as they log on to the system. Allowing an administrator to log on using a non-encrypted protocol exposes the entire domain resources that are now vulnerable to hackers, especially if connecting over a public network without a VPN. It is both darn interesting and important to note
that protocols using “scrambling” to protect data are just as vulnerable to this
sort of attack as protocols that send data using clear text. The activity involved in sending and receiving data through the RDP stack is essentially the same as the seven-layer Open Standards Interconnection (OSI) model for the LANs on this planet. Data from an application or service to be transmitted is passed down through the protocol stacks, sectioned (sounds like a Ginsu knife commercial with slicing and dicing, eh?), directed to the channel (through MCS), encrypted, wrapped, framed, packaged onto the network protocol, and finally (really and truly) addressed and sent over the wire to the client. The returned data works the same way only in reverse, with the packet being stripped of its address, then unwrapped, decrypted, and so on (and on and on) until the data is presented to the application for use (Whew!). Key portions of the protocol stack modifications occur between the fourth and seventh layer, where the data is encrypted, wrapped and framed, directed to a channel and prioritized.
Lastly, every version of RDP uses RSA Security’s RC4 cipher, a stream cipher
designed to efficiently encrypt small amounts of varying data size. RC4 is designed for secure communications over networks and is also used in protocols such as SSL, which encrypts traffic to and from secure Web sites. By default, Windows XP Remote Desktop and Windows Server 2003 Remote Desktop and Terminal Services use high (128-bit) encryption to encrypt most data transmissions in both the client-to-server direction and the server-to-client direction.
BEST PRACTICE: Don’t forget the 128-bit encryption point raised here.
It is frequently brought up in technology conversations about SBS.
Thursday, August 14, 2008
RWW Security Summary in SBS 2003
Hello gang - today I have a shorter post-up from my Windows Small Business Server 2003 Best PRactices book - it is a summary of Remote Web Workplace security.
enjoy...harrybbbb
Harry Brelsford, ceo at smb nation, www.smbnation.com
did u know we have a raging conference comin' to Seattle in early October: SBS 2008 and EBS 2008 launch party!
Microsoft Small Business Specialist (SBSC) and MBA
###
RWW Security Summary
Before moving on and looking at Outlook 2003 remote approaches, oblige me and view the following RWW security summary:
• SSL connections required for access to the Web site.
• User authentication required for access to the Web site.
• Log out allows users to close sessions and clear any cached logon credentials.
• Timeout feature automatically closes sessions after a period of inactivity.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• Public or shared computer mode provides additional safety requirements in those environments (browser version checking, shorter timeouts).
• Web site is throttled through IIS.
• Web site files are strongly ACL’ed (governed by the Access Control List) to prevent unauthorized editing.
• Remote Desktop connections are encrypted and send only mouse clicks and keystrokes over the connection.
• Reduces or eliminated the need for VPN connections at the business.
BEST PRACTICE: Use the above list as “talking points” when talking about RWW.
enjoy...harrybbbb
Harry Brelsford, ceo at smb nation, www.smbnation.com
did u know we have a raging conference comin' to Seattle in early October: SBS 2008 and EBS 2008 launch party!
Microsoft Small Business Specialist (SBSC) and MBA
###
RWW Security Summary
Before moving on and looking at Outlook 2003 remote approaches, oblige me and view the following RWW security summary:
• SSL connections required for access to the Web site.
• User authentication required for access to the Web site.
• Log out allows users to close sessions and clear any cached logon credentials.
• Timeout feature automatically closes sessions after a period of inactivity.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• Public or shared computer mode provides additional safety requirements in those environments (browser version checking, shorter timeouts).
• Web site is throttled through IIS.
• Web site files are strongly ACL’ed (governed by the Access Control List) to prevent unauthorized editing.
• Remote Desktop connections are encrypted and send only mouse clicks and keystrokes over the connection.
• Reduces or eliminated the need for VPN connections at the business.
BEST PRACTICE: Use the above list as “talking points” when talking about RWW.
Wednesday, August 13, 2008
RWW under the hood in SBS 2003
Good evening folks - been a crazy busy day but I am honoring my commitment to post up several pages per day from my Windows Small Business Server 2003 Best Practices book (the purple book). I really like the part of Chapter 8 where we debunk, prove and otherwise party on with Remote Web Workplace.
Looking forward to SBS 2008 and more madness!
cheers...harrybbbb
Harry Brelsford, ceo at smb nation, www.smbnation.com
Microsoft Small Business Specialist, MBA, MCSE, CNE, MCT, MCP, CLSE and CNP - whew - I am tired!
ps - funky groovy fall conference is less than 60-days away in Seattle!
###
Under the Hood RWW Architecture
Specialists like specialist in the professional world, perhaps because there is an element of mutual respect. So when this SBS specialist (yours truly) needed some help digging deeper in this subject area, I went to fellow SBS 2003 hands-on lab instructor Beatrice Mulzer from Florida. Beatrice is an RWW nicher and provided the screen shots in this section showing a glimpse of how things work under the hood with RWW.
First off, it helps to see a Visio diagram that outlines the RWW architectural experience. This is shown in Figure 8-10.
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Figure 8-10
This diagram outlines the RWW mechanics.
Now for the step-by-step figures that bring definition to the chart above.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-11
Initial connection to SBS 2003 external Web page over port 80. Note HTTP in the Address field of Internet Explorer.
BEST PRACTICE: Note the above figure (Figure 8-11) assumes that you have selected the Business Web option on the Web Services Configuration page in the EICW. We did NOT do this back in Chapter 4 for the purpose of SPRINGERS. But please heed this advice, as imparted to me by the Microsoft program manager who owns this area. IN THE REAL WORLD, Microsoft discourages you from opening port 80 in the EICW via the Business Web selection. Rather, they’d rather have the address for RWW typed by external users be the FQDN followed by /remote (e.g., springers1.springersltd.com/ remote). The /remote component of the address makes the external listening port become 443 and the address is appended to HTTPS.
Another real worldism for NOT opening port 80 if you can help it. Beside exposing your IIS root to the world (and Web search engine crawling), you also expose RWW to Web search engine crawling. This is something you probably don’t want to do, as it might be the source of future vulnerabilities and attacks (as of this writing, this hasn’t been exploited). A really interesting exercise to see this in action is to go to Google and search on the terms “remote web workplace” and view the results. You’ll see pages of hits returned with Remote Web Workplace highlighted. These are SBS 2003 sites that have opened port 80 (again, likely via the Business Web selection on the Web Services Configuration page in the EICW). Stunning how many RWW sites you’ll see.
Finally, if you must have port 80 open because you really do host a business Web site and you’ve accepted the risks, then please consider using a robots.txt file to restrict Web search engine crawling. Details on robots.txt at www.robotstxt.org/wc/robots.html and in Chapter 10.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-12
Approving the security certificate (SSL) pop-up to log on to Remote Web Workplace (this process started by selecting the Remote Web Workplace link). Note the port switch from port 80 to port 443. This would be the case when you’ve published your root page via the Business Web selection on Web Services Configuration in the EICW.
Figure 8-13
The SSL pop-up was approved and the RWW logon dialog box appears. Session traffic is over port 443 and the HTTP protocol has switched to HTTPS at this point.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-14
An RWW session underway with HTTPS and port 443.
BEST PRACTICE: Did you look closely at the above figure and see the entry titled “View Server Usage Report”? How did that appear? If you have run the Monitoring Configuration Wizard (which you will do in Chapter 12) and the user (in this case Beatrice) has permission to view the server usage reports, this option will appear on the RWW page.
Notes:
Figure 8-15
Internally accessing the WSS Home page (Intranet) over port 443 under RWW. Protocol is HTTPS. Note that external access to WSS is over 444 (which isn’t being depicted in this figure).
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-16
When you click the Connect to my computer at work, port 4125 is used for the Remote Desktop session traffic (note port 4125 doesn’t become active and listen until you click this Connect to my computer at work button; listening actually occurs on port 443). This is in addition to port 443 that remains open (ports 4125 and 443 are simultaneously open under this scenario). At this juncture, some background voodoo is performed by SBS to authenticate you and prove you are who you say you are (that’s about as well as I can explain it in this introductory text).
BEST PRACTICE: A common question in the Fall 2003 SBS hands-on labs related to which ports on a hardware-based firewall/router needed to be opened to allow RWW traffic through. RWW uses the following ports for its entire experience: 443, 444, 4125. Port 80 would be used if you published the root page (not recommended). And by the way, the other SBS-related port you’ll need open is 1723 (VPN, which I discuss more later).
By the way, you can see the port 4125 setting for RWW in the
Registry at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal
and look at the Port key where the REG_DWORD value is 4125.
Another common question concerns whether you must first establish a VPN connection to drill down and take control of your Windows XP Pro workstation via Remote Desktop. The answer is no. You are using RDP over HTTP, not VPN tunneling to access the Windows XP Pro workstation.
So hopefully a few pictures here have saved over a thousand words. I thought that by starting with a diagram and then witnessing the port traffic, you could “feel” RWW first hand under the hood. More of this good stuff in my advanced SBS 2003 book in the second part of 2004.
Looking forward to SBS 2008 and more madness!
cheers...harrybbbb
Harry Brelsford, ceo at smb nation, www.smbnation.com
Microsoft Small Business Specialist, MBA, MCSE, CNE, MCT, MCP, CLSE and CNP - whew - I am tired!
ps - funky groovy fall conference is less than 60-days away in Seattle!
###
Under the Hood RWW Architecture
Specialists like specialist in the professional world, perhaps because there is an element of mutual respect. So when this SBS specialist (yours truly) needed some help digging deeper in this subject area, I went to fellow SBS 2003 hands-on lab instructor Beatrice Mulzer from Florida. Beatrice is an RWW nicher and provided the screen shots in this section showing a glimpse of how things work under the hood with RWW.
First off, it helps to see a Visio diagram that outlines the RWW architectural experience. This is shown in Figure 8-10.
