Small Business Server\Specialists and Springers

The Outspoken Wookie: APC SBSC Meeting

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Sat, 30 Aug 2008 09:17:14 PDT

Change has arrived - cutting over to SMB Dude

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Fri, 29 Aug 2008 05:29:50 PDT

Good day everyone - with the end of August at hand, I am cutting this blog over to SMB Dude and will no longer post up here.

So please join me at blog.smbdude.com

Thanks for reading HERE and I will see you THERE!

enjoy...harrybbbb
Harry Brelsford, CEO at smb nation www.smbnation.com
Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP
PS - did u know I host an annual conference in Seattle each october for SBSers and SMB consultants? This year we help launch SBS 2008 and Essential Business Server (EBS) between October 4-6!

Early bird flying away on fall wings and wind

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Thu, 28 Aug 2008 11:33:42 PDT

SMB Nation 2008 fall conference, the 6th annual, will bring Small Business Server 2008 and Essential Business Server 2008 into the world with a monster launch party plus over 40 content sessions. Be there in Seattle!

Hurry - early bird rate expires next Monday - so you still have time to save a couple $$$

thanks...harrybbb

ceo at smb nation

www.smbnation.com

Faxing in S BS 2003 [book excerpt]

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Wed, 27 Aug 2008 06:45:03 PDT

Good morning - I am harry brelsford, author of the Windows Small Business Server 2003 Best Practices book and each day I am posting up a few pages for the community. I will do this until (1) SBS 2008 ships or (2) I run out of pages!

Today we look at Chapter 9 which is faxing with the shared fax service in SBS 2003.

enjoy...harrybbbb

Harry Brelsford, CEO at smb nation www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, MCP, CNE, CLSE, CNP

PS - did u know I host an annual conference in Seattle each october for SBSers and SMB consultants? This year we help launch SBS 2008 and Essential Business Server (EBS) between October 4-6!

###

Chapter 9 Faxing

In working with SBS as both a user and consultant, I’ve noticed that the true value of some of its features can only be appreciated over time. SBS’s faxing capability is one such feature.

The faxing topic is appropriately placed here, later rather than sooner, because it is usually one of those features my clients suddenly discover well after the installation and deployment of the SBS solution. Whereas the main priorities out of the gate for most SBS sites are Internet connectivity, e-mail, and being secure, faxing is usually something I can demonstrate when things settle down and I have the client’s undivided attention. After other core SBS features, such as Outlook 2003, are accepted and widely used, the time is ripe to introduce faxing.

To balance my introduction of the faxing topic, full disclosure is necessary. I have some clients who view faxing as akin to religion. Implementing an electronic, network-based faxing solution, such as that found in SBS, acted as a key driver in their approval of the SBS network implementation project. And not only do I know this firsthand from selected clients, but I also know it from the e-mails you—the readers of my past SBS books—have sent me. Many of you commented at length how important faxing is in a small business environment networked with SBS. In fact, the dialog between reader and writer (that’s me) revealed a couple of interesting points:

• Faxing, when used, is considered very important.

• In general, SBSers were disappointed with the reliability and capability of the faxing application in the SBS 4.x era (late 1990s).

• SBSers in the past (specifically, the SBS 4.x era) have opted to deploy third-party faxing solutions, such as GFI Fax, instead of using the native faxing capabilities inside SBS.

• Readers also reported that they truly got what they paid for in fax modems. Those who went with the low-cost modems (often included with workstations) frequently experienced poor performance. Contrast that with the experience of those who invested in a superior fax modem such as the external V.Everything modem. For an investment of about $250 USD, the folks using the V.Everything modem found that they could achieve five 9’s or six sigma of reliability with the Shared Fax Service in SBS. It just flat out works!

The good news about the Shared Fax Service is that Microsoft listened over the years to the feedback on faxing within the SBS community. In the prior SBS 2000 release (the predecessor to SBS 2003), the fax application, is one area that received some of the greatest attention. And the results showed. Truth be told, it was actually a crack team of developers at Microsoft Israel who “rewrote” or reprogrammed the fax application from the ground up to take advantage of a more stable and robust Windows 2000 code base. This occurred in the summer of 2000. I share this historical insight with you because knowing how we got to where we’re at with faxing in SBS 2003 makes you wiser about the faxing function offered in SBS. That is, I’m providing historical context for ya! More important, if SBS previously lost your trust with respect to faxing, I think this release will restore that trust.

BEST PRACTICE: It’s the crime of the century. It’s the Shared Fax Service caper. It’s a big brother ripping off a little brother. What am I getting to? That the Shared Fax Service that was built for SBS 2000 just after the beginning of the new century was stolen by the Windows Server team for inclusion in the traditional Windows Server 2003 family. That’s right! The Shared Fax Service perfected for SBS was soooo good that it’s been, shall we say, borrowed for the other server products at Microsoft. In the world of intellectual property, there is certainly no greater compliment than theft, so the Fax Service

developed for SBS being co-opted for the other Microsoft Servers

operating systems is quite an affirmation of its value!

In the first part of the chapter, basic SBS faxing is defined as well as configured. You will also learn how to send and receive a fax. In the second half of the chapter, I discuss fax reporting and other advanced fax topics.

Beyond Remote Desktop in SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Tue, 26 Aug 2008 09:37:51 PDT

Hi gang - I am Harry Brelsford, the author of Windows Small Business Server 2003 Best PRactices and I am writing this today from Ocean Shores WA where I am fitting in a few vacation days before fall!

Each day - I like to post up a few pages from my book for your reading pleasure. I will do this unitl SBS 2008 ships and my new Small Business Server 2008 Blueprint book is on the shelves (around November 12th).

Today is a guest column from Frank Ohlhorst, well-known industry media guy now at Ziff-Davis. He speakes towards looking beyond RDP or remote desktop in SBS 2003. This concludes Chapter 8 of my book.

cheers....harrybbbbb

Harry Brelsford | CEO at SMB Nation | www.smbnation.com

Microsoft Small Business Specialist SBSC, MBA, MCSE, MCT, CNE, CLSE, CNP, MCP

And don't forget my SMB Nation 2008 fall conference is just five weeks aways in Seattle where we host a SBS 2008 and EBS 2008 luanch party!

Beyond Remote Desktop, the path to remote control.

Frank J. Ohlhorst

Small Business Server 2003 does a wonderful job of bundling remote access capabilities, but there are some drawbacks to how the product goes about that.

First off, there are some minimum requirements that must be met for those features to be viable, namely having Windows XP professional on the client PCs. That requirement leaves those using earlier operating systems out in the cold. Another limitation is that Microsoft’s Remote Desktop Connection uses Terminal Services, in other words it is a remote session, not a remote control solution. That prevents sharing the desktop with a remote user, a key requirement

for training or troubleshooting problems remotely. To overcome those limitations, integrators can turn to several third party

vendors for remote control packages, ranging from Symantec’s PCanywhere to hosted services such as GoToMyPC.com, but selecting one of those products requires an additional expense, which can be a hard sell, especially as SBS2003

includes the “remote desktop connection” feature. Savvy integrators can turn to a freeware/open source product called VNC

(Virtual Network Computing), which can be downloaded from www.realvnc.com. What makes VNC unique (beyond it being free) is that it is a multiplatform

product, in other words you can control a windows system from a linux system or solaris system or vice versa and VNC is quite compact and easy to use. VNC is a two part product, there is a server component and viewer component. The server component is installed on the system to be controlled, while the remote user uses the viewer component to take control of a remote system. VNC is a barebones product, and just offers basic remote control capabilities, with that in mind there are a few tricks integrators need to know to use the product. First off, VNC will not search for a system on the network, you must know the destination system’s IP address. Secondly, you will need access to the internal network to connect to a system. That can be a problem, but one easily solved by

Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

just using the included VPN server that comes with SBS2003. Once you have established a VPN connection, just input the IP Address of the target PC into the VNC viewer application, enter a password and the remote control session becomes active.

While third party products may offer more robust features, such as file transfer and search features, integrators will find that VNC fits the bill for most remote support needs and at a price that can’t be beat.

Summary

I started the chapter emphasizing how important it is for mobile workers to have robust remote connectivity. SBS 2003 is positioned very well to support these individuals with services such as the amazing RWW and an impressive update to OWA. You were educated on other mobility matters such as VPN and Terminal Services. So now it’s your moment to fly away and join the ranks of the upwardly mobile!

