Windows Small Business Server 2011 Administrators Companon

Pub shed w th the author zat on of M crosoft Corporat on by O’Re y Med a, Inc 1005 Gravenste n H ghway North Sebastopo ...

20 downloads 1137 Views 46MB Size Report

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form

DOWNLOAD PDF

Pub shed w th the author zat on of M crosoft Corporat on by O’Re y Med a, Inc 1005 Gravenste n H ghway North Sebastopo , Ca forn a 95472 Copyr ght © 2011 by Char e Russe and Sharon Crawford A r ghts reserved No part of the contents of th s book may be reproduced or transm tted n any form or by any means w thout the wr tten perm ss on of the pub sher ISBN 978-0-7356-4911-8 1 2 3 4 5 6 7 8 9 TG 6 5 4 3 2 1 Pr nted and bound n Canada M crosoft Press books are ava ab e through bookse ers and d str butors wor dw de If you need support re ated to th s book, ema M crosoft Press Book Support at [email protected] P ease te us what you th nk of th s book at http://www. microsoft.com/learning/booksurvey M crosoft and the trademarks sted at http://www.microsoft.com/about/legal/en/ us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the M crosoft group of compan es A other marks are property of the r respect ve owners The examp e compan es, organ zat ons, products, doma n names, ema addresses, ogos, peop e, p aces, and events dep cted here n are fict t ous No assoc at on w th any rea company, organ zat on, product, doma n name, ema address, ogo, person, p ace, or event s ntended or shou d be nferred Th s book expresses the author’s v ews and op n ons The nformat on conta ned n th s book s prov ded w thout any express, statutory, or mp ed warrant es Ne ther the authors, O’Re y Med a, Inc , M crosoft Corporat on, nor ts rese ers, or d str butors w be he d ab e for any damages caused or a eged to be caused e ther d rect y or nd rect y by th s book Acquisitions Editor: Ken Jones Developmental Editors: Laura Sackerman and Ken Jones Production Editor: Teresa E sey Proofreader: Nancy S xsm th Compositor: Ron B odeau Technical Reviewer: Andrew Edney Copyeditor: Roger LeB anc Indexer: Ange a Howard Cover Design: Tw st Creat ve • Seatt e Cover Composition: Karen Montgomery Illustrator: Robert Romano

Contents at a Glance Introduction

xxv

Part I

Preparation and Planning

Chapter 1

Introducing Windows Small Business Server 2011

1

Chapter 2

Understanding 64-Bit Windows

9

Chapter 3

Planning Your SBS Network

19

Chapter 4

Planning Fault Tolerance and Avoidance

45

Part II

Installation and Setup

Chapter 5

Installing Small Business Server 2011

67

Chapter 6

Configuring SBS in Hyper-V

81

Chapter 7

Migrating to Windows Small Business Server 2011 Standard 111

Chapter 8

Completing the Getting Started Tasks

Part III

Performing the Basic Tasks

Chapter 9

Managing Users and Groups

203

Chapter 10

Shares and Permissions

223

Chapter 11

Disk Management

243

Chapter 12

Storage Management

275

Chapter 13

Installing and Managing Printers

315

Chapter 14

Managing Computers on the Network

337

Chapter 15

Managing Software Updates

363

Chapter 16

Configuring Backup

383

181

Part IV

Performing Advanced Tasks

Chapter 17

Windows SBS Console vs. Server Manager

439

Chapter 18

Configuring and Managing Email

469

Chapter 19

Managing Local Connectivity

495

Chapter 20

Managing Remote Access

521

Chapter 21

Using Group Policy

547

Chapter 22

Managing Reports

579

Chapter 23

Customizing a SharePoint Site

597

Part V

Premium Edition Features

Chapter 24

Installing the Second Server

627

Chapter 25

Installing Microsoft SQL Server 2008 R2 Standard Edition for Small Business

657

Chapter 26

Adding a Terminal Server

673

Part VI

Maintenance and Troubleshooting

Chapter 27

Performance Monitoring

711

Chapter 28

Disaster Planning

733

Part VII

Appendices

Appendix A

Introduction to Networks

751

Appendix B

Automating Installation

757

Appendix C

Additional Resources

759

Index

761

Contents Introduction

xxv

Part I

Preparation and Planning

Chapter 1


1

W ndows Sma Bus ness Server Ed t ons. . . . . . . . . . . . . . . . . . . . . . . . . . . .

1

What’s New and Improved . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2

Chapter 2

SBS Conso e

3

Remote Web Access

4

Insta at on and M grat on

4

Data Protect on

4

Exchange Server 2010 SP1

5

SharePo nt Foundat on Serv ces 2010

5

Sma Bus ness Server 2011 Prem um Add-on. . . . . . . . . . . . . . . . . . . . . . .