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
Figure 8-10
This diagram outlines the RWW mechanics.
Now for the step-by-step figures that bring definition to the chart above.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-11
Initial connection to SBS 2003 external Web page over port 80. Note HTTP in the Address field of Internet Explorer.
BEST PRACTICE: Note the above figure (Figure 8-11) assumes that you have selected the Business Web option on the Web Services Configuration page in the EICW. We did NOT do this back in Chapter 4 for the purpose of SPRINGERS. But please heed this advice, as imparted to me by the Microsoft program manager who owns this area. IN THE REAL WORLD, Microsoft discourages you from opening port 80 in the EICW via the Business Web selection. Rather, they’d rather have the address for RWW typed by external users be the FQDN followed by /remote (e.g., springers1.springersltd.com/ remote). The /remote component of the address makes the external listening port become 443 and the address is appended to HTTPS.
Another real worldism for NOT opening port 80 if you can help it. Beside exposing your IIS root to the world (and Web search engine crawling), you also expose RWW to Web search engine crawling. This is something you probably don’t want to do, as it might be the source of future vulnerabilities and attacks (as of this writing, this hasn’t been exploited). A really interesting exercise to see this in action is to go to Google and search on the terms “remote web workplace” and view the results. You’ll see pages of hits returned with Remote Web Workplace highlighted. These are SBS 2003 sites that have opened port 80 (again, likely via the Business Web selection on the Web Services Configuration page in the EICW). Stunning how many RWW sites you’ll see.
Finally, if you must have port 80 open because you really do host a business Web site and you’ve accepted the risks, then please consider using a robots.txt file to restrict Web search engine crawling. Details on robots.txt at www.robotstxt.org/wc/robots.html and in Chapter 10.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-12
Approving the security certificate (SSL) pop-up to log on to Remote Web Workplace (this process started by selecting the Remote Web Workplace link). Note the port switch from port 80 to port 443. This would be the case when you’ve published your root page via the Business Web selection on Web Services Configuration in the EICW.
Figure 8-13
The SSL pop-up was approved and the RWW logon dialog box appears. Session traffic is over port 443 and the HTTP protocol has switched to HTTPS at this point.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-14
An RWW session underway with HTTPS and port 443.
BEST PRACTICE: Did you look closely at the above figure and see the entry titled “View Server Usage Report”? How did that appear? If you have run the Monitoring Configuration Wizard (which you will do in Chapter 12) and the user (in this case Beatrice) has permission to view the server usage reports, this option will appear on the RWW page.
Notes:
Figure 8-15
Internally accessing the WSS Home page (Intranet) over port 443 under RWW. Protocol is HTTPS. Note that external access to WSS is over 444 (which isn’t being depicted in this figure).
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 8-16
When you click the Connect to my computer at work, port 4125 is used for the Remote Desktop session traffic (note port 4125 doesn’t become active and listen until you click this Connect to my computer at work button; listening actually occurs on port 443). This is in addition to port 443 that remains open (ports 4125 and 443 are simultaneously open under this scenario). At this juncture, some background voodoo is performed by SBS to authenticate you and prove you are who you say you are (that’s about as well as I can explain it in this introductory text).
BEST PRACTICE: A common question in the Fall 2003 SBS hands-on labs related to which ports on a hardware-based firewall/router needed to be opened to allow RWW traffic through. RWW uses the following ports for its entire experience: 443, 444, 4125. Port 80 would be used if you published the root page (not recommended). And by the way, the other SBS-related port you’ll need open is 1723 (VPN, which I discuss more later).
By the way, you can see the port 4125 setting for RWW in the
Registry at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal
and look at the Port key where the REG_DWORD value is 4125.
Another common question concerns whether you must first establish a VPN connection to drill down and take control of your Windows XP Pro workstation via Remote Desktop. The answer is no. You are using RDP over HTTP, not VPN tunneling to access the Windows XP Pro workstation.
So hopefully a few pictures here have saved over a thousand words. I thought that by starting with a diagram and then witnessing the port traffic, you could “feel” RWW first hand under the hood. More of this good stuff in my advanced SBS 2003 book in the second part of 2004.
Tuesday, August 12, 2008
RWW procedure in SBS 2003
Hello! I am Harry Brelsford, the author of Windows Small Business Server 2003 Best Practices (da' purple book). I am posting up several pages per day of this book until SBS 2008 ships.
Today we explore the Remote Web Workplace (RWW) usage procedure in SBS 2003.
enjoy....harrybbbb
Harry Brelsford | ceo at SMB Nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA< MCSE< MCT< CNE and other stuff!
PS - we have a raging fall geeky conference in Seattle in early October...SBS 2008 and EBS 2008 launch party!
###
RWW Procedure: Daze and Amaze!
As you start this procedure, there is a big assumption you will introduce a remote computer into the SPRINGERS scenario (so far you’ve worked with the SPRINGERS1 server machine and the PRESIDENT client computer). A favorite way to describe the mobility area in SBS 2003 time frame is to say you’re using a laptop over WIFI from a Starbucks coffee shop to access the office network!
What you need is a client computer that is not part of the SBS 2003 network and could be considered as being on the “outside” (not on the 192.168.16.x subnet). In Appendix D, you’ll receive guidance for setting this up as a virtual network using either VMWare or Virtual PC from Microsoft. To facilitate this, I created a Windows XP Pro workstation in a workgroup called HASBORN (the machine name is NormLap). I assigned the static IP address of
207.202.238.225 with a Class C subnet to this external client computer. The naming isn’t as important here as the concept of having an external client computer up and running in the SPRINGERS storyline.
1. Log on as NormH to the remote computer (in my case, NormLap) with the password Purple3300 (in this case, Norm is a local user in the Windows XP Pro workgroup model). Also - please make sure the PRESIDENT workstation is powered on and running. And I guess the SBS 2003 server machine (SPRINGERS1) better be running too! That’ll make this procedure infinitely easier to complete!
BEST PRACTICE: Later on, when you attempt to connect to PRESIDENT from NormLap, you’ll appreciate the following. If PRESIDENT were not powered on and attached to the network in
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
our case, you’d receive an error in the Remote Desktop connection process the reads: “Connectivity to the remote computer could not be established. Ensure that the remote computer is on and connected to the Windows Small Business Server Network.”
1 Launch Internet Explorer from Start, Internet. Type in the following address in the Address field: springers1.springersltd.com.
2 If you did not select the Business Web on the Web Services Configuration page in Chapter 4 when you ran the EICW, you’d receive a 403 error saying that the page could not be displayed. If you did publish the root page by selecting Business Web on the Web Services Configuration page, the Welcome page appears as seen in Figure 8-1. You will now plow through each link. But notice that the address line reads “http” at this point. This is important as you progress through the examples.
Figure 8-1
The external public Web page on an SBS 2003 server machine. It kindly welcomes you aboard! This occurs when you publish the root Web page over port 80 in SBS 2003 (which is not recommended).
BEST PRACTICE: Slow down there, pardner! How did a FQDN address resolve itself in our simple SPRINGERS methodology when I didn’t point you to an authoritative DNS server to resolve the address? Did I brain hiccup on ya there? Nope! I got sneaky and entered the following HOSTS file entry on the NormLap workstation:
207.202.238.215 springers1.springersltd.com
Note the host file on a Windows XP Pro is located by default at: c:\windows\system32\drivers\etc
1 Click My Company’s Internal Web Site and nothing will happen. This was designed to be a simple placeholder for you to place a link to your company’s Web site. It will not access the internal Web site despite the name of this link (the command being executed is http:// companyweb which is an internal, not external reference). Click Back to return to Welcome.
2 Click Network Configuration Wizard. This is an internal LAN process to join the computer as an Active Directory object on the network. This certainly has a time and place, but you’re going to defer on the opportunity to do this now because I want to maintain the sanctity of my methodology whereby NormLap is truly an external client computer. In fact, this wont’ work externally. Click Back.
3 If you clicked Remote Web Workplace, you’d access RWW from the public root Web page. But read on.
4 So now I want to reverse course and do things properly! In the Address field, type springers1.springersltd.com/remote and click Go. You’ve commenced your connection to RWW.
5 Click OK when you see the Security Alert dialog box.
6 Another Security Alert dialog box appears and relates to the self-signed security certificate described in Chapter 6. Click View Certificate and select Install Certificate. Click Next when the Certificate Import Wizard launches. Click Next on the Certificate Store page (the default selection is Automatically select the certificate store based on the type of certificate). Click Finish followed by OK. Click OK to close the Certificate dialog box. So what did you just do? You installed the certificate in Internet
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Explorer on the external client computer. Finally, click OK to clear the Security Alert dialog box that greeted you at the start of this step.
BEST PRACTICE: If you purchase a real signed certificate (e.g. Verisign), the stuff in the step above won’t happen. Consider that a best practice (Microsoft is supportive of purchased real certificates).
10. The Remote Web Workplace logon dialog box appears (Figure 8-2). Type NormH in the User name field. Type Purple3300 in the password field. Observe the other settings (using a public/shared computers, broadband connection). Click Log on.
BEST PRACTICE: Notice the Address line has switched to HTTPS. It’s self-signed security certificate time, baby! Observe the little golden padlock on the lower right of IE. HUMOR ZONE: Back before July 2003 (when Microsoft went to stock grants), stock options for full-time Microsoft employees (“blue badges”) have been referred to as the golden handcuffs, so this must be the origins of the golden padlock for IE in HTTPS mode!
Figure 8-2
The Remote Web Workplace logon page.
11. Observe the official Remote Web Workplace page that has four menu options by default (Figure 8-3). The first selection, Read my company e-mail, simply launches Outlook Web Access, which I’ll discuss a little later in the chapter. The fourth option, Download Connection Manager, is also discussed later in the chapter. For now the focus is on the middle two options. So click Connect to my computer at work.
Figure 8-3
The infamous Remote Web Workplace welcome page. The ability to connect to your computer is only one of four options on this menu.