See you next chapter.

funny hahah - did I really just say that!?!?!?

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Mon, 25 Aug 2008 16:11:21 PDT

The small business technology consultant is hyper-sensitive to being sold to or duped by vendors or sponsors.

Harry Brelsford, founder and CEO of SMB Nation.

Read: http://www.echannelline.com/canada/story.cfm?item=DLY082508-4

Advanced Mobility in SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Mon, 25 Aug 2008 11:18:09 PDT

Happy late August Monday to y'all!
I am the author of Windows Small Business Server 2003 Best Practices and each day, out of the kindness of my heart (not!?!?) I post up a few pages of my book for you to read. I will do this until SBS 2008 ships this fall.
Today we explore advanced mobility topics at the end of Chapter 8.
cheers...harrybbbb
Harry Brlesford | ceo at SMB Nation | www.smbnation.com
Microsoft Small Business Specialist, SBSC, MBA, CNE, MCSE, MCT, CLSE, CNP, and MPC
ps - I host an annual SBS and SBSC conference in Seattle each October - this year we celebrate SBS 2008 - see u there?

Advanced Topics

How ‘bout an advanced bushel of “quick hitters” on mobility and remote connectivity before we move on to the next chapter? Cool!

• VPN and Terminal Services expectation management. Something I spend tons of time on in my SMB Consulting Best Practices book relates to VPN versus Terminal Services. An SBS customer will hear the VPN buzz word and ask you to come out to their house and set it up so that she can VPN into to SBS network back at the office. Upon completing your

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

8-58

Section 2 ☛ Extending SBS 2003

duties, she is disappointed that “nothing changed” and the only evidence is a dancing green computer in the lower right. Turns out many customers really want to use Terminal Services with its coolness of having a remote session, but they didn’t know to ask for it.

•
HTTP compression is enabled by default. One of the buzz words floating around building 43 in Redmond, where the Microsoft SBS development and marketing teams are housed, is HTTP Compression. HTTP compression speeds up OWA and is turned on by default in SBS 2003. To see for yourself, expand Advanced Management in the Server Management console. Expand SPRINGERSLTD (Exchange), Servers, SPRINGERS1, HTTP. Right-click on Exchange Virtual Server and select Properties. Select the Settings tab. Observe that Compression is set to High.

•
Shared Modem Service removed. I mentioned it earlier in the book

and it’s true. The Shared Modem Service, which facilitated outbound remote connectivity (such as dialing up a bulleting board system), can not be natively accomplished in SBS 2003. But leave it to Burl, the SBS consultant who works for me, to find a couple of third-party modem-sharing solutions: Spartacom (www.spartacom.com/products/ modemshare.htm) and DialOut/Server (www.pcmicro.com/ dialoutserver/).

BEST PRACTICE: So you’re thinking about pulling a fast one, eh? Not so fast, pardner. When you upgrade from SBS 2000 to SBS 2003, you lose the Shared Modem Service. So the old upgrade switch-a-roo won’t work, buddy boy. Sorry.

• KBase article 821438. As of this writing, you should put this on your SBS 2003 radar screen for RWW. This article, titled “FIX: Antivirus Programs May Cause Some Web Applications to Restart Unexpectedly,” relates to SBS 2003 in that RWW might be affected by this (your antivirus program could impact RWW).

• License Ticks. This is an interesting question from SBS 2003 hands-on labs students, in nearly every town, related to RWW and licensing. Basically some folks were looking for a way to purchase few client access licenses (CALs) and have many folks log on remotely (essentially for free). The answer I received from a Microsoft product manager was “No and no!” The Windows authentication process during the RWW logon “ticks” against the SBS CAL count. You gotta pay full freight for the remote users.

• Third-party. Third-party mobile worker/remote connectivity solutions you could be aware of include Symantec’s infamous PCAnywhere (version 11, $199.95). A popular grassroots solution is VNC (www.realvnc.com) shareware that relies on contributions, t-shirt sales, and mouse pad sales). Take a look at GoToMy PC, which was acquired by Citrix in late December 2003 (see the CRN article at www.crn.com/ sections/BreakingNews/breakingnews.asp?ArticleID=46811). Also consider learning more about NetSupport 8.1 as a remote management tool (www.mcpmag.com/reviews/products/article.asp?EditorialsID=458). See Frank Ohlhorst’s column in a moment.

Next Steps

You guessed it. Forward to dig deeper into the remote connectivity area. There are entire books on remote connectivity, VPN, and the like. A quick search at Amazon revealed several capable books on VPN computing, such as Stephen Northcutt’s Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems (Que, ISBN: 0735712328).

Download next week's SMB PC magazine TBA Cover Story

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Sun, 24 Aug 2008 09:25:40 PDT

hey gang - just a lazt summer sunday post-up.

You can now download next week's SMB Partner Community magazine.

The cover story from Robert Cohen really fits this group with the TBA discussion in SMB....selling the business services\consulting instead of being a box pusher.

there is also extensive WPC Houston coverage including a tell all photo essay....see Jeff Middleton standing next to a short MS RP product manager....man Jeff is tall!

Download now: http://www.smbnation.com/products_listpage.asp?Category=Publications&Category2=Magazine

(most of you will receive in the mail next week = if you want printed version - you must JOIN THE TRIBE at www.smbnation.com)

cheers...harrybbbb

T-41 days to SMB Nation Fall Conference :)

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Sun, 24 Aug 2008 09:12:27 PDT

Get Your Geek On – SMB Nation 2008, October 4-6, 2008, Seattle

Join hundreds of Small Business Specialists to learn more about Windows Small Business Server 2008, Essential Business Server and Microsoft Response Point plus many other technologies. BusinessSpeak track features sales activation content, issues sensitive to owners and much more. How To track provides practical hands-on business knowledge that you can apply immediately. Visit www.smbnation.com to sign up. Extended tuition payment plans available.

PRESS RELEASE

SMB Nation 2008 Fall Conference to Hold Launch Party: Small Business Server 2008 and Essential Business Server 2008.

MarketPlace Expo SOLD OUT!

Seattle, WA – August 22, 2008 - Boasting a completely sold out tradeshow hall and host hotel, SMB Nation 2008 will hold a Small Business Server 2008 (SBS) and Essential Business Server (EBS) LAUNCH PARTY on the Saturday night of its October 4-6, 2008 annual conference in Seattle. A 58’ Hatteras yacht will be christened the M.V. SBS 2008 on the pier at the party.

When: Saturday, October 04, 2008
Where: 2211 Alaskan Way, Pier 66 Seattle, WA 98121

Webinars: SBS 2008 security, merger and acquisitions with your SBS consultancy, more

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Sun, 24 Aug 2008 08:51:54 PDT

hey gang - got a couple Webinar coming you way over the next few weeks....see ya there!

August 28, 2008 2PM PDT (UTC-7) Last Call for SMB Nation 2008 Fall Conference
September 9, 2008 9:00AM PDT: Security and SBS 2008 Webinar with Untangle
September 10, 2008 8:00AM PDT: Time To Sell Your SMB or SBS Consulting Practice?

cheers....harrybbbb

Harry Brelsford, CEO at SMB Nation, www.smbnation.com

Microsoft Small Business Specialist and SBS 2003 author!

ps - did u know I am holgin a SBS 2008 and EBS 2008 launch party on October 4th in Seattle?!?!?

SBS 2003 and Terminal Servcies [book excerpt]

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Sun, 24 Aug 2008 08:12:11 PDT

g’day folks - I am harrybbbb, the author of Windows Small Business Server 2003 Best Practices and I am delighted to give away my book - I am posting up a few pages per day until SBS 2008 ships!

Today we take a quick peek at Terminal Services in SBS 2003.

enjoy…harrybbbb

Harry Brelsford

CEO at SMB Nation www.smbnation.com, Microsoft Small Business Specialist, SBSC, MBA, CNE, MCSE, MCT, CLSE, CNP, MCP….whew!

ps - I am holding a raging SBS 2008 and Essential Business Server 2008 launch party in Seattle on October 4th…be there!

###

Terminal Services

An oldie but a goodie in the world of mobility and remote connectivity is Terminal Services. Funny how times change. My Small Business Server 2000 Best Practices book had an entire chapter dedicated to Terminal Services. This book has a mere section of discussion, as Terminal Services has become a well-established remote management tool that doesn’t warrant extensive discussion in the SBS 2003 time frame.

Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

By default, Terminal Services is implemented in remote administration mode. This allows two users to connect remotely for administrative and management purposes without special licensing. Terminal Services has another mode called “application sharing mode” that is most commonly associated with a server machine (acting as a member server) dedicated to serving Terminal Services sessions to many remote mobile workers simultaneously.

BEST PRACTICE: I mentioned it early in the book and I’ll do so again. Never ever place Terminal Services in application sharing mode on the SBS 2003 server machine. Microsoft doesn’t give you the option to do this with SBS 2003 and please don’t delve deep under the hood to try and figure out how to do it!

With Terminal Services, you enjoy a remote computing session with the server, with only screen activity passed to the remote client computer. This results in a very “fast” remote computing experience, but it’s not as a network node. It’s kinda like PCAnywhere just pushing screens! But remember that in its native form (remote administration mode) in SBS 2003, Terminal Services is designed to manage the server machine (again, an additional member server would be the way for everyone to enjoy Terminal Services).

BEST PRACTICE: I’d be remiss if I didn’t honor the fact that Terminal Services has some funky licensing issues. Read the latest at www.microsoft.com/terminalservices.

You will work with Terminal Services again in Chapter 11 to manage the SBS 2003 network for SPRINGERS.

SBS 2008 exam in BETA until Sept 12th = take for free!

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Sat, 23 Aug 2008 15:46:10 PDT

Tell em harrybbbb sent ya!

http://msmvps.com/blogs/herlesonpontes/archive/2008/08/22/1645564.aspx

Harry Brelsford
SMB Nation www.smbnation.com

Under the hood VPN looksy in SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Sat, 23 Aug 2008 15:35:13 PDT

Happy HOT summer Saturday to you - at least if you are reading in North America!

I am the author fo Windows Small Business Server 2003 best Practices (SBS 2003) and I am posting up a few pages per day unitl SBS 2008 ships!

Today the topic is a under-the-hood lookat SBS 2003's VPN/ architecture. Enjoy!

cheers....harrybbbb

Harry Brelsford

CEO at smb nation, www.smbnation.com Microsoft Small Business Specialist (SBSC), MBA and other goodness like CNE, MCSE, MCT, CLSE, CNP

PS did u know I host a major rager SBS conference in early october in Seattle?

###

Under the Hood: VPN

So what’s the technical view of the VPN connection just made? Figure 8-32 shows the port-activity related to the VPN connection.

Figure 8-32

Observe that Port 1723 is being used for the VPN connection between a remote computer and SBS 2003.

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

BEST PRACTICE: Regarding the day-to-day use of VPN connectivity in SBS 2003, I suggest you view this as a dial-on-demand approach. Whenever I’ve seen SBS sites that view the VPN area as full-time, 7/ 24 connectivity between branch offices, I’ve actively discouraged such thinking, because SBS isn’t positioned as a branch office solution. But it’s fine if a traveling Norm Hasborn needs to VPN into the SPRINGERS network to do some voodoo.

VPN and NAT-T

Finally, it’s beyond the scope of this text and it’s something I’ll pursue in the advanced SBS book later (with step-by-step procedures), but be advised there is an issue with respect to having VPN connections when you place a hardware-based firewall router out in front of SBS 2003 and want to tunnel into the SBS network (especially if you’re adhering to the best practice of a dual firewall). This area is NAT-T over IPSec across the firewall. Technically speaking, IPSec NAT Traversal (NAT-T) allows IPSec clients and server to work when behind a NAT. To use NAT-T, both the remote access VPN client and the remote access server must be IPSec NAT-T-capable. IPSec NAT-T provides UDP encapsulation of IPSec packets to enable Internet Key Exchange (IKE) and Encapsulating Security Payload (ESP)-protected traffic to pass through a NAT. IKE automatically detects that a NAT is present and uses User Datagram Protocol-Encapsulating Security Payload (UDP-ESP) encapsulation to enable ESP-protected IPSec traffic to pass through the NAT.

IPSec NAT-T is supported by the Windows Server 2003 family. As such, it’s supported in SBS 2003. Your next step might be to delve deeper into the issue with the Microsoft Press Windows Server 2003 Resource Kit or look up some articles on TechNet.

VPN and SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Fri, 22 Aug 2008 19:28:19 PDT

Hello folks - I am the author of the Windows Small Buisness Server 2003 Best Practices book (ye olde purple book) and I am posting up a few pages per day because (1) I own the copyright and (2) I like helping folks!

Today we are deep into Chapter 8 discussing mobility and remote access. The topic is Virtual Private Networks (VPN) in SBS 2003.

BTW - I will keep postung up unitl SBS 2008 ships!

cheers...harrybbbb

Harry Brelsford

CEO at SMB Nation | www.smbnation.com

Microsoft Small Business Specialist (SBSC), MBA, MCSE, CNE, MCP, MCT, CLSE and CNP - man - I am tired from earning those titles!

ps - we are hosting the SBS 2008 and Essential Business Server EBS launch party in Seattle at our fall conference in early October...see ya there!

###

VPN Connectivity

Building on the high-level VPN discussion we had in Chapter 5, this section is gonna do the step-by-step thing to have Norm Hasborn VPN in from his trusty HP Evo N800c laptop.

BEST PRACTICE: If you have run the Remote Access Wizard, you can then run the Connect My Remote Computer to the Network link in RWW to install Connection Manager on the mobile laptop or home computer. Here is the key point. Connection Manager automates the process of establishing a VPN connection to the SBS

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

2003 network. Connection Manager can be used across any type of connection (such as dial-up modem).

Connection Manager can be installed three ways:

• Add User Wizard/Setup Computer Wizard: You can specify that Connection Manager should be installed for a user on a machine. Revert to discussion in the latter part of Chapter 4 to refresh your memory on this. This approach will place a shortcut on the client computer desktop to run Connection Manager and initiate the VPN session.

• Connection Manager diskette. Yes, diskettes still exist in SBS 2003! This diskette can be created and given to an employee to take home to easily set up the VPN connection to the SBS 2003 network. Create the Connection Manager diskette from the Create Remote Connection Disk link on the Manage Client Computers page under Standard Management in the Server Management Console.

• RWW: Pick Download Connection Manager from RWW, which is what we’ll do in the following procedure.

BEST PRACTICE: Connection Manager will only work with a FQDN that you’ve registered as a resource record with your ISP to point to the wild-side NIC card on the SBS 2003 server machine. If you want to use the wild-side IP address, you’ll have to configure the connection manually.

VPN Step-by-Step Procedure

Time to have Norm VPN into SPRINGERS!

1 Log on locally as NormH using the password Purple3300 on his laptop, NormLap.

2 Click Start, Internet to launch Internet Explorer.

3 Type springers1.springersltd.com/remote in the Address field.

4 Respond affirmatively to the security alerts (OK, Yes)

5. On the RWW logon screen, log on as NormH with the password Purple3300. But if you want to avoid the message in Figure 8-30, then deselect the I’m using a public or shared computer checkbox.

Figure 8-30

Microsoft will not allow Connection Manager to run on a public or shared computer.

6. Select Download Connection Manager. Click OK after reading the warning that you should ensure all users have strong passwords after you install Connection Manager.

7. Click Open on the File Download dialog box to open Connection Manager (sbspackage.exe).

8. Click Yes when asked if you want to install the connection to SBS 2003 in the Connect to Small Business Server dialog box. The installation process commences.

9. On the desktop, double-click on the Shortcut to Connect to Small Business Server.

10. Complete the Connect to Small Business Server logon box, as seen in Figure 8-31. Type NormH in the User name field, and Purple3300 in the Password field. Click Connect. Your computer will be registered on the SBS network.

Notes:

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 8-31

Simple stuff, Maynard! Connecting via the Connection Manager approach shields users from having to manually configure the VPN stuff on their computer.

You have now established a VPN connection to the corporate network and the client computer acts as a “node” on the LAN at this point. The visual evidence of this will be a green dancing computer (connection icon) in the lower right corner of the screen. VPN connections are often appropriate to access network resources from afar and run business databases (where you truly need to be a network node).

SMB Nation 2008 Sold Out (?) and Launch Party

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Fri, 22 Aug 2008 09:46:36 PDT

PRESS RELEASE

SMB Nation 2008 Fall Conference to Hold Launch Party: Small Business Server 2008 and Essential Business Server 2008.

MarketPlace Expo SOLD OUT!