6

Hardware Requ rements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7


9

Why the Change? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10

What Are the Advantages?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

11

Memory

11

Performance

12

Secur ty. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . V rtua zat on What Are the Cha enges?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13 14 15

Dr vers

15

Hardware and Software Cons derat ons

15

What About C ents?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

17

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18 ix

Chapter 3


19

P ann ng the Network Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

19

Determ n ng Your Needs

21

Choos ng an Internet Connect on

22

Choos ng a Network Type

25

Choos ng Network Dev ces

28

Choos ng Server Hardware

34

Choos ng C ent Hardware and Software

36

Choos ng Nam ng Convent ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Choos ng a Doma n Name for the Network

37

Nam ng Computers

39

P ann ng for Secur ty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 4

40

Secur ng C ent Computers

41

Secur ng W re ess Networks

43

Secur ng Internet F rewa s

43

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

44


45

Mean T me to Fa ure and Mean T me to Recover

46 47

Loca Power Supp y Fa ure

48

Vo tage Var at ons

50

Sags

52

Short-Term Power Outages

53

Long-Term Power Outages

53

D sk Arrays. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Contents

40

Ensur ng Phys ca Secur ty

Protect ng the Power Supp y. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

x

37

55

Hardware vs Software

55

RAID Leve s for Fau t To erance

55

Hot-Swap and Hot-Spare D sk Systems

61

Redundant Network ng. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

62

Other Spare Parts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

62

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

63

Part II

Installation and Setup

Chapter 5


67

P ann ng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

67

Chapter 6

P ann ng Part t ons

67

P ann ng Locat on and Network ng

68

Prepar ng the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

69

Insta at on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

70

Insta at on Process

70

Us ng the SBS Answer F e Generator

78

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

79


81

Hyper-V Overv ew. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

82

Emu at on vs Hyperv sor

83

Requ rements

84

Insta at on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

86

Insta ng on M crosoft Hyper-V Server R2

87

Insta ng on Fu W ndows Server 2008 R2

89

In t a Configurat on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

91

Configur ng Networks

91

Server Sett ngs

93

Creat ng a V rtua Mach ne. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

95

Creat ng a Bas c VM

96

Mach ne Sett ngs Work ng w th a V rtua Mach ne. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

101 105

Start ng, Stopp ng, Sav ng, Snapshott ng

105

C pboard

106

SBS n Hyper-V. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

107

L cens ng

108

Configurat on

108

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

109

Contents

xi

Chapter 7

Migrating to Windows Small Business Server 2011 Standard The M grat on Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

112

Prepar ng Your Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

114

Before You Start

114

Back Up Your Ex st ng SBS Server

115

Insta Current Updates

115

Network Configurat on

116

Insta Router and F rewa

124

Configur ng Act ve D rectory

127

Best Pract ces Ana yzer

130

Opt m ze Exchange Ma boxes

133

Runn ng the M grat on Preparat on Too

134

Creat ng a M grat on Answer F e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 8

xii

Contents

111

139

Adm n strator Account

139

Us ng the SBS Answer F e Generator

142

Insta ng SBS 2011 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

145

M grat ng Sett ngs and Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

146

Us ng the M grat on W zard

147

Re-Enab ng Fo der Red rect on

176

F na Thoughts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

178

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

179


181

F n sh the Insta at on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

182

Connect to the Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

182

Customer Feedback Opt ons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

184

Set Up Your Internet Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

185

Reg ster ng a New Doma n Name

185

Us ng an Ex st ng Doma n Name

188

Manag ng Your Doma n Name

192

Configure Ema

193

Add a Trusted Cert ficate

193

Protect Your Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

199

Add Users, Computers, and Dev ces . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

199

Network Essent a s Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

199

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

200

Part III

Performing the Basic Tasks

Chapter 9


203

Understand ng Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

203

Creat ng Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

205

Sett ng Up a D str but on Group

205

Creat ng a Secur ty Group

206

Work ng w th Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

208

Bu t-In Un versa Groups

209

Bu t-In Doma n Loca Groups

209

Bu t-In G oba Groups

212

Manag ng User Ro es. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

213

The Standard User Ro e

214

The Standard User w th Adm n strat on L nks

215

Network Adm n strator Ro e

215

Creat ng a New User Ro e

215

Add ng a New User Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

217

Add ng Mu t p e User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

220

G v ng Users Access to Computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

221

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

222

Contents

xiii

Chapter 10

Shares and Permissions Share Perm ss ons vs F e Perm ss ons. . . . . . . . . . . . . . . . . . . . . . . . . . . .

223

F e Perm ss ons

224 225

How Perm ss ons Work

227

Cons der ng Inher tance

228 229

Remov ng a Shared Fo der

233

Chang ng Share Perm ss ons

234

Spec a Shares. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ownersh p and How It Works Effect ve Perm ss ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Factors Cons dered n Determ n ng Effect ve Perm ss ons

235 236 238 239

Defin ng User R ghts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

240

Manag ng Defau t User R ghts Ass gnments . . . . . . . . . . . . . . . . . . . . . .

241

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

242

Disk Management

243

The Search for D saster Protect on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

244

Choos ng the Storage So ut on for Your Network. . . . . . . . . . . . . . . . . .

248

Storage Connect on Techno og es

249

Manag ng D sks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

250

Part t ons and Vo umes

252

Add ng a Part t on or Vo ume

253

Extend ng or Shr nk ng a Vo ume

263

Add ng a M rror

267

Dr ve Fa ure n a M rrored Vo ume

268

Break ng a M rror

271

RAID-5 Vo umes

271

Mount ng a V rtua Hard D sk

272

Mount ng a Vo ume

273

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Contents

225

What Perm ss ons Mean

Add ng a Shared Fo der. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

xiv

223

Share Perm ss ons NTFS Perm ss ons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 11

223

274

Chapter 12

Storage Management D str buted F e System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