BEST PRACTICE: Exactly how does the RWW welcome page get built and know what options to display? In part, the RWW welcome page menu options are built from the options you select on the Web Services Configuration page in the EICW (refer to Figure 4-10). Another element is that an Active Directory query is run to look for computer objects. If none are found, the link to connect to desktop computers is suppressed. If you haven’t completed the Remote Access Wizard from the To Do List in Server Manager, the Connection
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Manager link is suppressed. That’s what does it for mere mortals, but read on.
If you want to manually light up links in RWW, you can flip the DWORD value in the Registry for any menu link. Go to the following SBS 2003 Registry location in the Registry Editor (REGEDIT):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal
and then drill into the two folders (AdminLinks, KWLinks) and look at the DWORD values (these line items list each RWW menu link). Choose the AdminLinks folder when you use RWW as Administrator. Select the KWLinks folder when you use RWW as a user who has Mobile User template membership or Power User template membership.
12. Click Yes when asked by the Security Warning dialog box to install the Remote Destkop Active X control. This control will install in the background. Note this is a one-time event that runs the first time you perform this procedure. You won’t see it again.
13. Select PRESIDENT from the Computers list. Click the Optional Settings link and observe the settings. Select the Enable files and folders to be transferred between the remote computer and this computer and Hear sounds from the remote computer on this computer. The options you have just selected are self-explanatory. Your screen should look similar to Figure 8-4 (I realize the figure is slightly cropped). Click Connect.
14. Click OK after reading the Remote Desktop Connection Security Warning (Figure 8-5).
15. On the Log on to Windows dialog box that appears for the PRESIDENT client computer, type NormH as the user and Purple3300 as the password. This step is identical to logging on to a Terminal Services server machine from a remote location, so it’s likely within your comfort level.
Figure 8-4
Explore the options on the page where you select the computer you want to log on to remotely.
BEST PRACTICE: Hold the phone! Didn’t you observe in step 13 that the RWW session had you log on as NormH yet you were challenged and had to log on as NormH in the Log on to Windows dialog box? This relates to the fact that user authentication credentials from the RWW sign on (step 10) aren’t being passed on to step 15.
Technically speaking, here is what’s up. The Remote Desktop ActiveX Control can only accept credentials in clear text before connecting to a client. Once you connect, the channel is encrypted, and passwords are sent securely. Microsoft could not allow people to have their credentials stored in clear text on a client ever, which is what would have to occur in order to automatically sign you in. It’s too risky. Who knows? Maybe in the future this pass through will be securely perfected, saving that step. Good news, though. The step
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
does preset your user name for you, saving you some typing (e.g., not having to type NormH again).
Figure 8-5
Approve this security warning which speaks towards local drive mappings.
16. You are now using the PRESIDENT machine at work as NormH. THIS IS SO COOL (NormH’s exact words as he sipped a triple cappuccino at Starbucks!). Go ahead and perform a simple action such as launching his Outlook 2003 e-mail client from Start, E-mail and perhaps launch Microsoft Word from Start, All Programs, Microsoft Office, Microsoft Office Word 2003 (the result would be similar to Figure 8-6).
BEST PRACTICE: Can anyone log on to any client computer on the SBS 2003 network using this RWW-based work from home or Starbucks approach? Nope! Remember back in Chapter 4 that the Add User Wizard process made the assigned user a local administrator and eligible to log on to the client computer via the Remote Desktop capability in Windows XP Pro (see from Start, right-click My Computer, select Properties, select Remote tab and explore the Remote Desktop section of the tab sheet). Bottom line: You have to be allowed to log on to a client computer.
Figure 8-6
Working remotely, Norm has hijacked his desktop machine back at SPRINGERS and typed a document in Word 2003. Cool!
BEST PRACTICE: By the way, I remember a heated debate between individuals at the Fall 2003 Miami SBS 2003 hands-on lab regarding the Remote Desktop logon behavior in RWW. It was like witnessing a beer battle with one side claiming the brew was less filling, the other side insisting the brew tasted great. One party claimed that the auto-logoff that occurs, for example, on Norm’s PRESIDENT machine (assuming it was logged on at the time back at the office) when Norm uses RWW to initiate a Remote Desktop session is a flaw. His point was someone could be working on PRESIDENT and receive no prior notification they are being logged off (work could be lost, etc.). The other party to the debate saw the situation much differently and claimed it was a feature! Performing this log off on the local desktop when a Remote Desktop session via RWW
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
commenced enforced security and prevented snooping. So one man’s flaw is another man’s feature!
Oh-oh. Just one minor clarification to the story above. When Norm, who is working remotely, commences the Remote Desktop session, he will receive a notice that he’s about to log off the local user (in this case we’ll say Linda). It’s Linda who doesn’t receive the log off notification (Linda just finds herself being logged off).
17. Let’s pretend you walked up to the counter and ordered another triple cappuccino. The line was long with worker bees and it was over 20 minutes before you returned to your remote session on your laptop (e.g., NormLap). You’re greeted by Figure 8-7. Why? Because back in Step 9 at the RWW logon box, you told SBS 2003 that you were logging on from a public or shared computer. Knowing that, SBS 2003 will terminate your session after 20 minutes of idle time (a private or non-public computer has two hours). Note that you will always receive a RWW warning that you’re about to time out at the remaining one-minute mark. Click on the Return to the Remote Web Workplace link.
Notes:
Figure 8-7
Oops. You took to much time getting the cappuccino and were logged off for security purposes!
BEST PRACTICE: When you were auto-logged off, this wasn’t just a termination of the Remote Desktop session with the PRESIDENT desktop machine. No sir! This was a total log out from RWW (that’s going back a couple of steps there).
18. Complete the logon (again) to RWW in a manner similar to Step 10 above as NormH. Select Connect to my computer at work. Select PRESIDENT and click Connect. Log on as NormH using the Purple3300 password. Whew! You’re returned to the Word 2003 document shown in Figure 8-6. Yes Virginia, Windows XP Pro has session maintenance upon disconnect or forced logoff.
BEST PRACTICE: Note that RWW will display a list of Windows XP Pro machines with Remote Desktop and Windows 2000 Server/ Windows Server 2003 machines running Terminal Services in
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Application Sharing Mode here. This is accomplished by a background query that pools network membership for machines that meet this specific criteria. This is an SBS 2003 feature and not found in the full Windows Server 2003 network. Yee-haw.
And by the way, if you connect to a server machine running Terminal Services in Application Sharing Mode via RWW, it will be over port 4125, not port 3389 (the traditional way). You read it here first.
19. You will now disconnect properly! Close Word 2003 (save the file if you like). Close Outlook 2003. Click Start, Disconnect. Select Disconnect when the Disconnect Windows dialog box appears. When you perform this step, a local user could log on to the machine again and commence working (e.g., Linda uses the desktop computer again).
20. You are returned to RWW’s screen displaying computer names. Click the Main Menu link.
21. Click on the Use my company’s internal Web site link.
22. Complete the connection dialog box that appears as NormH in the User name and Purple3300 in the Password field.
23. The Windows SharePoint Services (WSS) Home page appears as seen in Figure 8-8.
Notes:
Figure 8-8
The WSS Home page as you left it in Chapter 7 but viewed via RWW.
24. Select Log Off. Then click Close. When asked to close the window in the Microsoft Internet Explorer dialog box, click Yes.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Today we explore the Remote Web Workplace (RWW) usage procedure in SBS 2003.
enjoy....harrybbbb
Harry Brelsford | ceo at SMB Nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA< MCSE< MCT< CNE and other stuff!
PS - we have a raging fall geeky conference in Seattle in early October...SBS 2008 and EBS 2008 launch party!
###
RWW Procedure: Daze and Amaze!
As you start this procedure, there is a big assumption you will introduce a remote computer into the SPRINGERS scenario (so far you’ve worked with the SPRINGERS1 server machine and the PRESIDENT client computer). A favorite way to describe the mobility area in SBS 2003 time frame is to say you’re using a laptop over WIFI from a Starbucks coffee shop to access the office network!
What you need is a client computer that is not part of the SBS 2003 network and could be considered as being on the “outside” (not on the 192.168.16.x subnet). In Appendix D, you’ll receive guidance for setting this up as a virtual network using either VMWare or Virtual PC from Microsoft. To facilitate this, I created a Windows XP Pro workstation in a workgroup called HASBORN (the machine name is NormLap). I assigned the static IP address of
207.202.238.225 with a Class C subnet to this external client computer. The naming isn’t as important here as the concept of having an external client computer up and running in the SPRINGERS storyline.
1. Log on as NormH to the remote computer (in my case, NormLap) with the password Purple3300 (in this case, Norm is a local user in the Windows XP Pro workgroup model). Also - please make sure the PRESIDENT workstation is powered on and running. And I guess the SBS 2003 server machine (SPRINGERS1) better be running too! That’ll make this procedure infinitely easier to complete!
BEST PRACTICE: Later on, when you attempt to connect to PRESIDENT from NormLap, you’ll appreciate the following. If PRESIDENT were not powered on and attached to the network in
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
our case, you’d receive an error in the Remote Desktop connection process the reads: “Connectivity to the remote computer could not be established. Ensure that the remote computer is on and connected to the Windows Small Business Server Network.”
1 Launch Internet Explorer from Start, Internet. Type in the following address in the Address field: springers1.springersltd.com.
2 If you did not select the Business Web on the Web Services Configuration page in Chapter 4 when you ran the EICW, you’d receive a 403 error saying that the page could not be displayed. If you did publish the root page by selecting Business Web on the Web Services Configuration page, the Welcome page appears as seen in Figure 8-1. You will now plow through each link. But notice that the address line reads “http” at this point. This is important as you progress through the examples.
Figure 8-1
The external public Web page on an SBS 2003 server machine. It kindly welcomes you aboard! This occurs when you publish the root Web page over port 80 in SBS 2003 (which is not recommended).