Seattle, WA – August 22, 2008 - Boasting a completely sold out tradeshow hall and host hotel, SMB Nation 2008 will hold a Small Business Server 2008 (SBS) and Essential Business Server (EBS) LAUNCH PARTY on the Saturday night of its October 4-6, 2008 annual conference in Seattle. A 58’ Hatteras yacht will be christened the M.V. SBS 2008 on the pier at the party.

“With the SBS 2008 release-to-manufacturing (RTM) yesterday, we are thrilled to be timed perfectly for the SBS 2008 and EBS 2008 products debut and look forward to toasting its great success,” said Harry Brelsford, founder and CEO of the 20,000 member SMB Nation. “Our conference is uniquely positioned to motivate and educate the small and medium business (SMB) technology consultant, channel partner and computer guy and gal!”

SMB Nation 2008 appears to be outperforming similar technology events with the complete sellout of the MarketPlace Expo tradeshow hall and with attendance figures ahead of last year. “We believe the 600+ attendees will be treated to a unique educational experience and BE THERE for the start for the next generation of SBS and the first release of EBS!” Brelsford added. Over three busy days and nights, attendees will select from three (3) academic tracks including BusinessSpeak, GeekSpeak and “How To” that provide bona fide content without “being sold to.” SMB Nation 2008 has even added a “Speakers Behaving Badly” hotline where attendees can report any speaker from the 40+ content sessions that make commercial statements to insure the most pure attendee experience possible. “We want to avoid the wolf in sheep clothing phenomena,” emphasized Brelsford.

Sponsors and attendees will meet in the spacious Bell Harbor Conference Center. “At a time when similar technology shows are behind plan, we are ahead of plan” said Brelsford. “We believe this underscores the strength of the SMB segment and the optimism our sponsors have about the SBS 2008 and EBS 2008 opportunity.” Intel and Trend Micro are the platinum sponsors leading the event followed by HP and Microsoft. Gold sponsors include Autotask, CMIT Solutions, Aastra, SonicWall and Labtech. Silver sponsors include D&H, The Planet, Connectwise, Citrix, N-able, Reflexion, Tigerpaw Software, Nero, 19Marketplace, Symantec, StorageCraft, Acronis, Calyptix, MaxSP, Doyenz, EMC Retrospect, Quanta\Syspine, Zenith Infotech, Linked In, Backup Assist, CRU DataPort and WatchGuard. Bronze sponsors include Netgear, Untangle, CTL Computers, Level Platforms (LPI), MSP Partners, Linksys by Cisco, Comcast, Diskeeper, Expetec, New Global Telecom (NGT), Pronto Marketing, eFolder, CoreConnex, Highly Reliable Systems, SMB Books & Results Software, Technology Marketing Toolkit, Napera Networks, Independent Computer Consultants Association (ICCA) and Integrated mar.com.

Attendees can expect a high-quality conference with content that has been rigorously scrutinized by esteemed industry conference chairs (Dana Epp, Mikael Nystrom, Curt Hicks and Joe Moore). That has resulted in outstanding speaker selections such as Jeff Middleton, Susan Bradley, Ramon Ray and Amy Babinchak and popular topics such as How to Sell Your SBS\SMB Consulting Practice and Security in SBS 2008.

“So the last question is this. Where will you be October 4-6, 2008?” concluded Brelsford. Attendees can learn more and register at www.smbnation.com.

About SMB Nation
Founded ten years ago by Small Business Server author Harry Brelsford, Bainbridge Island, Washington-based SMB Nation supports small and medium business technology consultants to improve their business and technical skills with publications (books, SMB PC magazine) and events (SMB Nation conferences and workshops). SMB Nation boasts worldwide tribal membership in 30+ countries exceeding 20,000 consultants, resellers, VARs\VAPs and channel partners. Harry Brelsford is a Microsoft Small Business Specialist (SBSC) and holds an MBA from the University of Denver in addition to MCSE, MCT, MCP, CNE, CLSE and CNP certifications.

Contact:
Harry Brelsford
CEO, SMB Nation
206-915-3072
harryb@smbnation.com

Harry Brelsford | CEO | SMB Nation, Inc. | www.smbnation.com
Please attend our SMB Nation 2008 fall conference, October 4-6, 2008

Read Harry's SMB Dude Blog here
Download your copy of SMB PC magazine here

SBS 2008 Released To Manufacturing RTM

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Thu, 21 Aug 2008 12:53:31 PDT

Folk - in your hands in early October - just in time for the SMB Nation 2008 fall conference in Seattle (Oct 4-6). Details at www.smbnation.com.

This from Microsoft:
We are very excited to announce the RTM of Small Business Server 2008 today! This is a huge milestone for the team here, as well as all of you who have played a pivotal role in providing feedback on this product. We on the product team want to say "THANK YOU!" for the hours you've spent installing builds, discussing issues on the newsgroups, and filing all of those bugs we love! The SBS Community CANNOT be topped, and this release is just another example of that!
What's next?
• We'll be making the Evaluation builds available on the Microsoft CARE site within a month
• Complimentary Not for Resale copies of SBS will be awarded to Beta participants, based on participation.details from Kevin Beares coming soon!
• RTM product to be available in Retail and Volume Licensing early October, stay tuned to your favorite OEMs for launch plans
Please join us in celebrating this important day! We couldn't have done it without you!
Cassie Hicks and Dean Paron
Windows Small Business Server 2008

Remote Outlook Use in SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Thu, 21 Aug 2008 09:04:25 PDT

Hi there - I am HArry Brelsford, the author of the Windows Small Business Server 2003 Best Practices book and each day a I post up a few pages for your reading pleasure. I will do this until SBS 2008 ships!

Today is the REMOTE USE of MICROSOFT OUTLOOK in an SBS 2003 world. Guess I am shouting for empahsis, eh?

Anyways - until tomorrow - harrybbbbb

Harry Brelsford |CEO at SMB NATION | www.smbnation.com

Microsoft Small Business Specialist (SBSC) and other non-sense like an MBA!

ps - I hold an annual conference each year in Seattle for SBSers...this year is early October to discuss SB S 2008 and EBS 2008.

###

Real Outlook 2003 Used Remotely

This section speaks to the ability to utilize your real Outlook 2003 client application across the Internet and connect to your SBS 2003 server machine. This might be used in lieu of OWA. There are two ways to make real Outlook speak to SBS 2003’s Exchange Server 2003 messaging application: VPN and RPC over HTTP. The VPN method is fairly straightforward. You simply establish a VPN connection (discussed in the next section below) and launch your Outlook 2003 client application. Your mailbox is then presented to you.

But a more hip, cool, and exciting way to remotely connect your Outlook 2003 client application to SBS 2003 is to use RPC over HTTP. RPC, which stands for “remote procedure call,” is how Outlook 2003 communicates over with Exchange Server 2003 on a local area network (LAN). The difference is that you are going to do it remotely over the Internet without having to first establish a VPN connection or present other authentication stuff like smart cards or security

tokens. This allows a remote worker to use real Outlook 2003 and get through the firewall.

BEST PRACTICE: Be advised there are some minimum requirements to using this cool messaging retrieval method. The client computer must be running Windows XP Professional with XP Service Pack 1 (SP1) and have the Microsoft Knowledge Base article 331320 updates installed. You must be running SBS 2003 (which includes Windows Server 2003 and Exchange Server 2003). The Exchange Server 2003 must be configured to allow connections via HTTP (fortunately, this is enabled by default in SBS 2003). You can see HTTP connection support in Exchange Server 2003 in SBS 2003 from Start, Server Management, Advanced Management, SPRINGERSLTD (Exchange), Servers, Springers1, Protocols, HTTP, Exchange Virtual Server. Notice the virtual server is configured and running (compare this to the POP3 virtual server that is not).

Given the baseline prerequisites have been met, complete the following procedure.

1 On the remote client computer (NormLap), have NormH log on locally with the password Purple3300.

2 Launch Outlook 2003 from Start, E-mail. If this is the first time you’ve launched Outlook 2003, complete the configuration screens to configure Exchange e-mail to point to SPRINGERS1 for the user Norm Hasborn.

3 Click Tools, E-mail accounts. The E-mail accounts wizard commences.

4 Select View or Change existing e-mail accounts and click Next.

5 Select the Exchange e-mail account on the E-mail Accounts page and click Change.

6 Click More Settings and select the Connections tab on the Microsoft Exchange properties dialog box.

7 Under Exchange over the Internet, select Connect to my Exchange mailbox using HTTP. This is shown in Figure 8-27.

Notes:

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 8-27

Selecting the option to connect over the Internet to your Exchange-based mailbox.