275

DFS Term no ogy

276

Namespace Type

277

Namespace Server Requ rements

278

Namespace C ent Requ rements

278

DFS Rep cat on

279

F e Rep cat on Serv ce

279

Rep cat on Topo og es

280

Insta ng DFS Management

281

Creat ng or Open ng a Namespace Root

283

Add ng Namespace Servers

285

Add ng DFS Fo ders

285

Chang ng Advanced Sett ngs

287

Back ng Up and Restor ng the DFS Fo der Targets

289

Us ng DFS Rep cat on

290

Us ng F e Server Resource Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

296

Schedu ng Storage Reports

296

Us ng D rectory Quotas

300

Creat ng Quotas and Auto Quotas

301

V ew ng and Manag ng Quotas

302

Creat ng and Ed t ng Quota Temp ates

303

Screen ng F es

306

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 13

275


313

315

Understand ng Pr nt Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

315

Se ect ng Pr nters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

316

P ann ng Pr nter P acement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

317

Nam ng Pr nters

318

Nam ng Pr nter Locat ons

318

Insta ng Pr nters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

319

Add ng and Shar ng a Network Pr nter

320

Shar ng Loca y Connected Pr nters

324 Contents

xv

Add ng C ent Dr vers for Shared Pr nters. . . . . . . . . . . . . . . . . . . . . . . . . Manag ng Pr nters from W ndows SBS

326

Manag ng Pr nters from the Command L ne

327

Sett ng Secur ty Opt ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

328

Group Pr or t es and Pr nter Ava ab ty

329

Sett ng Up a Pr nter Poo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

331

Configur ng Pr nt Spoo ng. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

332

Us ng the Fax Serv ce. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

333

Add ng a Fax Modem

333

Start ng and Configur ng the Fax Serv ce

334

Manag ng Fax Users and Adm n strators

336

Managing Computers on the Network Connect ng Computers to the Network. . . . . . . . . . . . . . . . . . . . . . . . . .

337 337 338

Estab sh ng Bas c Network Connect v ty

338

Us ng the Sma Bus ness Server Connect Computer W zard

342

Connect ng A ternate C ents

349

Connect ng to RWA Manag ng Computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

351 352 354

V ew ng and Mod fy ng C ent Computer Sett ngs

356

Remote y Manag ng Computers

358

Remov ng Computers from the Network

361

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Contents

336

Creat ng Computer Accounts

Us ng Remote Web Access

xvi

328

Determ n ng Pr nter Ava ab ty

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 14

325

362

Chapter 15

Managing Software Updates Why Patch ng Is Important. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

364

The Patch ng Cyc e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

365

Assess

366

Ident fy

367

Eva uate and P an

368

Dep oy

369

Repeat

370

Us ng SBS Software Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 16

363

370

Configur ng Software Update Sett ngs

370

Dep oy ng Updates

376

Th rd-Party So ut ons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

381

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

381

Configuring Backup Configur ng the Backup Serv ce. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

383 383

W ndows Server Backup Us ng SBS W zards

385

W ndows Server Backup Us ng Nat ve Too s

391

Us ng the Backup Once W zard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

395

Recover ng Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

399

Recover ng Your Server

400

Recover ng Vo umes

400

Recover ng F es and Fo ders from the Loca Server

401

Recover ng F es and Fo ders from Another Server

403

Recover ng App cat ons and Data

404

Recover ng the Operat ng System

406

Restor ng a Backup Cata og

411

Us ng the Command L ne to Manage Backups. . . . . . . . . . . . . . . . . . . .

412

Us ng the W ndows Serverbackup PowerShe Snap- n

413

Us ng the Wbadm n Command

416

W ndows Storage Server 2008 R2 Essent a s . . . . . . . . . . . . . . . . . . . . . . Configur ng W ndows Storage Server 2008 R2 Essent a s for an SBS Network Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

422 423 435 Contents

xvii

Part IV

Performing Advanced Tasks

Chapter 17

Windows SBS Console vs. Server Manager Add ng (and Remov ng) Ro es and Features. . . . . . . . . . . . . . . . . . . . . . .

441

Add ng and Remov ng Ro es

441

Add ng and Remov ng Ro e Serv ces

450

Add ng and Remov ng Features

454

Add ng Features

455 458

Us ng Server Manager

461

D rect y Open ng Nat ve Conso es

464

Configuring and Managing Email Bas c Ema Configurat on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configur ng Internet Ma POP3 Ema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

469 469 470 474 475

Sett ng POP3 Retr eva Frequency

477 478

Us ng Contacts

479

Add ng an Add t ona Ema Doma n Name

486

Chang ng the Max mum Message S ze

493

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Managing Local Connectivity DHCP and DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

494

495 496

Manag ng DHCP

496

Manag ng DNS

503

W re ess Connect v ty. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Contents

467

Add ng a POP3 Account Advanced Ema Configurat on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

xviii

457

Us ng the Advanced Mode of the W ndows SBS Conso e

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 19

439

Ro es, Ro e Serv ces, and Features

Us ng the Nat ve Conso es. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 18

439

508

W ndows F rewa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 20

Sett ng F rewa Po c es Us ng Group Po cy

512

F rewa Ru e Bas cs

513

F x ng Network Prob ems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

519

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

520

Managing Remote Access Remote Web Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