BEST PRACTICE: Slow down there, pardner! How did a FQDN address resolve itself in our simple SPRINGERS methodology when I didn’t point you to an authoritative DNS server to resolve the address? Did I brain hiccup on ya there? Nope! I got sneaky and entered the following HOSTS file entry on the NormLap workstation:
207.202.238.215 springers1.springersltd.com
Note the host file on a Windows XP Pro is located by default at: c:\windows\system32\drivers\etc
1 Click My Company’s Internal Web Site and nothing will happen. This was designed to be a simple placeholder for you to place a link to your company’s Web site. It will not access the internal Web site despite the name of this link (the command being executed is http:// companyweb which is an internal, not external reference). Click Back to return to Welcome.
2 Click Network Configuration Wizard. This is an internal LAN process to join the computer as an Active Directory object on the network. This certainly has a time and place, but you’re going to defer on the opportunity to do this now because I want to maintain the sanctity of my methodology whereby NormLap is truly an external client computer. In fact, this wont’ work externally. Click Back.
3 If you clicked Remote Web Workplace, you’d access RWW from the public root Web page. But read on.
4 So now I want to reverse course and do things properly! In the Address field, type springers1.springersltd.com/remote and click Go. You’ve commenced your connection to RWW.
5 Click OK when you see the Security Alert dialog box.
6 Another Security Alert dialog box appears and relates to the self-signed security certificate described in Chapter 6. Click View Certificate and select Install Certificate. Click Next when the Certificate Import Wizard launches. Click Next on the Certificate Store page (the default selection is Automatically select the certificate store based on the type of certificate). Click Finish followed by OK. Click OK to close the Certificate dialog box. So what did you just do? You installed the certificate in Internet
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Explorer on the external client computer. Finally, click OK to clear the Security Alert dialog box that greeted you at the start of this step.
BEST PRACTICE: If you purchase a real signed certificate (e.g. Verisign), the stuff in the step above won’t happen. Consider that a best practice (Microsoft is supportive of purchased real certificates).
10. The Remote Web Workplace logon dialog box appears (Figure 8-2). Type NormH in the User name field. Type Purple3300 in the password field. Observe the other settings (using a public/shared computers, broadband connection). Click Log on.
BEST PRACTICE: Notice the Address line has switched to HTTPS. It’s self-signed security certificate time, baby! Observe the little golden padlock on the lower right of IE. HUMOR ZONE: Back before July 2003 (when Microsoft went to stock grants), stock options for full-time Microsoft employees (“blue badges”) have been referred to as the golden handcuffs, so this must be the origins of the golden padlock for IE in HTTPS mode!
Figure 8-2
The Remote Web Workplace logon page.
11. Observe the official Remote Web Workplace page that has four menu options by default (Figure 8-3). The first selection, Read my company e-mail, simply launches Outlook Web Access, which I’ll discuss a little later in the chapter. The fourth option, Download Connection Manager, is also discussed later in the chapter. For now the focus is on the middle two options. So click Connect to my computer at work.
Figure 8-3
The infamous Remote Web Workplace welcome page. The ability to connect to your computer is only one of four options on this menu.
BEST PRACTICE: Exactly how does the RWW welcome page get built and know what options to display? In part, the RWW welcome page menu options are built from the options you select on the Web Services Configuration page in the EICW (refer to Figure 4-10). Another element is that an Active Directory query is run to look for computer objects. If none are found, the link to connect to desktop computers is suppressed. If you haven’t completed the Remote Access Wizard from the To Do List in Server Manager, the Connection
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Manager link is suppressed. That’s what does it for mere mortals, but read on.
If you want to manually light up links in RWW, you can flip the DWORD value in the Registry for any menu link. Go to the following SBS 2003 Registry location in the Registry Editor (REGEDIT):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal
and then drill into the two folders (AdminLinks, KWLinks) and look at the DWORD values (these line items list each RWW menu link). Choose the AdminLinks folder when you use RWW as Administrator. Select the KWLinks folder when you use RWW as a user who has Mobile User template membership or Power User template membership.
12. Click Yes when asked by the Security Warning dialog box to install the Remote Destkop Active X control. This control will install in the background. Note this is a one-time event that runs the first time you perform this procedure. You won’t see it again.
13. Select PRESIDENT from the Computers list. Click the Optional Settings link and observe the settings. Select the Enable files and folders to be transferred between the remote computer and this computer and Hear sounds from the remote computer on this computer. The options you have just selected are self-explanatory. Your screen should look similar to Figure 8-4 (I realize the figure is slightly cropped). Click Connect.
14. Click OK after reading the Remote Desktop Connection Security Warning (Figure 8-5).
15. On the Log on to Windows dialog box that appears for the PRESIDENT client computer, type NormH as the user and Purple3300 as the password. This step is identical to logging on to a Terminal Services server machine from a remote location, so it’s likely within your comfort level.
Figure 8-4
Explore the options on the page where you select the computer you want to log on to remotely.
BEST PRACTICE: Hold the phone! Didn’t you observe in step 13 that the RWW session had you log on as NormH yet you were challenged and had to log on as NormH in the Log on to Windows dialog box? This relates to the fact that user authentication credentials from the RWW sign on (step 10) aren’t being passed on to step 15.
Technically speaking, here is what’s up. The Remote Desktop ActiveX Control can only accept credentials in clear text before connecting to a client. Once you connect, the channel is encrypted, and passwords are sent securely. Microsoft could not allow people to have their credentials stored in clear text on a client ever, which is what would have to occur in order to automatically sign you in. It’s too risky. Who knows? Maybe in the future this pass through will be securely perfected, saving that step. Good news, though. The step
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
does preset your user name for you, saving you some typing (e.g., not having to type NormH again).
Figure 8-5
Approve this security warning which speaks towards local drive mappings.
16. You are now using the PRESIDENT machine at work as NormH. THIS IS SO COOL (NormH’s exact words as he sipped a triple cappuccino at Starbucks!). Go ahead and perform a simple action such as launching his Outlook 2003 e-mail client from Start, E-mail and perhaps launch Microsoft Word from Start, All Programs, Microsoft Office, Microsoft Office Word 2003 (the result would be similar to Figure 8-6).
BEST PRACTICE: Can anyone log on to any client computer on the SBS 2003 network using this RWW-based work from home or Starbucks approach? Nope! Remember back in Chapter 4 that the Add User Wizard process made the assigned user a local administrator and eligible to log on to the client computer via the Remote Desktop capability in Windows XP Pro (see from Start, right-click My Computer, select Properties, select Remote tab and explore the Remote Desktop section of the tab sheet). Bottom line: You have to be allowed to log on to a client computer.
Figure 8-6
Working remotely, Norm has hijacked his desktop machine back at SPRINGERS and typed a document in Word 2003. Cool!
BEST PRACTICE: By the way, I remember a heated debate between individuals at the Fall 2003 Miami SBS 2003 hands-on lab regarding the Remote Desktop logon behavior in RWW. It was like witnessing a beer battle with one side claiming the brew was less filling, the other side insisting the brew tasted great. One party claimed that the auto-logoff that occurs, for example, on Norm’s PRESIDENT machine (assuming it was logged on at the time back at the office) when Norm uses RWW to initiate a Remote Desktop session is a flaw. His point was someone could be working on PRESIDENT and receive no prior notification they are being logged off (work could be lost, etc.). The other party to the debate saw the situation much differently and claimed it was a feature! Performing this log off on the local desktop when a Remote Desktop session via RWW
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
commenced enforced security and prevented snooping. So one man’s flaw is another man’s feature!
Oh-oh. Just one minor clarification to the story above. When Norm, who is working remotely, commences the Remote Desktop session, he will receive a notice that he’s about to log off the local user (in this case we’ll say Linda). It’s Linda who doesn’t receive the log off notification (Linda just finds herself being logged off).
17. Let’s pretend you walked up to the counter and ordered another triple cappuccino. The line was long with worker bees and it was over 20 minutes before you returned to your remote session on your laptop (e.g., NormLap). You’re greeted by Figure 8-7. Why? Because back in Step 9 at the RWW logon box, you told SBS 2003 that you were logging on from a public or shared computer. Knowing that, SBS 2003 will terminate your session after 20 minutes of idle time (a private or non-public computer has two hours). Note that you will always receive a RWW warning that you’re about to time out at the remaining one-minute mark. Click on the Return to the Remote Web Workplace link.
Notes:
Figure 8-7
Oops. You took to much time getting the cappuccino and were logged off for security purposes!
BEST PRACTICE: When you were auto-logged off, this wasn’t just a termination of the Remote Desktop session with the PRESIDENT desktop machine. No sir! This was a total log out from RWW (that’s going back a couple of steps there).
18. Complete the logon (again) to RWW in a manner similar to Step 10 above as NormH. Select Connect to my computer at work. Select PRESIDENT and click Connect. Log on as NormH using the Purple3300 password. Whew! You’re returned to the Word 2003 document shown in Figure 8-6. Yes Virginia, Windows XP Pro has session maintenance upon disconnect or forced logoff.
BEST PRACTICE: Note that RWW will display a list of Windows XP Pro machines with Remote Desktop and Windows 2000 Server/ Windows Server 2003 machines running Terminal Services in
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Application Sharing Mode here. This is accomplished by a background query that pools network membership for machines that meet this specific criteria. This is an SBS 2003 feature and not found in the full Windows Server 2003 network. Yee-haw.
And by the way, if you connect to a server machine running Terminal Services in Application Sharing Mode via RWW, it will be over port 4125, not port 3389 (the traditional way). You read it here first.
19. You will now disconnect properly! Close Word 2003 (save the file if you like). Close Outlook 2003. Click Start, Disconnect. Select Disconnect when the Disconnect Windows dialog box appears. When you perform this step, a local user could log on to the machine again and commence working (e.g., Linda uses the desktop computer again).