BEST PRACTICE: So let me guess. You don’t see the menu option in Step 7 above. If that is the case, you didn’t download and apply the patch specified above (331320). This can be found as www.microsoft.com/technet by entering 331320 in the Search field. The Microsoft search result should look similar to article page in Figure 8-28. Apply it now and restart the above procedure. See you back at Step 7, mate!

Notes:

Figure 8-28

Download and install this to complete the Outlook 2003 RPC over HTTP example.

8. Click on the Exchange Proxy Setting button.

9. Complete the Exchange Proxy Settings screen with https://springers1.springersltd.com and verify the Connect using SSL only checkbox is selected. This is shown in Figure 8-29. Accept the default settings and click OK.

10. Click OK to close the Microsoft Exchange properties dialog box.

11. Click OK when notified you will need to restart Outlook.

12. Click Next on the E-mail Accounts wizard, followed by Finish.

13. Close and start Outlook again. Outlook 2003 will appear and ready for your use.

Notes:

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 8-29

Completing the final RPC over HTTP steps for Outlook 2003.

BEST PRACTICE: How ‘bout a little bit more discussion on RPC over HTTP. Try on this advanced stuff for size. As you might have guessed, Outlook 2003 is capable of wrapping an HTTP/HTTPS header around each MAPI RPC request. This gives Outlook 2003 the capability of communication to the Exchange Server using direct HTTP or HTTPS. With the correct configuration (such as you did above), this feature allows a rich client experience to a corporate mailbox server over the Internet (as you know by now) where no RPC ports or VPN are required. Where Exchange front-end servers have been deployed in the DMZ, these act as RPC/HTTP proxy servers to the back-ends on the corporate network (oops - I just went beyond the scope of SBS there).

The Windows RPC over HTTP feature provides an RPC client (in this case, Outlook 2003) with the ability to establish connections across the Internet by tunneling the RPC traffic over HTTP. Because standard RPC communication is not designed for use on the Internet and doesn’t work well with perimeter firewalls, RPC over HTTP makes it possible to use RPC clients in conjunction with perimeter firewalls (again, this is kinda beyond the scope of SBS). If the RPC client can make an HTTP connection to a remote computer running Internet Information Services (IIS), the client can connect to any available server on the remote network and execute remote procedure calls. Furthermore, the RPC client and server programs can connect across the Internet - even if both are behind firewalls on different networks.

So now for a real advanced issue! You and I have likely read popular trade journal media stories that the RPC stack on Windows (NT/ 2000/XP/2003) having been exploited by hackers (Blaster). Hell you might have seen it! So is RPC over HTTP vulnerable to this type of attack? Nope would be the official reply. Nope because only authenticated users are allowed access to RPC over HTTP. That’s why you’re prompted to log on in again when you try to get Outlook to connect to the Exchange server using RPC over HTTP. The cited exploit could only use anonymous access to RPC.

And that’s that!

Exchange ActiveSync in Windows Small Business Server 2003 (SBS)

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Wed, 20 Aug 2008 08:27:51 PDT

Good day everyone - I am posting up a few pages per day from my book Windows Small Business Server 2003 Best Practices (da purple book) for your pleasure until SBS 2008 ships!

Today in Chapter 8 we explore Exchange ActiveSync - enjoy the ride...

cheers...harrybbb

HArry Brelsford CEO at SMB NAtion www.smbnation.com

Microsoft Small Business Specialist - SBSC - MBA - MCSE - MCP - CNE - MCT - CLSE - CNP

PS - did u know we are holding a big SBS 2008 and EBS 2008 launch party in early October 2008 in Seattle at our SMB Nation 2008 conference!

###

Exchange Server ActiveSync
Sync directly and with high levels of security to your Exchange mailboxes from Microsoft Windows powered devices such as Pocket PC 2002, the Pocket PC Phone, and Windows Powered SmartPhone. Stay in direct contact over the air with a server running Exchange 2003 so you can:
• Work both online and offline. Synchronize your e-mail messages, calendar, and contacts based on various settings from your device. Syn¬chronization can be on-demand or scheduled. When coupled with Out¬look Mobile Access, you can gain access to your Tasks list and the Global Address List.
• Get up-to-date notifications. Receive specially formatted short mes¬sage service (SMS) messages from Exchange 2003 that wake up your Windows-powered device and prompt your device to initiate a synch.

This feature, new in Exchange 2003, enables you to set the conditions of these alerts by using your Inbox rules.

• Choose your synchronization method. Select from on-demand or scheduled synchronization. This includes remote access to your e-mail messages, calendar, and contacts list, and when coupled with Outlook Mobile Access, you can gain access to Tasks list and the Global Address List.

Those of you who have had Pocket PCs for a while are familiar with cradling the device at your desktop as you synchronize. You must have Outlook running on the desktop while you use Outlook to synchronize and connect to the Exchange Server, and as soon as you remove that device from the cradle, you’re out of sync. That’s not the case anymore with Exchange ActiveSync. You can still use the cradle, but you can also synchronize directly to Exchange over a wireless connection. Exchange ActiveSync does integrate with the desktop ActiveSync. So any settings you’ve created from your desktop translate over to the device and can be altered there. Any settings from the device translate over to the desktop.

Outlook Mobile Access (OMA) in SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Tue, 19 Aug 2008 06:25:29 PDT

Hello-hello! I am Harry Brelsford, author of the Windows Small Business Server 2003 Best Practices book and each day I am posting up several pages from this purple book. I am delighted to report that we start the subject of Outlook Mobile Access (OMA) from Chapter 8 with today's post. Good stuff!

enjoy....harrybbb

Harry Brelsford | ceo at smb nation | www.smbnation.com

Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT, MCP, CNE, yadda yadda yadda

PS - did u know we are hosting a SBS conference in early october in Seattle?

###

Outlook Mobile Access

Back in Chapter 6, I wrote about forwarding e-mails to your cell phone. The forwarding works, but an even better solution is to use the newly included feature of Exchange 2003 and SBS 2003 called Outlook Mobile Access (OMA). OMA is simply OWA for web-enabled phones and PocketPC browsers. The basic features of OMA were formerly offered in Mobile Information Server 2002 and also in third party devices - now they are free!

During the SBS 2003 launch events, I met Kim Walker in Columbus, Ohio. Everyone has a gadget that they can’t live without and Kim’s addiction is e-mail on her cell phone. She has been using and managing third-party add-ins for several years and is promoting the feature to her clients. Kim has offered up some OMA info and best practices. She’s the OMA Momma and what follows in this section are her words! Go Kim!

Defining OMA

OMA offers a live text interface to your e-mail messages, calendars, tasks, and contacts. It replaces third-party add-ins at client computers or on additional servers. Therefore, it helps lower the total cost of ownership by reducing the need to deploy additional mobile server products in the corporate environment and by utilizing one mobile user device instead of multiple devices.

OMA supports Wireless Application Protocol (WAP) 2.x as well as XHTML browser-based devices, full HTML browsers and i-Mode devices such as mobile phones and personal digital assistants (PDAs).

OMA Server-Side

From the server-side, OMA setup is very simple. OMA is easier to manage than third party or desktop applications - everything is configured through Exchange System Manager. One important note is that in Standard Exchange Server 2003, OMA is disabled by default, but within SBS 2003 the default is OMA enabled (Figure 8-21).

Figure 8-21

The default Mobile Services Properties for Exchange has everything enabled.

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

Notice the section titled Enable unsupported devices. Many devices have not been fully tested by Microsoft and are not on the supported device list. By default this box is checked, allowing a user to access Exchange on theses untested devices. The user gets an error that says: The device type you are using is not supported. Press OK to continue. This is shown in Figure 8-22. Once you press OK on the device, the service is generally available.

Figure 8-22

This is a screenshot from a mobile phone showing a failed connection.

BEST PRACTICE: Keep the Enabled unsupported devices checkbox

selected.

You can grant OMA access on an individual case-by-case basis. Say Norm Hasborn, owner of SPRINGERS, gets a new cell phone and doesn’t tell you. If Outlook Mobile Access is disabled for him (see Figure 8-23), he might test out OMA and get an error. He won’t have OMA access until he calls you, the SBSer, for support.