521 521

Configur ng the RWA Computer L st

523

Enab ng or D sab ng a User for RWA

530

RWA L nks L st

533

V rtua Pr vate Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 21

511

538

Enab ng VPNs

539

Configure VPN Perm ss ons

541

F x ng Network Prob ems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

542

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

546

Using Group Policy

547

Components of Group Po cy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

548

Group Po cy Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

548

Manag ng Group Po c es. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

549

Order of Inher tance

551

Order of Imp ementat on

552

Creat ng a Group Po cy Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

553

De et ng a Group Po cy Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

554

Manag ng Group Po cy L nks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

555

Sett ng the Scope of the GPO

555

Enab ng and D sab ng GPO L nks

556

D sab ng a Branch of a GPO

557

Refresh ng Group Po cy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

557

Back ng Up a Group Po cy Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

559

Restor ng a Group Po cy Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

560

Contents

xix

Dep oy ng App cat ons w th Group Po cy. . . . . . . . . . . . . . . . . . . . . . . . Pub sh or Ass gn App cat ons

561

Creat ng a Software D str but on Po nt

562

Creat ng a GPO for Software Dep oyment

563

Configur ng the Group Po cy Software Insta at on Extens on

564

Group Po cy Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 22

571

Configur ng Common Opt ons

574

Us ng Group Po cy Preferences for Contro Pane

575

Us ng Group Po cy Resu ts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

576

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

578

Managing Reports

579 580

Custom z ng the Deta ed Network Report

582

Creat ng a New Report

584

A erts for Serv ces

585 586

Performance Counter A ert

587

Event Log Error A erts

588

Creat ng Custom A erts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

588

Creat ng an A ert for a Stopped Serv ce

589

Custom A ert for Backup Fa ure

594

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


595

597

Introduc ng SharePo nt Foundat on 2010. . . . . . . . . . . . . . . . . . . . . . . . .

597

Understand ng SharePo nt Items

598

Understand ng SharePo nt Ro es

599

Custom z ng Companyweb. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

606

Add ng a Workspace

606

Add ng RemoteApps L nks

613

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Contents

579

Custom z ng the Summary Report

Configur ng A erts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

xx

568

Us ng Group Po cy Preferences for W ndows

Network Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 23

560

624

Part V

Premium Edition Features

Chapter 24


Chapter 25

M n mum System Requ rements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

627

Insta at on and In t a Configurat on. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

629

Insta at on

630

In t a Configurat on

636

Custom z ng the Server

648

C os ng the In t a Configurat on Tasks W zard. . . . . . . . . . . . . . . . . . . . .

654

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

655

Installing Microsoft SQL Server 2008 R2 Standard Edition for Small Business Insta at on Opt ons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 26

627

657 657

Insta at on Restr ct ons

658

Insta ng SQL Server (Part One). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

658

P ann ng

659

Insta at on

662

Ma ntenance

663

Too s

663

Resources

663

Advanced

664

Opt ons

665

Insta ng SQL Server (Part Two). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

665

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

671

Adding a Terminal Server New Remote Desktop Serv ces Features. . . . . . . . . . . . . . . . . . . . . . . . . .

673 673

RD Gateway

674

RemoteApps

674

RD Web Access

674

Contents

xxi

Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Access

675

Centra Management

676

L cens ng

677

Insta ng the Remote Desktop Serv ces Ro e. . . . . . . . . . . . . . . . . . . . . .

678

Configur ng RD L cens ng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

688

Insta ng Remote Desktop L cens ng

688

Ass gn ng the L cens ng Server and L cens ng Mode

692

Configur ng RemoteApps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

694

RemoteApp Manager

695

Dep oy ng w th rdp and ms fi es

698

Add ng a RemoteApp to Remote Web Workp ace. . . . . . . . . . . . . . . . .

700

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

708

Part VI

Maintenance and Troubleshooting

Chapter 27

Performance Monitoring Resource Mon tor Overv ew. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

712 716

Troub eshoot ng Troub esome App cat ons

716 717

Add ng Performance Counters

718

Chang ng the Performance Mon tor D sp ay

719

Sav ng the Performance Mon tor D sp ay

720

Us ng Re ab ty Mon tor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . V ew ng Re ab ty Mon tor on a Remote Computer

720 721

Creat ng a Data Co ector Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

721

Manag ng Co ected Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

727

Work ng w th Data Log F es

Contents

711

F ter ng Informat on from Resource Mon tor Us ng Performance Mon tor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

xxii

675

729

V ew ng Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

730

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

731

Chapter 28

Disaster Planning P ann ng for D saster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

733

Ident fy ng the R sks

735

Ident fy ng the Resources

736

Deve op ng the Responses

736

Test ng the Responses

740

Iterat ng

741

Prepar ng for a D saster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

742

Sett ng Up A Fau t-To erant System

742

Backups

743

Restor ng from Backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

743

V rtua zat on and D saster P ann ng. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

747

No USB Support

747

Hardware Independence

748

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Part VII

733

748

Appendices

Appendix A Introduction to Networks

751

Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

751

C ents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

752

Med a Connect ng Servers and C ents. . . . . . . . . . . . . . . . . . . . . . . . . . .

752

Features of the W ndows Operat ng System . . . . . . . . . . . . . . . . . . . . . .

752

Doma ns and Workgroups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

753

Do Workgroups Work?

753

Defin ng Doma ns

754

Doma n Components

755

Contents

xxiii

Appendix B Automating Installation

757

Appendix C Additional Resources

759

M crosoft Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

759

Other Resources for SBS Users and Consu tants. . . . . . . . . . . . . . . . . . .

760

Index

761

What do you think of this book? We want to hear from you! M crosoft s nterested n hear ng your feedback so we can cont nua y mprove our books and earn ng resources for you. To part c pate n a br ef on ne survey, p ease v s t:

microsoft.com/learning/booksurvey

xxiv

Contents

Note Notes include tips as well as alternative ways to perform a task or

information that needs to be highlighted.