20. You are returned to RWW’s screen displaying computer names. Click the Main Menu link.
21. Click on the Use my company’s internal Web site link.
22. Complete the connection dialog box that appears as NormH in the User name and Purple3300 in the Password field.
23. The Windows SharePoint Services (WSS) Home page appears as seen in Figure 8-8.
Notes:
Figure 8-8
The WSS Home page as you left it in Chapter 7 but viewed via RWW.
24. Select Log Off. Then click Close. When asked to close the window in the Microsoft Internet Explorer dialog box, click Yes.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Wednesday, August 6, 2008
Office and SBS Integration Points with Windows SharePoint Services (WSS)
Happy hump day - we are almost nearing the end of Chapter 3 in Windows Small Business Server 2003 Best Practices wherein we are studying Windows SharePoint Services. As you know - I am posting up a few pages per day from my book for your pleasure.
enjoy....harrybbbb
Harry Brelsford | ceo at smb nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT and other stuff!
###
SBS 2003 Integration with WSS
Those “dev dudes” on the SBS 2003 development team slipped in a few points of integration between SBS 2003 and WSS that need to be highlighted.
• Remote E-mail Access (under Links). This allows you to view your Exchange-based e-mail via Outlook Web Access (Chapters 6 and 8 discuss this area more).
• Remote Server Management (under Links). This spawns a Terminal Services session to manage the SBS 2003 server machine (Chapters 4, 8, and 11 discuss this functionality more).
• Add User Wizard/Add Template wizard. Adding users and templates automatically get WSS roles
• Client and Server home page setting
• EICW: publishing intranet takes care of publishing the intranet virtual server in IIS
• Import Files Wizard from Import Files link from the Internal Web Site.
Office 2003 Integration with WSS
Something I plan to emphasis during the SMB Nation Summit worldwide tour in 2004 (www.smbnation.com) is the integration of Office 2003 with SBS 2003. Nowhere is this integration more apparent than how Office 2003 ties into WSS. In this section, I’ll discuss Shared Workspace, metadata promotion, and Meeting Workspaces and give examples of Access 2003 and FrontPage 2003 integration.
Note that I won’t dwell on another integration feature, Document Workspace sites, because that’s what we’ve basically been working with in this chapter. But for the record, Document Workspaces are clearly an Office 2003/WSS integration point.
Shared Workspace
You have already seen one such tie-in already. Revert back to Figure 7-11 and observe the Shared Workspace element on the right-side of the Word document.
This is one major way Office 2003 and WSS interact. A workspace is an area, hosted on a server (read SBS 2003), where colleagues can share documents, information, and hugs. The features of a shared workspace include document libraries, task lists, links lists, members list, and e-mail alerts. All shared workspace tasks can be performed in Office 2003 applications.
BEST PRACTICE: The Shared Workspace task pane opens automatically when you open an Office 2003 document that is stored in a WSS document library. In addition to displaying Web site data in the Members, Tasks, Documents and Links tabs, the Shared Workspace pane provides information about the active document on the Status and Document Information tabs:
The Status tab is pretty darn cool. It lists important information such as whether the document is up to date, in conflict with another member’s copy, and whether it is checked out. The Document Information tab tells you stuff like modified date, etc.
Metadata promotion
Another Office 2003 integration point with WSS is metadata promotion. To understand the context of this discussion, consider the following. In a traditional document management solution, each document has a profile. The document profile consists of descriptive fields with information about the document (i.e., what the document is about). These fields are called metadata.
BEST PRACTICE: You’ve likely worked with profiles and metadata at the document level for a long time and not necessarily even known it. How? Simply open any existing document from any Microsoft Office product (e.g., Word) and select File, Properties. The document property sheet that appears is a profile and the data in the fields (such as your name in the Author field) are metadata.
In a WSS document library, the columns of the document library (list columns) are the fields for the document profile. If you wish to add a field to the document profile for the library, you simply add a column to the WSS document library. The user-created columns of metadata fields automatically become populated
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
fields in the file properties of the document. It’s that easy! Whenever a user uploads a document to the library, she will be prompted to complete the metadata for the document. Note if you upload a document and make some off-line changes to the file properties of the document, said changes will be added as metadata in the document profile on the WSS document library.
BEST PRACTICE: I’m really starting to cross a boundary here and move into a discussion on InfoPath, an Office 2003 family member. InfoPath is an editor that looks kinda like Word and is a backend application that manages forms. These forms are akin to the file properties for a document except these forms use the data via XML to create much more meaningful metadata (a property sheet in Word just sits there).
For example, a company uses InfoPath and has a forms library with expense reports. The employee opens the new expense report form, enters data and saves it. This structured data is extracted by the accounting system.
More on this with specific procedures in my advanced SBS 2003 book.
Meeting Workspaces
A Meeting Workspace is a Web site for centralizing all the information and materials for one or more meetings. Prior to the meeting, attendees use the workspace to publish an agenda, attendee list, and relevant documents. During or after the meeting, the workspace can be used to publish meeting results and track tasks. A user is typically invited to the meeting via an e-mail request and they click a link to join. You will recall from the SBS 2000 Best Practices book in the Exchange Server chapter when I turned you on to Exchange Conferencing Server that this type of invitation with a link capability was present in that conferencing environment.
There are five types of Meeting Workspace templates in WSS:
• Blank Meeting Workspace. Requires customization to meet your requirements
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
• Basic Meeting Workspace. Includes all the basics elements to plan, organize, and track your meeting. Predefined lists (and associated Web Parts) include: Objectives, Attendees, and Agenda.
• Decision Meeting Workspace. Similar to the Basics Meeting Workspace but also focuses on the ability to review document and record decisions during the meeting. Additional lists beyond the “basics” include Document Library, Tasks, and Decisions.
• Social Meeting Workspace. Oriented toward planning parties and social events. The lists include Attendees, Directions, Image/Logo, Things to Bring, Discussions, and Picture Library.
• Multipage Meeting Workspace. This is the same as the Basic Meeting Workspace but allows multiple pages.
You can create a Meeting Workspace either in WSS or via Outlook 2003. From WSS, simply click Create (from the top link bar) and select Sites and Workgroups beneath Web Pages. Then complete the information for the workspace site you want and click Create (when writing this I created a monthly meeting site for SPRINGERS and I encourage you to do the same). Then select a template on the Template Selection page (I selected the Decision Meeting Workspace). Click OK. And that’s it, Your screen should look similar to Figure 7-22.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-22
Something not widely emphasized in other SBS 2003 learning avenues, like the hands-on labs, is the Meeting Workspace capability of WSS. Use it!
BEST PRACTICE: The online help in WSS has excellent support for
Meeting Workspaces and I encourage you to delve deeper here.
Access 2003 Integration
First off, it’s big assumption time. I’m assuming that you’ve run (not walked) and installed Office 2003 on your client computer to track with me (you heard me mention this in other chapters such as Chapter 6 in the Exchange and Outlook discussion). That said, let me explain how one of the killer applications, Access 2003, integrates with WSS.
There are five integration points between Access 2003 and WSS:
• Export to WSS. Here you simply specify a site during the Access 2003 export keystroke sequence and the fields are mapped automatically.
• Import from WSS. This is a wizard-driven import of Lists and Views of Lists from WSS.
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
• Read/Write live link to WSS. Think of this as revisiting Dynamic Data Exchange (DDE) and Object Linking and Embedding (OLE).
• From WSS to Access 2003. WSS exports stuff to Access 2003. Access 2003 then creates a linked table and reports.
• Lookup field support. Full support for the database lookup function in WSS.
Excel 2003 integration
Something that’ll excite many readers is the simplicity with which you can send Excel 2003 data to a WSS list. You’ll do that right here, right now.
1. Log on as NormH at PRESIDENT with the password Purple3300.
2. Start Microsoft Excel 2003 from Start, All Programs, Microsoft Office, Microsoft Office Excel 2003.
3. In Excel 2003, create a simple spreadsheet with financial information.
As you’ll see in a moment, I created a quick-and-dirty DuPont ratio model (if you don’t know what that is, no worries - it’s an MBA thang!).
4. Select Data, List, Create List. The data is converted to a list.
5. Select Data, List, Publish List. As seen in Figure 7-23, on the Publish List to SharePoint Site - Step 1 of 2 pages, complete the Address field to point to the Breeder1 site you created earlier (http:/ /companyweb/breeder1) and then select the Link to the new SharePoint list checkbox. In the Name field, give a descriptive title such as SPRINGERS DuPont Ratio Model and under Description type something like It’s Norm’s MBA in action!
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-23
You are creating the list to publish to WSS.
6. Click Next.
7. Confirm the column format on the next page (Step 2 of 2) and click Finish.
8. Click OK when the Windows SharePoint Services dialog box notifies you the list was successfully created.
9. Launch Internet Explorer from Start, Internet. The Springer Spaniels Limited Home page appears.
10. Click Breeding Workspace under Links. Click Lists in the left column. Select SPRINGERS DuPont Ratio model under Create List.
11. Observe the list in Figure 7-24. This is Excel 2003 data being presented in WSS and it’s active. Go ahead and horse around here. Change values, insert a row, add data, and see how it affects the list in WSS and Excel 2003. Yee-haw!
Figure 7-24
This is a great way to integrate Office 2003 and WSS in SBS 2003. This example could be the basis for you to go forth and create an EIS (discussed in this chapter) on the SBS network.
BEST PRACTICE: Another cool SBS 2003 WSS and Office 2003 integration point involves looking at a list in a data sheet and copying and pasting stuff from Excel. Here is what I mean. Create a data sheet in WSS and click the List in Datasheet option. Then open Excel 2003 and create a business spreadsheet populated with business data. Then right-click on your Start toolbar and select Tile Windows Vertically. At this point, the data list in WSS and the business spreadsheet in Exchange will be lined up. Then drag and drop the business data from Excel into the data list in WSS. This integration method, only possible with Office 2003 or higher, is another way to transfer data and is very efficient.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
An individual I know who uses this approach likes it because it allows you to see the Excel-based business data line up correctly in the WSS data list. Seeing is believing.