Figure 8-23

You can disable Mobile Services for individual user.

BEST PRACTICE: If you decide to manually add a user e-mail alias rather than run a custom recipient policy, your user will get an error accessing OMA: Item no longer exists. The item you are attempting to access may have been deleted or moved.

OMA Client-Side

From the client-side OMA is also fairly simple. It does not have all of the bells and whistles some third-party software has had, but it is definitely functional. OMA is customized for low-bandwidth high-latency type environments, but it still has the same feature set. Reply still means reply. Decline a meeting still means decline a meeting.

Time to use the SPRINGERS methodology where you will send an e-mail, enter contact records, and perform other such tasks from OMA. OMA can be

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

accessed from a desktop computer as well - you don’t have to have a mobile device. In fact, if you are using your laptop in a location with a very slow connection, OMA will get you to your e-mail without any OWA overhead.

Sending an E-mail

Time for some step-by-step to have NormH check his e-mail.

1 From the mobile device, point your browser to the following address: http://springers1.springersltd.com/oma.

2 At the Authentication required screen, type NormH in the User field and click OK.

3 On the Password screen, enter Purple3300 and click OK.

4 If you get the device type not supported error (wording may vary), click OK.

5 You are taken to the Exchange Mailbox for the user (Figure 8-24). You can scroll (down arrow on cell phone) to see all of the Mailbox options (such as Calendar, Contacts, Tasks, etc.).

Figure 8-24

The OMA-based Mailbox on the mobile phone.

6. To read Norm’s inbox, press the 1 or the Go menu button.. This will bring you to his Inbox listing (Figure 8-25).

Figure 8-25

This is an Inbox on a mobile phone.

The asterisk on the first message in Figure 8-24 means that this is unread. Also notice the second message is the Standard SBS 2003 Server Performance report

-it might take a little while to read through on the small screen, but in a pinch it’s great. To read any message just select Go while highlighted or hit the corresponding number (there will not be numbers in standard Internet Explorer form a desktop). OMA provides full-featured e-mail functionality, including compose new, read, reply, reply all, forward, delete, flag, and mark as unread. From the details view of messages, you can browse to previous message or next message, close, or go home.

In the OMA calendar view, you can view today, next/previous day, or go to the day of your choice. For any OMA calendar item, you can accept, tentative, decline, reply, reply all, forward, delete, and view details.

Comparing OMA to Other Approaches

So how does OMA compare to cellular-provided desktop assistant programs? Functionality is similar, but the major advantage is that the phone now connects directly to the server. In order for one of the Desktop Assistant programs to

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

function, the desktop must remain turned on with the forwarding program running. This places the failure point at the desktop and also uses both LAN and Internet bandwidth.

How does OMA on a standard cell phone compare to a SmartPhone or blackberry device? Generally cell telephones have smaller screens, but as you can see from the screen shots, if the phone is set to a small text, it is still readable. It is not as easy to type a reply, but it is possible and you can still check messages anywhere.

One important difference between OMA browser access and synchronization devices is that the information is only accessible when the user is in cellular coverage. The data does not get stored on the phone, but can be viewed only in the browser while the user is authenticated to the server.

As of this writing, I dearly miss some of the tricks that third party software offered. One of these tricks is a text message/page notification of mail - a rule that tells the user to check the mailbox rather than forward the message. For now, you can use the forward message from Chapter 6 for specific messages. In the past I have used notifications to page me when I received a message of high importance or a server message (based on words in the subject) or by sender. I check my e-mail frequently, but if I was in a meeting it would alert me to an issue that might be critical.

Daily OMA Use

I use OMA all of the time. Personally, I have a separate folding keyboard that attaches to my cell phone - I can send and receive e-mails without pulling up my laptop, but when I don’t need it I still have a small form factor phone. Without a keyboard, you don’t want to type long e-mails or replies, but you could send a short message saying “YES” (literal telephone pad keystroke sequence is: yes - Y - 999, E - 33, S - 7777 - it’s the new Morse code). OMA is also great for checking calendar updates. While running from one meeting to another, you can quickly check to see if the upcoming meeting time or location has been moved.

Thanks, Kim, for the OMA expertise. Won’t you consider speaking on this at the SMB Nation conference in Fall 2004? I can’t resist sharing a photo from the Fall 2003 SBS hands-on lab tour where a student in San Francisco implemented OMA right in the class room (Figure 8-26).

Figure 8-26

Live from San Francisco! It’s OMA and SBS 2003.

OWA Security in SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Mon, 18 Aug 2008 09:31:59 PDT

Happy Monday to u!

I am Harry Brelsford, the author Windows Small Business Server 2003 Best Practices and I am posting up a few pages per day to the Web (my blog) for your reading pleasure. This will continue until SBS 2008 ships!

So please enjoy a few pages today concerning OWA security in SBS 2003!

cheers…harrybbbb

Harry Brelsford

CEO at SMB Nation, www.smbnation.com, Microsoft Small Business Specialist (SBSC)

PS - I host a fantastic fall confernece in Seattle surrounding all this and more - everything SBS and Eseential Busienss Server (EBS)

###

OWA Security

There are a couple of security matters relating to OWA.

• Public vs. private computer. In Figure 8-18, you can see the OWA logon screen. A public or shared computer has a shorter time-out period (akin to the same setting in RWW). A private computer informs the Exchange server to tolerate a longer period of inactivity before enforcing a log off.

• HTTPS. I mentioned earlier but I need to mention again. When you configured SBS properly (that is, run the EICW and create the self-signing certificate that is discussed in both Chapter 4 and 5), you’ll always

operate OWA under HTTPS. The translation for the BDM is that this is more secure and the data (in addition to the logon activity) is encrypted via PPTP. The port session related to this is shown in Figure 8-20.

Figure 8-20

Observe Port 443 making the OWA session operate under HTTPS.

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

• Challenging. When you log on the old fashioned way or the local host way, you must complete the OWA logon. In SBS 2000, a local host OWA session did not issue this logon challenge. When you access OWA via RWW, you are not challenged for an OWA-specific logon because RWW passes logon authentication to OWA.

BEST PRACTICE: Always have your SBS users properly log off OWA when they leave an OWA session. The logoff button is found on the far right of the upper OWA toolbar. Not logging off lays the foundation for sinister behavior, such as someone clicking Back several times in Internet Explorer to get to your mailbox! LOG OFF!

OWA - finer points in SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Sun, 17 Aug 2008 11:42:20 PDT

Hello everyone - its sunday and I am posting up a few pages from Chapter 8 of my Windows Small Business Server 2003 Best PRactices book (the purple book) for your reading pleasure. Today we look at some of the finer points of Outlook Web Access (OWA) in SBS 2003. I will keep posting up book pages each day until SBS 2008 ships.

Thanks for reading - hope this helps!

cheers...harrybbbb

Harry Brelsford ceo at SMB Nation www.smbnation.com

I am a Microsoft Small Business Specialist (SBSC), MBA< MCSE< MCT< CNE, CLSE and CNP!

Did u know I host a raging SBS conference in Seattle in early october?

###

Meet OWA

Less talk, more look-see at this point. The new and improved OWA is presented in Figure 8-17 for your pleasure.

Notes:

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 8-17

Here is OWA in the SBS 2003 time frame. Notice in the Address that the URL identifies local host (running on the SBS server machine).

There are three ways to access OWA in SBS 2003.

• Old-fashioned. You’re probably familiar with this approach. Type the fully qualified domain name (FQDN) appended with the term “exchange” for the external interface (that’s the wild-side NIC card) on the SBS server machine) like springers1.springersltd.com/exchange. This approach assumes you have an “A” resource record registered in the DNS of your ISP that points to the wild-side NIC card. Of course, you could always point to the wild-side IP address in the following manner -207.202.238.215/exchange - and you’ll start the OWA authentication process.

• RWW. If necessary, revisit the RWW discussion early in this chapter where you learned to authenticate over the Internet. The RWW menu has the Read my company e-mail link to launch OWA. From the

outside, RWW is best accessed by FQDN/remote (springers1.springersltd.com/remote).

• Local Host. In Figure 8-17, I hinted at the use of OWA on the SBS server machine. This is possible with the localhost/exchange address. This is an excellent way to read e-mail messages et. al. on the actual SBS server machine and avoid the MAPI conflict I discussed in Chapter 6 (see Figure 6-26).