Important Information marked Important shouldn’t be skipped. (That’s

why these elements are called Important.) Here you’ll find security notes, cautions, and warnings to keep you and your network out of trouble.

What’s in This Book Windows Small Business Server 2011 Administrator’s Companion s d v ded nto seven parts The first four parts rough y correspond to the deve opmenta phases of a W ndows Sma Bus ness Server network Part V dea s w th Prem um Add-on features, and Part VI covers ma ntenance and troub eshoot ng The ast part s made up of append ces w th he pfu nformat on Part I, Preparation and Planning P ann ng and preparat on are the sine qua non for any k nd of network It comes down to the o d say ng, “If you don’t have the t me to do t r ght, how w you find the t me to do t over?” Chapters 1 through 4 are a about do ng t r ght the first t me Part II, Installation and Setup Chapters 5 through 8 take you through the process of nsta ng W ndows Sma Bus ness Server and perform ng n t a configurat ons us ng the Gett ng Started Tasks Th s sect on nc udes he pfu chapters on configur ng W ndows SBS v rtua zat on and m grat ng from W ndows SBS 2003 Part III, Performing the Basic Tasks Chapters 9 through 16 cover the day-today tasks n runn ng a network configur ng d sks, sett ng up user accounts, arrang ng the shar ng of nformat on among users, add ng and remov ng computers and pr nters, manag ng software updates, and back ng up and restor ng data Part IV, Performing Advanced Tasks Chapters 17 through 23 prov de ns ght and nformat on about manag ng ema , connect v ty techno og es, and us ng Group Po cy In th s part, you’ a so find chapters about sett ng up and manag ng a SharePo nt s te Part V, Premium Edition Features Chapters 24 through 26 address features found the n W ndows SBS 2008 Prem um Add-on These chapters are about nsta ng a second server, nsta ng M crosoft SQL Server, and add ng term na servers to your network xxvi

Introduction

Part VI, Maintenance and Troubleshooting Chapter 27 covers the extens ve brary of mon tor ng too s ava ab e n W ndows Sma Bus ness Server, and Chapter 28 s a about how you save your bus ness, your network, and yourse f n the face of the many var et es of d saster that can affl ct networks Part VII, Appendices The fina part cons sts of append ces w th supp ementa nformat on Th s nc udes an ntroduct on to network ng, nstruct ons for automat ng nsta at on, and a st of resources for the users of W ndows SBS 2011

About the Companion Web Content The compan on content for th s book conta ns W ndows PowerShe scr pts for common adm nstrat ve tasks These fi es can be down oaded from the web at http://go.microsoft.com/FWLink/?Linkid=217073 Fu documentat on of the contents and structure of the compan on fi es can be found n the Readme txt fi e For nstruct ons on access ng the on ne ed t on of th s book, see "How to Access Your On ne Ed t on Hosted by Safar "

How to Access Your Online Edition Hosted by Safari The voucher bound n to the back of th s book g ves you access to an on ne ed t on of the book (You can a so down oad the on ne ed t on of the book to your own computer; see the next sect on ) To access your on ne ed t on, do the fo ow ng 1. Locate your voucher ns de the back cover, and scratch off the meta c fo

to revea your access code 2. Go to http://microsoftpress.oreilly.com/safarienabled 3. Enter your 24-character access code n the Coupon Code fie d under Step 1

(P ease note that the access code n th s mage s for ustrat on purposes on y ) Introduction

xxvii

4. C ck the CONFIRM COUPON button

A message w appear to et you know that the code was entered correct y If the code was not entered correct y, you w be prompted to re-enter the code

5. In th s step, you’ be asked whether you’re a new or ex st ng user of Safar

Books On ne Proceed e ther w th Step 5A or Step 5B

5A. If you a ready have a Safar account, c ck the EXISTING USER – SIGN IN

button under Step 2

5B. If you are a new user, c ck the NEW USER – FREE ACCOUNT button

under Step 2 ■

You’ be taken to the “Reg ster a New Account” page

■

Th s w requ re fi ng out a reg strat on form and accept ng an End User Agreement

■

When comp ete, c ck the CONTINUE button

6. On the Coupon Confirmat on page, c ck the My Safar button 7. On the My Safar page, ook at the Bookshe f area and c ck the t t e of the

book you want to access

xxviii

Introduction

How to Download the Online Edition to Your Computer In add t on to read ng the on ne ed t on of th s book, you can a so down oad t to your computer F rst, fo ow the steps n the preced ng sect on After Step 7, do the fo ow ng 1. On the page that appears after Step 7 n the prev ous sect on, c ck the

Extras tab 2. F nd “Down oad the comp ete PDF of th s book,” and c ck the book t t e

A new browser w ndow or tab w d a og box

open, fo owed by the F e Down oad

3. C ck Save 4. Choose Desktop and c ck Save 5. Locate the z p fi e on your desktop R ght-c ck the fi e, c ck Extract A , and

then fo ow the nstruct ons Introduction

xxix

Note If you have a problem with your voucher or access code, please contact

[email protected], or call 800-889-8969, where you’ll reach O’Reilly Media, the distributor of Microsoft Press books.