FrontPage 2003 integration
This integration point is very simple: good looks! FrontPage 2003 can best be integrated with WSS is to make the pages look better. Kinda like the popular American television show Extreme Makeover meets WSS in SBS 2003! More conservative folk would say it allows you to create professional-looking, high-quality pages. Enough said.
BEST PRACTICE: To the extent practicable, PLEASE try to have all of your client machines upgrade to Office 2003. I propose that the integration of WSS with Office 2003 is the “killer application” or a sufficient reason to undergo this upgrade. Am I all wet on this proposition? Then voice your opinion to me at sbs@nethealthmon.com!
Note my advanced SBS 2003 book will have much more discussion on Office 2003 and even SBS-specific integration with WSS! Stay tuned.
enjoy....harrybbbb
Harry Brelsford | ceo at smb nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT and other stuff!
###
SBS 2003 Integration with WSS
Those “dev dudes” on the SBS 2003 development team slipped in a few points of integration between SBS 2003 and WSS that need to be highlighted.
• Remote E-mail Access (under Links). This allows you to view your Exchange-based e-mail via Outlook Web Access (Chapters 6 and 8 discuss this area more).
• Remote Server Management (under Links). This spawns a Terminal Services session to manage the SBS 2003 server machine (Chapters 4, 8, and 11 discuss this functionality more).
• Add User Wizard/Add Template wizard. Adding users and templates automatically get WSS roles
• Client and Server home page setting
• EICW: publishing intranet takes care of publishing the intranet virtual server in IIS
• Import Files Wizard from Import Files link from the Internal Web Site.
Office 2003 Integration with WSS
Something I plan to emphasis during the SMB Nation Summit worldwide tour in 2004 (www.smbnation.com) is the integration of Office 2003 with SBS 2003. Nowhere is this integration more apparent than how Office 2003 ties into WSS. In this section, I’ll discuss Shared Workspace, metadata promotion, and Meeting Workspaces and give examples of Access 2003 and FrontPage 2003 integration.
Note that I won’t dwell on another integration feature, Document Workspace sites, because that’s what we’ve basically been working with in this chapter. But for the record, Document Workspaces are clearly an Office 2003/WSS integration point.
Shared Workspace
You have already seen one such tie-in already. Revert back to Figure 7-11 and observe the Shared Workspace element on the right-side of the Word document.
This is one major way Office 2003 and WSS interact. A workspace is an area, hosted on a server (read SBS 2003), where colleagues can share documents, information, and hugs. The features of a shared workspace include document libraries, task lists, links lists, members list, and e-mail alerts. All shared workspace tasks can be performed in Office 2003 applications.
BEST PRACTICE: The Shared Workspace task pane opens automatically when you open an Office 2003 document that is stored in a WSS document library. In addition to displaying Web site data in the Members, Tasks, Documents and Links tabs, the Shared Workspace pane provides information about the active document on the Status and Document Information tabs:
The Status tab is pretty darn cool. It lists important information such as whether the document is up to date, in conflict with another member’s copy, and whether it is checked out. The Document Information tab tells you stuff like modified date, etc.
Metadata promotion
Another Office 2003 integration point with WSS is metadata promotion. To understand the context of this discussion, consider the following. In a traditional document management solution, each document has a profile. The document profile consists of descriptive fields with information about the document (i.e., what the document is about). These fields are called metadata.
BEST PRACTICE: You’ve likely worked with profiles and metadata at the document level for a long time and not necessarily even known it. How? Simply open any existing document from any Microsoft Office product (e.g., Word) and select File, Properties. The document property sheet that appears is a profile and the data in the fields (such as your name in the Author field) are metadata.
In a WSS document library, the columns of the document library (list columns) are the fields for the document profile. If you wish to add a field to the document profile for the library, you simply add a column to the WSS document library. The user-created columns of metadata fields automatically become populated
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
fields in the file properties of the document. It’s that easy! Whenever a user uploads a document to the library, she will be prompted to complete the metadata for the document. Note if you upload a document and make some off-line changes to the file properties of the document, said changes will be added as metadata in the document profile on the WSS document library.
BEST PRACTICE: I’m really starting to cross a boundary here and move into a discussion on InfoPath, an Office 2003 family member. InfoPath is an editor that looks kinda like Word and is a backend application that manages forms. These forms are akin to the file properties for a document except these forms use the data via XML to create much more meaningful metadata (a property sheet in Word just sits there).
For example, a company uses InfoPath and has a forms library with expense reports. The employee opens the new expense report form, enters data and saves it. This structured data is extracted by the accounting system.
More on this with specific procedures in my advanced SBS 2003 book.
Meeting Workspaces
A Meeting Workspace is a Web site for centralizing all the information and materials for one or more meetings. Prior to the meeting, attendees use the workspace to publish an agenda, attendee list, and relevant documents. During or after the meeting, the workspace can be used to publish meeting results and track tasks. A user is typically invited to the meeting via an e-mail request and they click a link to join. You will recall from the SBS 2000 Best Practices book in the Exchange Server chapter when I turned you on to Exchange Conferencing Server that this type of invitation with a link capability was present in that conferencing environment.
There are five types of Meeting Workspace templates in WSS:
• Blank Meeting Workspace. Requires customization to meet your requirements
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
• Basic Meeting Workspace. Includes all the basics elements to plan, organize, and track your meeting. Predefined lists (and associated Web Parts) include: Objectives, Attendees, and Agenda.
• Decision Meeting Workspace. Similar to the Basics Meeting Workspace but also focuses on the ability to review document and record decisions during the meeting. Additional lists beyond the “basics” include Document Library, Tasks, and Decisions.
• Social Meeting Workspace. Oriented toward planning parties and social events. The lists include Attendees, Directions, Image/Logo, Things to Bring, Discussions, and Picture Library.
• Multipage Meeting Workspace. This is the same as the Basic Meeting Workspace but allows multiple pages.
You can create a Meeting Workspace either in WSS or via Outlook 2003. From WSS, simply click Create (from the top link bar) and select Sites and Workgroups beneath Web Pages. Then complete the information for the workspace site you want and click Create (when writing this I created a monthly meeting site for SPRINGERS and I encourage you to do the same). Then select a template on the Template Selection page (I selected the Decision Meeting Workspace). Click OK. And that’s it, Your screen should look similar to Figure 7-22.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-22
Something not widely emphasized in other SBS 2003 learning avenues, like the hands-on labs, is the Meeting Workspace capability of WSS. Use it!
BEST PRACTICE: The online help in WSS has excellent support for
Meeting Workspaces and I encourage you to delve deeper here.
Access 2003 Integration
First off, it’s big assumption time. I’m assuming that you’ve run (not walked) and installed Office 2003 on your client computer to track with me (you heard me mention this in other chapters such as Chapter 6 in the Exchange and Outlook discussion). That said, let me explain how one of the killer applications, Access 2003, integrates with WSS.
There are five integration points between Access 2003 and WSS:
• Export to WSS. Here you simply specify a site during the Access 2003 export keystroke sequence and the fields are mapped automatically.
• Import from WSS. This is a wizard-driven import of Lists and Views of Lists from WSS.
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
• Read/Write live link to WSS. Think of this as revisiting Dynamic Data Exchange (DDE) and Object Linking and Embedding (OLE).
• From WSS to Access 2003. WSS exports stuff to Access 2003. Access 2003 then creates a linked table and reports.
• Lookup field support. Full support for the database lookup function in WSS.
Excel 2003 integration
Something that’ll excite many readers is the simplicity with which you can send Excel 2003 data to a WSS list. You’ll do that right here, right now.
1. Log on as NormH at PRESIDENT with the password Purple3300.
2. Start Microsoft Excel 2003 from Start, All Programs, Microsoft Office, Microsoft Office Excel 2003.
3. In Excel 2003, create a simple spreadsheet with financial information.
As you’ll see in a moment, I created a quick-and-dirty DuPont ratio model (if you don’t know what that is, no worries - it’s an MBA thang!).
4. Select Data, List, Create List. The data is converted to a list.
5. Select Data, List, Publish List. As seen in Figure 7-23, on the Publish List to SharePoint Site - Step 1 of 2 pages, complete the Address field to point to the Breeder1 site you created earlier (http:/ /companyweb/breeder1) and then select the Link to the new SharePoint list checkbox. In the Name field, give a descriptive title such as SPRINGERS DuPont Ratio Model and under Description type something like It’s Norm’s MBA in action!
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-23
You are creating the list to publish to WSS.
6. Click Next.
7. Confirm the column format on the next page (Step 2 of 2) and click Finish.
8. Click OK when the Windows SharePoint Services dialog box notifies you the list was successfully created.
9. Launch Internet Explorer from Start, Internet. The Springer Spaniels Limited Home page appears.
10. Click Breeding Workspace under Links. Click Lists in the left column. Select SPRINGERS DuPont Ratio model under Create List.
11. Observe the list in Figure 7-24. This is Excel 2003 data being presented in WSS and it’s active. Go ahead and horse around here. Change values, insert a row, add data, and see how it affects the list in WSS and Excel 2003. Yee-haw!
Figure 7-24
This is a great way to integrate Office 2003 and WSS in SBS 2003. This example could be the basis for you to go forth and create an EIS (discussed in this chapter) on the SBS network.
BEST PRACTICE: Another cool SBS 2003 WSS and Office 2003 integration point involves looking at a list in a data sheet and copying and pasting stuff from Excel. Here is what I mean. Create a data sheet in WSS and click the List in Datasheet option. Then open Excel 2003 and create a business spreadsheet populated with business data. Then right-click on your Start toolbar and select Tile Windows Vertically. At this point, the data list in WSS and the business spreadsheet in Exchange will be lined up. Then drag and drop the business data from Excel into the data list in WSS. This integration method, only possible with Office 2003 or higher, is another way to transfer data and is very efficient.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
An individual I know who uses this approach likes it because it allows you to see the Excel-based business data line up correctly in the WSS data list. Seeing is believing.