There are two types of OWA experiences:

• Premium. If ya want the good stuff, you need to select the Premium radio button on the OWA logon screen.

• Basic. While providing fewer OWA features, selecting the Basic radio button results in a session that runs faster and is recommended for slow links.

Notes:

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

I compare OWA Premium and OWA Basic on a deeper level (focused on security) in Table 8-1.

Table 8-1: Security: OWA Premium versus Basic

Capability
Description
OWA Premium
OWA Basic

Logon page
This has a new customized form for logging on to OWA. Includes cookie-based validation where OWA cookie is invalid after user logs out or is inactive for a predefined amount of time (or eats the cookie - just kidding).
Yes -and allows you choice to use OWA Basic
Yes - but only allows use of OWA Basic

Clear credentials cache on logoff
After logofff all the credentials in IE SP1 credentials cache are cleared automatically.
Yes
No

Public/Share computer and Private computer logon options
To provide SBSers with more protection, two logon page security options can be used. You can set the private logon page with a longer period before user is logged off because of inactivity.
Yes
Yes

“Web Beacon” blocking
Users can control options for blocking external content in e-mail.
Yes
Yes

Attachment blocking
Administrator options restrict access to some or all attachments in messages.
Yes
Yes

Junk mail filtering
Options to set up safe-and blocked-sender lists.
Yes
Yes

Encrypted/ signed mail
Sending and receiving encrypted and/or signed e-mail is supported.
Yes. IE 6 on Microsoft Windows 2000 or later.
No.

It’s time for Norm Hasborn to check his e-mail via OWA.

1 Log on to the remote computer (in my example: NormLap). I’ll assume you can log on as NormH (a local user) with the password Purple3300.

2 Launch Internet Explorer from Start, Internet. Type springers1.springersltd.com/exchange in the Address field. Note you can explore OWA via RWW on your own by repeating the RWW steps earlier in the chapter (from RWW, select Read my company e-mail). Here I want to expose you to the native OWA logon screen (RWW suppresses this screen, as I’ll discuss in the security section).

3 Click OK at the two Security Alert dialog boxes that appear (a third such box may appear if you didn’t install the SPRINGERS certificate earlier in the chapter and requires Yes).

4 Complete the OWA logon screen similar to Figure 8-18. NormH is the user with the password Purple3300. The Client is Premium and the Security is Public or shared computer (I discuss security in the next section). Click Log On.

Figure 8-18

Norm Hasborn is logging on to OWA here. The session has flipped to HTTPS at this point.

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

1 OWA can be seen for NormH in Figure 8-19. Notice the e-mail in the figure relates to the alert you configured in the prior chapter (Chapter 7 on WSS) relating to the Breeder1.doc document. Cool!

2 Go ahead and horse around with OWA for a few minutes. When you’re done, log off via the Log Off button on the far right.

Figure 8-19

OWA time, baby!

Outlook Web Access (OWA) in Windows Small Business Server 2003 (SBS)

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Fri, 15 Aug 2008 17:22:25 PDT

Call it a case of tomorrow's new today!

I am posting up my Outlook Web Access (OWA) introduction in the SBS 2003 realm today (Friday) because tomorrow (Saturday) I will be jammed with my niece's wedding here in San Francisco. What is interesting about this wedding is that it is an openly gay wedding which is now legal in the State of California and I am thrilled and excitred to see how this all plays out! I will post up a blog on my first experience at this type of wedding.

Back to the business at hand. I am the author of the Window Small Business Server 2003 Best Practices book (purple book) and I live on Bainbridge Island, WA. I am posting up a few pages of this SBS 2003 bok each and every day until SBS 2008 ships on November 12th (worldwide, multiple languages). Today - as I mentioned - we meet OWA.

cheers...harrybbbb

Harry Brelsford, CEO at smb nation, www.smbnation.com

Microsoft Small Business Specialist - SBSC

did u know we have a gr8t fall conference in sEattle in early October?!?! :)

###

Outlook Web Access

Meanwhile, back at the BBQ where the steaks are sizzling, another compelling SBS 2003 feature that “sizzles” in front of business decision makers (BDMs) is the massively improved Outlook Web Access (OWA). My infamous SBS customer, Bob in real estate, did back flips when I showed him the new OWA in SBS 2003. Why? For these reasons.

• Look and feel. The new OWA just looks more like “real” Outlook. That has been a major sticking point with Bob and other BDMs. It wasn’t so much like reading an e-mail message in past OWA releases

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

was that bothersome. Rather, things like calendar entries and contact records were downright rude!

• Feature creature. OWA, when compared to past OWA versions (apples to apples) and not compared to “real” Outlook (apples to oranges), is much richer. An example of improved features is the stronger integration with Outlook and its rules and options (such as Privacy and Junk E-mail Prevention options now accessible via OWA).

• Sir Speedy. This OWA version boogies. Older OWA releases were slow and seconds of delay felt like hours to Type-A businessmen like Bob. It was so bad in the past that I set up Outlook Express with IMAP as per Chapter 6 to workaround the OWA slowness.

• Security improvements. I felt honor-bound to show my customers, such as Bob the BDM, some improvements to security. As an SBSer in the early 21st century, I’m trying to use every opportunity to talk up security (and no, this isn’t make-work or a self-employment act, but advice offered in a sincere way). See the security section below for details, but I’ll share one now: OWA natively runs under HTTPS when you configure the default configuration of SBS.

BEST PRACTICE: So are there any limitations with the new OWA? Yes, there are a few. A bright student in Mumbai/Bombay India SBS 2003 hands-on lab correctly taught me (the instructor) that OWA doesn’t display multiple mailboxes at the same time while real Outlook can. This is bothersome if you’re a BDM that uses multiple e-mail aliases to look larger than life in the business community and you travel extensively and need to use OWA from Internet cafés or your laptop in a hotel room. With OWA and multiple mailboxes, you’d need to log on multiple times (as the different e-mail account) and view each mailbox separately (e.g., jobs@springersltd.com).

Another student at the San Francisco, California, SBS 2003 hands-

on lab (October 2003) correctly pointed out that, when viewing a

Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

contact record in a public folder in the new OWA, the New Message to Contact toolbar button is disabled. Translation: You can’t send an e-mail to a contact in a public folder with a single click using OWA. Rather, you have to manually copy and paste the SMTP e-mail address into a new message. He seemed really bothered by this (must have been having a bad SBS day).

Beatrice Mulzer from Cocoa Florida informs me that the search folder feature isn’t available in OWA.

I personally noticed that, when entering a contact record in OWA in the SBS 2003 time frame, that the Address, City, State, Zip fields (ACSZ) are divided in the UI for OWA (you have separate fields for ACSZ). But, in real Outlook 2003, ACSZ is entered into a single field and then parsed in the background.

Remote Desktop Protocol (RDP) in Windows Small Business Server 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Fri, 15 Aug 2008 05:39:37 PDT

Top of the morinng to ya! I am up and at 'em here in Seattle on the 520AM ferry enroute to the airport and some time in the San Francisco area...really starting to spend more time down there what with the hot technology sector (can u say SOMA?). So a quick post from Chapter 8 of my Windows Small Business Server 2003 Best Practices book - as u might know - I am posting up several pages per day from this book into the WILD for your reading pleasure. Why do I do this? Because I am a nice person! I will keep posting until SBS 2008 ships!

Today we explore the Remote desktop Protocol (RDP) in the mobility realm of SBS 2003.

cheers...harrybbbb

harry brelsford, smb nation's ceo www.smbnation.com

Microsoft Small Business Specialist (SBSC), MBA MCSE MCT CNE CLSE CNP

Did u know I host my big annual conference in early OCtober in Seattle!

###

Exploring RDP

Oops! I almost forgot some more stuff on RDP that I wanted to share (this has an advanced tone to it). RDP allows for separate virtual channels for carrying device communication and presentation data from the server, as well as encrypted client mouse and keyboard data. RDP uses its own video driver on the server-side to render display output by construction rendering information in network packets using the RDP protocol and sending them over the network to the client. On the client-side, it receives the rendering data and interprets them into the corresponding Win32 Graphic Display Interface (GDI) application programming interface (API) calls. On the input path, client mouse and keyboard messages are redirected from the client to the server. On the server-side, RDP uses its own virtual keyboard and mouse driver to receive these keyboard and mouse events.