Acknowledgments As most peop e know, the creat on of a book s a co aborat ve process The nksta ned wretches who do the actua wr t ng are on y part of a arge and mu t ta ented team F rst, thanks to the numerous peop e at M crosoft who were of great ass stance Kev n Beares he ped us many t mes n ways from sma to very arge Thanks to Sean Dan e s of the SBS product group for more th ngs than we can remember Sean was the first ca whenever we needed someth ng beyond the ord nary Thanks to Jonas Svensson for be ng respons ve and effect ve when we needed bu ds and resources And much grat tude to the ent re SBS Product Group for g v ng us a great product and for pu ng out a the stops to get us what we needed They rea y went above and beyond Thanks to Greg Starks of Hew ett-Packard for h s support of the SMB commun ty, and n part cu ar h s support of our HP server when we needed t Of course, the peop e at M crosoft Press are the ones that rea y made the book poss b e In part cu ar sen or ed tor Ken Jones, project ed tor Laura Sackerman, and techn ca ed tor Andrew Edney, as we as Teresa E sey (product on ed tor), Sum ta Mukherj (vendor coord nator), Ron B odeau (compos tor), Rob Romano ( ustrator), and the rest of the product on team We owe a true debt to Roger LeB anc, who ed ted th s book w th a know ng and carefu hand It’s a much better book because of h s efforts Add t ona and s ncere thanks to R chard S ddaway for h s b og post on W ndows Server Backup and the PowerShe Snap- n for t And to Sean Wa br dge, SharePo nt MVP, whose he p n sort ng through the changes n how SharePo nt Foundat on 2010 behaved w th Web Parts was nd spensab e

xxx

Introduction

Errata We have made every effort to ensure the accuracy of th s book and ts companon content If you do find an error, p ease report t on our M crosoft Press s te at ore y com 1. Go to http://microsoftpress.oreilly.com 2. In the Search box, enter the book’s ISBN or t t e 3. Se ect your book from the search resu ts 4. On your book’s cata og page, under the cover mage, you w

see a st of

nks 5. C ck V ew/Subm t Errata

You w find add t ona nformat on and serv ces for your book on ts cata og page If you need add t ona support, p ease ema M crosoft Press Book Support at ms nput@m crosoft com P ease note that product support for M crosoft software s not offered through the addresses above

We Want to Hear from You At M crosoft Press, your sat sfact on s our top pr or ty and your feedback our most va uab e asset P ease te us what you th nk of th s book at http://www.microsoft.com/learning/booksurvey The survey s short, and we read every one of your comments and deas Thanks n advance for your nput!

Stay in Touch Let us keep the conversat on go ng! We are on Tw tter http://twitter.com/Microsoft

Introduction

xxxi

Part I

Preparation and Planning CHAPTER 1

Introduc ng W ndows Sma Bus ness Server 2011 1

CHAPTER 2

Understand ng 64-B t W ndows 9

CHAPTER 3

P ann ng Your SBS Network 19

CHAPTER 4

P ann ng Fau t To erance and Avo dance 45

CHAPTER 1

Introducing Windows Small Business Server 2011 T

here’s an oft-repeated story that the head of the U S Patent Office n 1899 dec ared that the office shou d be c osed because “Everyth ng that can be nvented has been nvented ” A as for the egend, Char es H Due never sa d anyth ng of the k nd Due was, n fact, a great be ever n the creat v ty of nventors He a so knew that evo ut onary change was every b t as va uab e as revo ut onary change In our t me, the evo ut on of M crosoft W ndows Sma Bus ness Server from ts ncept on to the atest vers on n 2011 has been an order y progress on of mprovements both arge and sma —and the tota d stance covered s mmense

Windows Small Business Server Editions W ndows Sma Bus ness Server s ava ab e n two ed t ons Standard and Essent a s The Standard ed t on s the vers on covered n th s book It’s the dea so ut on for sma bus nesses w th up to 75 users Note Windows Small Business Server Essentials is a new, first-server solution for

small businesses (up to 25 users) that can seamlessly integrate into online services such as Microsoft Office 365, cloud backup solutions, and cloud management solutions. It is expected to be released in the first half of 2011.

A so ava ab e s the W ndows Sma Bus ness Server Prem um Add-on, wh ch nc udes a second W ndows Server 2008 R2 cense and M crosoft SQL Server 2008 R2 techno og es

1

What’s New and Improved Probab y the best new “feature” n W ndows SBS 2011 s that t’s bu t on W ndows Server 2008 R2 You get a the advantages of W ndows Server 2011—h gh eve s of secur ty and contro over your network, soph st cated report and management too s, and enhanced access to ema , the Internet, and bus ness app cat ons—a n a s ng e, ntegrated, ow-ma ntenance package In add t on to great hardware and sca ng features and eas er v rtua zat on, you’ a so have ■

A stra ghtforward nterface des gned for sma bus nesses

■

An eas er nsta at on and m grat on process

■

Remote Access for s mp e access a most anywhere

■

A hea th-mon tor ng nfrastructure that ana yzes both server and c ent we -be ng

64-Bit Architecture

T

he major shift for Windows SBS Server from 2003 to 2008 was from 32-bit architecture to 64-bit. The 64-bit architecture continues in SBS 2011. When

Microsoft Exchange Server 2007 was released in a 64-bit version only, the shift was inevitable. It’s also a desirable shift. The 32-bit version of Windows was rapidly coming up against its own limitations. A 32-bit operating system is limited to 4 gigabytes (GB) of RAM (random access

memory). A 64-bit operating system can have up to 32 GB of RAM. That, in and of itself, is a significant difference. But the real difference is in the area of address space. Vastly increased amounts of address space help minimize the time spent swapping processes in and out of memory by storing more of those processes in RAM rather than on the hard disk. This, in turn, can increase overall program performance. A 32-bit computer works very well for most programs, however. For example, spreadsheet programs, web browsers, and word-processing programs will run at about the same speed on either a 32-bit or 64-bit computer. However, when you’re running a server and hosting multiple clients, a mail server, and shared applications and files, a 64-bit computer is much preferred. For more on how 64-bit architecture works, see Chapter 2, “Understanding 64-Bit Windows.”