FrontPage 2003 integration
This integration point is very simple: good looks! FrontPage 2003 can best be integrated with WSS is to make the pages look better. Kinda like the popular American television show Extreme Makeover meets WSS in SBS 2003! More conservative folk would say it allows you to create professional-looking, high-quality pages. Enough said.
BEST PRACTICE: To the extent practicable, PLEASE try to have all of your client machines upgrade to Office 2003. I propose that the integration of WSS with Office 2003 is the “killer application” or a sufficient reason to undergo this upgrade. Am I all wet on this proposition? Then voice your opinion to me at sbs@nethealthmon.com!
Note my advanced SBS 2003 book will have much more discussion on Office 2003 and even SBS-specific integration with WSS! Stay tuned.
Tuesday, August 5, 2008
Advanced WSS topics in SBS 2003
Hello folks -i am harry brelsford, author of Windows Small Buinsess Server 2003 Best Practices and I am posting up a few pages a day of the "purple book" until SBS 2008 ships. Today we look at some advanced topics in Windows SharePoint Services in the SBS 2003 product. Good stuff Maynard!
cheers...harrybbbb
Harry Brelsford, ceo of SMB Nation www.smbnation.com and your fellow Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT and other non-sense.
PS - we got a hellva SBS 2008 and Essential Business Server 2008 (EBS) launch party happin' in Seattle in early october. Check out my Web site for event details!
###
Advanced WSS Topics
I’m still planting WSS seeds for you to march forward with, and this section cultivates a garden of advanced SharePoint topics. These include meeting and greeting the options on the Modify Shared Page menu, learning how to use the management and statistics, server-side stuff and Office 2003 integration and using SQL Server with WSS.
Modify Shared Page
You’ve actually already peeked at this option in an earlier procedure, but this area warrants more discussion. Here I’ll explain each of the options.
• Add Web Parts. You’re quite familiar with this option because you added a Web Part earlier in the chapter.
• Design this Page. It’s human nature and certainly the nature of SBSers to fiddle around. The SBS development team has provided a great start with the default Home page, but experience has shown that SBSers ask the following question early and often: “How can I modify the Home page?” Obviously, adding Web Parts (above) is one way. The other is to fiddle with the design via the option. Go ahead and play with it under the SPRINGERS methodology, as you can’t do any real harm.
• Modify Shared Web Parts. This option is to modify existing Home page elements, including the announcements, site image, and link.
BEST PRACTICE: A popular modification right here amongst SBSers is to modify the site image. You can make the page better reflect the
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
company’s image by displaying the company logo instead of the Windows Small Business Server 2003 logo. See the default site image (Windows Small Business Server 2003) in the upper right corner of Figure 7-16.
• Shared View. This reveals the shared view that you are accustomed to at this point. A change made to the Home page is observed by everyone. This is the default view in SBS 2003.
• Personal View. There is some real power in WSS in creating personal views, where different users have a different WSS experience. Remember earlier when I spoke to the EIS creation process to report financial information. This is how you might do that, allowing executives to see sensitive financial information that isn’t appropriate for the rest of the staff.
Management and Statistics
Another thing to learn all about is the Management and Statistics area. From the home page, this is easily accessed from clicking Site Settings followed by Go to Site Administration under Administration. You will now see the Top-level Site Administration page. The Management and Statistics section has a link that allows you to view site usage data, which provide the metrics that let SBSers know how effective their efforts are in delivering a compelling business portal. This is analogous to some Web monitor tools (e.g., hit counters) that are used in the world of e-commerce.
WSS Backup and Restore
There was a very interesting and timely discussion on the Yahoo! SBS newsgroup in mid-December 2003 that discussed backup options for WSS in SBS 2003. This is a dialog between two leading SBSers (note the following public discussion is unedited):
SBSer #1 thoughtfully comments with the initial posting:
Generally, if we restore an individual SharePoint file,
we need to have a file-based backup image of your SharePoint documents. As I know, there are two ways to
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
perform file-based backup for your SharePoint database. For your convenience, I included the methods below:
Method 1. Use NTBackup.
===================== According to our test, we can map the folders under \\companyweb
as network drives now. Thus, we can use NTBackup to back up or restore the files in these folders (network drives) directly. To do so,
please follow the stepsbelow:
1. Map the \\Companyweb\Foldername
2. Run NTBackup and back up the network drive.
3. When you need to restore one file in this folder, simply run NTBackup to restore
Method 2. Use Stsadm.exe.
===================== If you have enabled the recovery of SharePoint files, you can recover a
file or list item by restoring the entire site from a backup to a subsite of http://companyweb, selecting the file or list item that you want to restore, extracting
it, and uploading it to its original location. To enable the recovery of individual SharePoint files, please use the following procedure:
1. Click Start, click Control Panel, click Scheduled Tasks, and then click Add Scheduled Task.
2. Click Next on the first page of the Scheduled Task Wizard.
3. Click Browse, go to %SystemDrive%\Program
Files\Common Files\MicrosoftShared\Web server extensions\60\Bin, and then double-click Stsadm.exe.
4. Select how often you want this task to run, and then click Next.
5. Select the time you want to run the schedule, and then click Next.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
1. Enter administrator credentials, and then click Next.
2. Select the Open advanced properties when I click finish check box, and then click Finish.
3. On the Task tab in the dialog box that appears, in the Run box, type “%SystemDrive%\Program files\Common files\Microsoft shared\Web server extensions\60\Bin\Stsadm.exe” -o backup -url http:// Companyweb –filename target path -overwrite, where target path is where you save the backup of your internal Web site. Click OK. You must type the quotation marks.
If you have enabled this before, you can follow the steps below to restore the missing files:
1. Click Start, click Command Prompt, and then type “%SystemDrive%\Program files\Common files\Microsoft shared\Web server extensions\60\Bin\Stsadm.exe” -o createsiteinnewdb -url http://companyweb/sites/RestoredSite -ownerlogin DOMAIN\administrator -owneremail administrator@DOMAIN.local
-databasename STS_RESTORE, where DOMAIN is your server domain and administrator@DOMAIN.local is your administrator¡¯s e-mail address. Include the quotation marks as part of the path. Press ENTER.
2. Type “%SystemDrive%\Program files\Common files\Microsoft shared\Web server extensions\60\Bin\Stsadm.exe” -o restore -url http://Companyweb/Sites/Restoredsite -filename target path -overwrite, where target path is the location where you chose to save your SharePoint backup. Include the quotation marks as part of the path. Press ENTER.
3. Open Internet Explorer, and in the address bar, type
http://Companyweb/Sites/Restoredsite. The site that appears is the same as your company Web site.
1. In the restored site, navigate to the missing file.
2. Right-click the file, select Save Target As, and then select a location to which to save the file.
3. Repeat steps 4 and 5 for all missing files.
4. Open your company Web site, navigate to the location where the missing files should be, and then on the SharePoint toolbar, click Upload Document.
NOTE: The second method is provided in the SBS Server help. You can findthis by the following steps:
1. Open Server Management.
2. Click Standard Management->Backup.
3. Click Restore Sharepoint files in the right pane. However, if you have not performed either method above to enable file-based backup, I am afraid that we may have
to restore the entire database.
SBSer #2 thoughtfully replies:
Just realize that there are certain things to be aware of regarding method #1:
1)
it is not a method supported by the SBS Dev
Team
2)
you need to have a separate network place on
your server pointing to the each sharepoint document library, etc. you want to back up individual files from. Note that you cannot have a single network place
just pointing to companyweb 3) NTBackup will not restore files back into the Sharepoint database. You will have to restore to an alternate location, then manually upload the file back into Sharepoint.
SBSer #1 reverts back and ends the thread:
Have to laugh though... that’s a cut and paste from a Microsoft support person posting.... but I have heard that #1 is not the preferred method. Thus my comment about using #2.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
BEST PRACTICE: Be sure to catch the comment about the Restore SharePoint Files link under Backup (Server Management, Standard Management). Right now, please click over and read the Small Business Server Help and Information page (that appears upon click) on this topic.
Server-Side: SharePoint Central Administration
Much of what we have discussed so far has been on the client computer-side. You’ve interacted with WSS from Internet Explorer from NormH’s PRESIDENT machine. But there is a server-side to WSS you should know about. In this section, you will observe the file types that are blocked from uploading and learn about the native antivirus protection. You will correctly use SharePoint Central Administration to do this (see my Best Practice in a moment about the best server-side tools to use).
1 Log on as Administrator to SPRINGERS1 with the password Husky9999!.
2 Click Start, Administrative Tools, SharePoint Central Administration.
3 On the Central Administration page, select Manage blocked file types under Security Configuration.
4 Observe the default file extensions that are blocked. You can add or delete file extensions to this list. These are file types that can not be uploaded into WSS. Click OK.
BEST PRACTICE: Compare the list of blocked file extensions here compared to SMTP sink blocked file types discussed in Chapter 6 (see the attachment blocking discussion) and shown back in Figure 4-14 when the E-mail and Internet Connection Wizard (EICW) was completed.
1 On the Central Administration page, select Configure antivirus settings under Security Configuration.
2 Click the Show me more information link and read about the requirements for virus protection in WSS. You can then click the About virus protection link to learn even more. Close the help window.
1 Select the following antivirus settings: Scan documents on upload, Scan documents on download, Attempt to clean infected documents.
2 Click OK.
3 Close the Central Administration page.
BEST PRACTICE: In Chapter 11, you will be strongly encouraged to download and install a trial version of Trend Micro’s PortalProtect for SharePoint, a WSS compliant application that will exploit the antivirus settings you just configured.