Without encrypting the display protocol, it would be very easy to “sniff” the wire to discover the user’s passwords as they log on to the system. Allowing an administrator to log on using a non-encrypted protocol exposes the entire domain resources that are now vulnerable to hackers, especially if connecting over a public network without a VPN. It is both darn interesting and important to note

that protocols using “scrambling” to protect data are just as vulnerable to this

sort of attack as protocols that send data using clear text. The activity involved in sending and receiving data through the RDP stack is essentially the same as the seven-layer Open Standards Interconnection (OSI) model for the LANs on this planet. Data from an application or service to be transmitted is passed down through the protocol stacks, sectioned (sounds like a Ginsu knife commercial with slicing and dicing, eh?), directed to the channel (through MCS), encrypted, wrapped, framed, packaged onto the network protocol, and finally (really and truly) addressed and sent over the wire to the client. The returned data works the same way only in reverse, with the packet being stripped of its address, then unwrapped, decrypted, and so on (and on and on) until the data is presented to the application for use (Whew!). Key portions of the protocol stack modifications occur between the fourth and seventh layer, where the data is encrypted, wrapped and framed, directed to a channel and prioritized.

Lastly, every version of RDP uses RSA Security’s RC4 cipher, a stream cipher

designed to efficiently encrypt small amounts of varying data size. RC4 is designed for secure communications over networks and is also used in protocols such as SSL, which encrypts traffic to and from secure Web sites. By default, Windows XP Remote Desktop and Windows Server 2003 Remote Desktop and Terminal Services use high (128-bit) encryption to encrypt most data transmissions in both the client-to-server direction and the server-to-client direction.

BEST PRACTICE: Don’t forget the 128-bit encryption point raised here.

It is frequently brought up in technology conversations about SBS.

RWW Security Summary in SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Thu, 14 Aug 2008 21:08:41 PDT

Hello gang - today I have a shorter post-up from my Windows Small Business Server 2003 Best PRactices book - it is a summary of Remote Web Workplace security.

enjoy...harrybbbb

Harry Brelsford, ceo at smb nation, www.smbnation.com

did u know we have a raging conference comin' to Seattle in early October: SBS 2008 and EBS 2008 launch party!

Microsoft Small Business Specialist (SBSC) and MBA

###

RWW Security Summary

Before moving on and looking at Outlook 2003 remote approaches, oblige me and view the following RWW security summary:

• SSL connections required for access to the Web site.

• User authentication required for access to the Web site.

• Log out allows users to close sessions and clear any cached logon credentials.

• Timeout feature automatically closes sessions after a period of inactivity.

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

• Public or shared computer mode provides additional safety requirements in those environments (browser version checking, shorter timeouts).

• Web site is throttled through IIS.

• Web site files are strongly ACL’ed (governed by the Access Control List) to prevent unauthorized editing.

• Remote Desktop connections are encrypted and send only mouse clicks and keystrokes over the connection.

• Reduces or eliminated the need for VPN connections at the business.

BEST PRACTICE: Use the above list as “talking points” when talking about RWW.

RWW under the hood in SBS 2003

noreply@blogger.com (Harrybbbb (Harry Brelsford, CEO, SMB Nation)) — Wed, 13 Aug 2008 20:07:46 PDT

Good evening folks - been a crazy busy day but I am honoring my commitment to post up several pages per day from my Windows Small Business Server 2003 Best Practices book (the purple book). I really like the part of Chapter 8 where we debunk, prove and otherwise party on with Remote Web Workplace.

Looking forward to SBS 2008 and more madness!

cheers...harrybbbb

Harry Brelsford, ceo at smb nation, www.smbnation.com

Microsoft Small Business Specialist, MBA, MCSE, CNE, MCT, MCP, CLSE and CNP - whew - I am tired!

ps - funky groovy fall conference is less than 60-days away in Seattle!

###

Under the Hood RWW Architecture

Specialists like specialist in the professional world, perhaps because there is an element of mutual respect. So when this SBS specialist (yours truly) needed some help digging deeper in this subject area, I went to fellow SBS 2003 hands-on lab instructor Beatrice Mulzer from Florida. Beatrice is an RWW nicher and provided the screen shots in this section showing a glimpse of how things work under the hood with RWW.

First off, it helps to see a Visio diagram that outlines the RWW architectural experience. This is shown in Figure 8-10.

Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.

Figure 8-10

This diagram outlines the RWW mechanics.

Now for the step-by-step figures that bring definition to the chart above.

Notes:

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 8-11

Initial connection to SBS 2003 external Web page over port 80. Note HTTP in the Address field of Internet Explorer.

BEST PRACTICE: Note the above figure (Figure 8-11) assumes that you have selected the Business Web option on the Web Services Configuration page in the EICW. We did NOT do this back in Chapter 4 for the purpose of SPRINGERS. But please heed this advice, as imparted to me by the Microsoft program manager who owns this area. IN THE REAL WORLD, Microsoft discourages you from opening port 80 in the EICW via the Business Web selection. Rather, they’d rather have the address for RWW typed by external users be the FQDN followed by /remote (e.g., springers1.springersltd.com/ remote). The /remote component of the address makes the external listening port become 443 and the address is appended to HTTPS.

Another real worldism for NOT opening port 80 if you can help it. Beside exposing your IIS root to the world (and Web search engine crawling), you also expose RWW to Web search engine crawling. This is something you probably don’t want to do, as it might be the source of future vulnerabilities and attacks (as of this writing, this hasn’t been exploited). A really interesting exercise to see this in action is to go to Google and search on the terms “remote web workplace” and view the results. You’ll see pages of hits returned with Remote Web Workplace highlighted. These are SBS 2003 sites that have opened port 80 (again, likely via the Business Web selection on the Web Services Configuration page in the EICW). Stunning how many RWW sites you’ll see.

Finally, if you must have port 80 open because you really do host a business Web site and you’ve accepted the risks, then please consider using a robots.txt file to restrict Web search engine crawling. Details on robots.txt at www.robotstxt.org/wc/robots.html and in Chapter 10.

Notes:

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 8-12

Approving the security certificate (SSL) pop-up to log on to Remote Web Workplace (this process started by selecting the Remote Web Workplace link). Note the port switch from port 80 to port 443. This would be the case when you’ve published your root page via the Business Web selection on Web Services Configuration in the EICW.

Figure 8-13

The SSL pop-up was approved and the RWW logon dialog box appears. Session traffic is over port 443 and the HTTP protocol has switched to HTTPS at this point.

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 8-14

An RWW session underway with HTTPS and port 443.

BEST PRACTICE: Did you look closely at the above figure and see the entry titled “View Server Usage Report”? How did that appear? If you have run the Monitoring Configuration Wizard (which you will do in Chapter 12) and the user (in this case Beatrice) has permission to view the server usage reports, this option will appear on the RWW page.

Notes:

Figure 8-15

Internally accessing the WSS Home page (Intranet) over port 443 under RWW. Protocol is HTTPS. Note that external access to WSS is over 444 (which isn’t being depicted in this figure).

Visit www.microsoft.com/technet for the latest updates for any Microsoft product.

Figure 8-16

When you click the Connect to my computer at work, port 4125 is used for the Remote Desktop session traffic (note port 4125 doesn’t become active and listen until you click this Connect to my computer at work button; listening actually occurs on port 443). This is in addition to port 443 that remains open (ports 4125 and 443 are simultaneously open under this scenario). At this juncture, some background voodoo is performed by SBS to authenticate you and prove you are who you say you are (that’s about as well as I can explain it in this introductory text).

BEST PRACTICE: A common question in the Fall 2003 SBS hands-on labs related to which ports on a hardware-based firewall/router needed to be opened to allow RWW traffic through. RWW uses the following ports for its entire experience: 443, 444, 4125. Port 80 would be used if you published the root page (not recommended). And by the way, the other SBS-related port you’ll need open is 1723 (VPN, which I discuss more later).

By the way, you can see the port 4125 setting for RWW in the

Registry at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal

and look at the Port key where the REG_DWORD value is 4125.

Another common question concerns whether you must first establish a VPN connection to drill down and take control of your Windows XP Pro workstation via Remote Desktop. The answer is no. You are using RDP over HTTP, not VPN tunneling to access the Windows XP Pro workstation.

So hopefully a few pictures here have saved over a thousand words. I thought that by starting with a diagram and then witnessing the port traffic, you could “feel” RWW first hand under the hood. More of this good stuff in my advanced SBS 2003 book in the second part of 2004.