2 CHAPTER 1


SBS Console When you nsta W ndows SBS 2011, you’ mmed ate y not ce that the nterface nc udes SBS Conso e (shown n F gure 1-1), a centra organ zat ona po nt from wh ch you can perform many adm n strat ve tasks assoc ated w th W ndows SBS

Figure 1-1 The W ndows SBS Standard Conso e

Note A shortcut to the console is automatically placed on the server desktop.

From Users And Groups at the top of the conso e w ndow, you can add users and groups as we as configure these objects S m ar y, c ck Network to add or remove computers, manage dev ces such as pr nters, and configure your Internet connect on and other network ng features Other areas of the conso e connect you to the too s for shared fo ders, backup, report generat on, and secur ty Chapter 17, “W ndows SBS Conso e vs Server Manager,” prov des more nformat on on the use of SBS Conso e

What’s New and Improved

CHAPTER 1

3

Remote Web Access Former y known as Remote Web Workp ace (RWW), the new Remote Web Access (RWA) has many p uses, a few of wh ch are ■

The ab ty to remote y access shared fo ders

■

Secure, anywhere access to your fi es and documents through any common web browser

■

The ab ty to connect to the PCs n your network and even run app cat ons from v rtua y any ocat on

■

A new nterface that adm n strators can reorgan ze w thout programm ng know edge

■

Fu Out ook Web Access (OWA) support

Chapter 20, “Manag ng Remote Access,” covers the new features and uses of Remote Web Access

Installation and Migration Whether you’re upgrad ng or nsta ng a new server, SBS 2011 Standard makes t s mp e In add t on to the fam ar W ndows nterface, you’ a so get ■

A much s mp fied setup procedure w th comp ete gu dance for configur ng the server, and the Internet and doma n configurat on for each connected PC

■

The ab ty to et users connect the r own PC—w thout requ r ng an adm n strator

■

Enhanced source server va dat on too s for better preparat on for m grat on

■

Automat c adm n strat on of your Internet doma n name

Insta at on deta s are n Chapter 5, “Insta ng Sma Bus ness Server 2011 ” The procedures for m grat on are n Chapter 7, “M grat ng to W ndows Sma Bus ness Server 2011 Standard ”

Data Protection Everyone agrees that the eas est way to protect your data s to back t up at frequent nterva s SBS 2011 makes th s chore a good dea eas er by conduct ng automat c, da y backups of every computer and server on the network Restorat on of nd v dua fi es, fo ders, or an ent re computer s fa r y eas y done us ng uncomp cated d saster recovery too s The fu story on sett ng up and us ng backup s found n Chapter 16, “Configur ng Backup ”

4 CHAPTER 1


Exchange Server 2010 SP1 SBS 2011 Standard features the powerfu new M crosoft Exchange Server 2010 SP1 W th th s upgrade from Exchange Server 2007, you’ have ■

The enhanced Out ook Web Access (OWA), wh ch m rrors M crosoft Office Out ook more c ose y than ever

■

The mproved Exchange Management Conso e for a s ng e p ace to manage a your ema tasks

■

Automat c detect on and repa r of corrupted ma boxes and databases

■

New features that he p users organ ze the r nboxes effic ent y

■

The ab ty to set retent on po c es and tags through a stra ghtforward nterface, and dep oyment opt ons for ro es and features

■

New arch v ng opt ons, such as defin ng when ema data exp res, dep oyment ru es, and how to prov s on persona arch ves to a d fferent database

■

New transport secur ty ru es to protect sens t ve bus ness nformat on

“Configur ng and Manag ng Ema ,” Chapter 18, covers Exchange Server 2010 SP1 and a aspects of ema

SharePoint Foundation Services 2010 SBS 2011 Standard features M crosoft SharePo nt Foundat on Serv ces 2010—the newest vers on of M crosoft W ndows SharePo nt Serv ces—w th features and capab t es that he p you co aborate secure y on ne—from any ocat on You’ have ■

An mproved Remote Web Access (forma y Remote Web Workp ace) that a ows you to share nterna documents, harmon ze ca endars, manage ssues, and part c pate n d scuss ons—no matter where you are

■

The ab ty to conso date ntranet s tes nto a s ng e on-prem ses ocat on

■

Qu ck methods for produc ng secure and s mp e so ut ons for your spec fic needs

■

Bu t- n mon tor ng, a erts, and adm n strat ve too s for SharePo nt

Us ng SharePo nt s covered n Chapter 23, “Custom z ng a SharePo nt S te ”

What’s New and Improved

CHAPTER 1

5

The other part t ons are child (somet mes ca ed guest) part t ons, each w th ts own operatng system, runn ng d rect y on the hyperv sor ayer W ndows Sma Bus ness Server 2011 Standard can run as a ch d part t on, but t can’t be used for the parent part t on We’ cover v rtua zat on and SBS 2011 n more deta n Chapter 6, “Configur ng SBS n Hyper-V ”