BEST PRACTICE: When I was teaching SharePoint technologies on the Spring 2003 GTM hands-on lab tour, a common challenge for students was to keep it all “straight” and remember where they were in WSS. You’ve already seen at least four ways to interact with WSS:
• Springer Spaniels Limited Home page when you launch Internet
Explorer on a client computer
• Server Management console on the SBS 2003 server machine (see Internal Web Site under Standard Management)
• SharePoint Central Administration on the server. USE THIS ONE for administrative management of WSS.
• Microsoft SharePoint Administrator. BEWARE: this is FrontPage Server Extensions management, not truly WSS. DO NOT USE THIS ONE. This is a distant sister technology to WSS.
There is actually a fourth way to interact with WSS: Web folders. To see this, go to a client machine (e.g., PRESIDENT) and launch My Network Places from the Start button. Observe the Web folders related to CompanyWeb (the default WSS virtual server in SBS 2003). At this point, you should see General Documents and Jones Family.
cheers...harrybbbb
Harry Brelsford, ceo of SMB Nation www.smbnation.com and your fellow Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT and other non-sense.
PS - we got a hellva SBS 2008 and Essential Business Server 2008 (EBS) launch party happin' in Seattle in early october. Check out my Web site for event details!
###
Advanced WSS Topics
I’m still planting WSS seeds for you to march forward with, and this section cultivates a garden of advanced SharePoint topics. These include meeting and greeting the options on the Modify Shared Page menu, learning how to use the management and statistics, server-side stuff and Office 2003 integration and using SQL Server with WSS.
Modify Shared Page
You’ve actually already peeked at this option in an earlier procedure, but this area warrants more discussion. Here I’ll explain each of the options.
• Add Web Parts. You’re quite familiar with this option because you added a Web Part earlier in the chapter.
• Design this Page. It’s human nature and certainly the nature of SBSers to fiddle around. The SBS development team has provided a great start with the default Home page, but experience has shown that SBSers ask the following question early and often: “How can I modify the Home page?” Obviously, adding Web Parts (above) is one way. The other is to fiddle with the design via the option. Go ahead and play with it under the SPRINGERS methodology, as you can’t do any real harm.
• Modify Shared Web Parts. This option is to modify existing Home page elements, including the announcements, site image, and link.
BEST PRACTICE: A popular modification right here amongst SBSers is to modify the site image. You can make the page better reflect the
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
company’s image by displaying the company logo instead of the Windows Small Business Server 2003 logo. See the default site image (Windows Small Business Server 2003) in the upper right corner of Figure 7-16.
• Shared View. This reveals the shared view that you are accustomed to at this point. A change made to the Home page is observed by everyone. This is the default view in SBS 2003.
• Personal View. There is some real power in WSS in creating personal views, where different users have a different WSS experience. Remember earlier when I spoke to the EIS creation process to report financial information. This is how you might do that, allowing executives to see sensitive financial information that isn’t appropriate for the rest of the staff.
Management and Statistics
Another thing to learn all about is the Management and Statistics area. From the home page, this is easily accessed from clicking Site Settings followed by Go to Site Administration under Administration. You will now see the Top-level Site Administration page. The Management and Statistics section has a link that allows you to view site usage data, which provide the metrics that let SBSers know how effective their efforts are in delivering a compelling business portal. This is analogous to some Web monitor tools (e.g., hit counters) that are used in the world of e-commerce.
WSS Backup and Restore
There was a very interesting and timely discussion on the Yahoo! SBS newsgroup in mid-December 2003 that discussed backup options for WSS in SBS 2003. This is a dialog between two leading SBSers (note the following public discussion is unedited):
SBSer #1 thoughtfully comments with the initial posting:
Generally, if we restore an individual SharePoint file,
we need to have a file-based backup image of your SharePoint documents. As I know, there are two ways to
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
perform file-based backup for your SharePoint database. For your convenience, I included the methods below:
Method 1. Use NTBackup.
===================== According to our test, we can map the folders under \\companyweb
please follow the stepsbelow:
1. Map the \\Companyweb\Foldername
2. Run NTBackup and back up the network drive.
3. When you need to restore one file in this folder, simply run NTBackup to restore
Method 2. Use Stsadm.exe.
===================== If you have enabled the recovery of SharePoint files, you can recover a
file or list item by restoring the entire site from a backup to a subsite of http://companyweb, selecting the file or list item that you want to restore, extracting
it, and uploading it to its original location. To enable the recovery of individual SharePoint files, please use the following procedure:
1. Click Start, click Control Panel, click Scheduled Tasks, and then click Add Scheduled Task.
2. Click Next on the first page of the Scheduled Task Wizard.
3. Click Browse, go to %SystemDrive%\Program
Files\Common Files\MicrosoftShared\Web server extensions\60\Bin, and then double-click Stsadm.exe.
4. Select how often you want this task to run, and then click Next.
5. Select the time you want to run the schedule, and then click Next.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
1. Enter administrator credentials, and then click Next.
2. Select the Open advanced properties when I click finish check box, and then click Finish.
3. On the Task tab in the dialog box that appears, in the Run box, type “%SystemDrive%\Program files\Common files\Microsoft shared\Web server extensions\60\Bin\Stsadm.exe” -o backup -url http:// Companyweb –filename target path -overwrite, where target path is where you save the backup of your internal Web site. Click OK. You must type the quotation marks.
If you have enabled this before, you can follow the steps below to restore the missing files:
1. Click Start, click Command Prompt, and then type “%SystemDrive%\Program files\Common files\Microsoft shared\Web server extensions\60\Bin\Stsadm.exe” -o createsiteinnewdb -url http://companyweb/sites/RestoredSite -ownerlogin DOMAIN\administrator -owneremail administrator@DOMAIN.local
2. Type “%SystemDrive%\Program files\Common files\Microsoft shared\Web server extensions\60\Bin\Stsadm.exe” -o restore -url http://Companyweb/Sites/Restoredsite -filename target path -overwrite, where target path is the location where you chose to save your SharePoint backup. Include the quotation marks as part of the path. Press ENTER.
3. Open Internet Explorer, and in the address bar, type
http://Companyweb/Sites/Restoredsite. The site that appears is the same as your company Web site.
1. In the restored site, navigate to the missing file.
2. Right-click the file, select Save Target As, and then select a location to which to save the file.
3. Repeat steps 4 and 5 for all missing files.
4. Open your company Web site, navigate to the location where the missing files should be, and then on the SharePoint toolbar, click Upload Document.
NOTE: The second method is provided in the SBS Server help. You can findthis by the following steps:
1. Open Server Management.
2. Click Standard Management->Backup.
3. Click Restore Sharepoint files in the right pane. However, if you have not performed either method above to enable file-based backup, I am afraid that we may have
to restore the entire database.
SBSer #2 thoughtfully replies:
Just realize that there are certain things to be aware of regarding method #1:
1)
it is not a method supported by the SBS Dev
Team
2)
you need to have a separate network place on
your server pointing to the each sharepoint document library, etc. you want to back up individual files from. Note that you cannot have a single network place
just pointing to companyweb 3) NTBackup will not restore files back into the Sharepoint database. You will have to restore to an alternate location, then manually upload the file back into Sharepoint.
SBSer #1 reverts back and ends the thread:
Have to laugh though... that’s a cut and paste from a Microsoft support person posting.... but I have heard that #1 is not the preferred method. Thus my comment about using #2.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
BEST PRACTICE: Be sure to catch the comment about the Restore SharePoint Files link under Backup (Server Management, Standard Management). Right now, please click over and read the Small Business Server Help and Information page (that appears upon click) on this topic.
Server-Side: SharePoint Central Administration
Much of what we have discussed so far has been on the client computer-side. You’ve interacted with WSS from Internet Explorer from NormH’s PRESIDENT machine. But there is a server-side to WSS you should know about. In this section, you will observe the file types that are blocked from uploading and learn about the native antivirus protection. You will correctly use SharePoint Central Administration to do this (see my Best Practice in a moment about the best server-side tools to use).
1 Log on as Administrator to SPRINGERS1 with the password Husky9999!.
2 Click Start, Administrative Tools, SharePoint Central Administration.
3 On the Central Administration page, select Manage blocked file types under Security Configuration.
4 Observe the default file extensions that are blocked. You can add or delete file extensions to this list. These are file types that can not be uploaded into WSS. Click OK.
BEST PRACTICE: Compare the list of blocked file extensions here compared to SMTP sink blocked file types discussed in Chapter 6 (see the attachment blocking discussion) and shown back in Figure 4-14 when the E-mail and Internet Connection Wizard (EICW) was completed.
1 On the Central Administration page, select Configure antivirus settings under Security Configuration.
2 Click the Show me more information link and read about the requirements for virus protection in WSS. You can then click the About virus protection link to learn even more. Close the help window.
1 Select the following antivirus settings: Scan documents on upload, Scan documents on download, Attempt to clean infected documents.
2 Click OK.
3 Close the Central Administration page.
BEST PRACTICE: In Chapter 11, you will be strongly encouraged to download and install a trial version of Trend Micro’s PortalProtect for SharePoint, a WSS compliant application that will exploit the antivirus settings you just configured.
BEST PRACTICE: When I was teaching SharePoint technologies on the Spring 2003 GTM hands-on lab tour, a common challenge for students was to keep it all “straight” and remember where they were in WSS. You’ve already seen at least four ways to interact with WSS:
• Springer Spaniels Limited Home page when you launch Internet
Explorer on a client computer
• Server Management console on the SBS 2003 server machine (see Internal Web Site under Standard Management)
• SharePoint Central Administration on the server. USE THIS ONE for administrative management of WSS.
• Microsoft SharePoint Administrator. BEWARE: this is FrontPage Server Extensions management, not truly WSS. DO NOT USE THIS ONE. This is a distant sister technology to WSS.
There is actually a fourth way to interact with WSS: Web folders. To see this, go to a client machine (e.g., PRESIDENT) and launch My Network Places from the Start button. Observe the Web folders related to CompanyWeb (the default WSS virtual server in SBS 2003). At this point, you should see General Documents and Jones Family.
Subscribe to:
Posts (Atom)