What Are the Challenges? So s mov ng to 64-b t a good and wonderfu ? Or do spec a cha enges need to be cons dered and dea t w th to make the trans t on eas er? Not surpr s ng y, the trans t on to 64-b t s not w thout some spec a concerns, nc ud ng dr ver, hardware, and software cons derat ons

Drivers Every dr ver for W ndows Sma Bus ness Server 2011 Standard must be 64-b t and must be a s gned dr ver Th s means that before you buy a server you need to ver fy that the manufacturer fu y supports 64-b t W ndows Server 2008 R2 If your env ronment nc udes other hardware, such as pr nters, wh ch are d rect y contro ed by SBS, you need to make sure that there are dr vers ava ab e for that hardware We’ cover how to configure SBS to support both 64-b t and 32-b t c ents for your pr nters n Chapter 13, “Insta ng and Manag ng Pr nters ” But f you’re buy ng one or more pr nters for your SBS network, ver fy that they have dr vers for 64-b t W ndows Server 2008 R2 ava ab e And f you’ve got egacy hardware or pr nters you need to ma nta n, ver fy that there are 64-b t dr vers ava ab e If not, cons der your opt ons for e ther rep ac ng them or prov d ng an add t ona 32-b t W ndows computer that can prov de access to the egacy hardware

Hardware and Software Considerations There are some genera hardware cons derat ons you shou d take nto account when mov ng to W ndows Sma Bus ness Server 2011, as we as some software cons derat ons that are spec fic to 64-b t W ndows One cons derat on you don’t have to worry about s whether you’re runn ng AMD or Inte processors There s fu b nary compat b ty between AMD’s AMD64 and Inte ’s EM64T, a ow ng W ndows Sma Bus ness Server 2011 to use the same b nary whether the under y ng processor s an AMD processor or an Inte processor

Server-Grade Hardware As we ment oned ear er, you need to make sure that any hardware you use w th your SBS 2011 network has the proper s gned dr vers ava ab e that support 64-b t W ndows Server 2008 R2 But t’s more than just dr vers Avo d choos ng ower consumer-grade hardware, espec a y pr nters Because you’re shar ng that pr nter across your ent re network, hav ng a better pr nter makes sound financ a sense and a so makes t eas er to support Many consumer-grade pr nters have no actua nte gence bu t n to the pr nter; nstead, they are ent re y dependent on the operat ng system to work Server-grade (a so referred to

What Are the Challenges?

CHAPTER 2

15

as bus ness-grade) pr nters support a fu pr nter contro anguage n the pr nter tse f, usua y e ther PCL or PostScr pt Hav ng a server-grade pr nter removes many of the compat b ty ssues assoc ated w th pr nter dr vers because even f there sn’t a perfect match for your pr nter, there w be one that s c ose Note All-in-one printer/fax/scanner devices present a particular challenge in 64-bit

Windows—very few of them have drivers that support all of their functionality. If you absolutely have to have this kind of device, you’ll probably have better luck connecting it to a centrally located personal computer.

32-Bit Software Compatibility SBS 2011 uses the W ndows On W ndows 64-b t (WOW64) subsystem to support 32-b t app cat ons runn ng on 64-b t W ndows The WOW64 subsystem prov des a h gh-performance, 32-b t W ndows env ronment that supports ex st ng 32-b t W ndows app cat ons Because of the under y ng hardware compat b ty of the x64 arch tecture, 32-b t app cat ons are ab e to run at fu speed n the WOW64 subsystem Because of the arger ava ab e memory address space and the greater effic enc es of the x64 processor arch tecture, many app cat ons actua y run faster n WOW64 than they do n 32-b t W ndows WOW64 so ates 32-b t app cat ons from 64-b t app cat ons, but t prov des for nteroperab ty and data exchange across the boundary through the Common Object Mode (COM) and remote procedure ca (RPC) and through transparent cut and paste WOW64 runs 32-b t app cat ons seam ess y wh e prevent ng fi e and reg stry co s ons between 32-b t and 64-b t vers ons of an app cat on An mportant WOW64 m tat on s that 32-b t app cat ons cannot oad 64-b t DLLs, and 64-b t app cat ons cannot oad 32-b t DLLs Th s means that 32-b t Act veX contro s, for examp e, cannot be run n the 64-b t vers on of Internet Exp orer, and th s s why 32-b t and 64-b t vers ons of Internet Exp orer are both nc uded w th a 64-b t vers ons of W ndows The 32-b t vers on s the defau t Another m tat on s that 32-b t DLLs that prov de context-sens t ve menu extens ons to W ndows Exp orer don’t work They must be rewr tten to run nat ve y n 64-b t

Legacy Software in 64-Bit Windows Runn ng egacy software n 64-b t W ndows ra ses some spec a concerns The vast major ty of 32-b t software w work w thout ssue n the WOW64 subsystem The on y rea except ons to th s are app cat ons that have spec a zed dr vers, such as ant v rus software, d sk defragmentat on ut t es, and so on These genera y use spec a fi e system dr vers Check w th your software vendor—many prov de updated vers ons that work we w th 64-b t W ndows

16 CHAPTER 2


What won’t work are 16-b t or MS-DOS app cat ons There s no support at a n any 64-b t vers on of M crosoft W ndows for 16-b t app cat ons Nor s there any support for pure DOS app cat ons (Th s does not mean that app cat ons wr tten to run from the command ne won’t work Just not o der MS-DOS app cat ons such as DOS Ed t, or one of our favor tes, Vern Buerg’s L st ) So, what’s the best way to hand e an app cat on that doesn’t run n 64-b t W ndows? We find v rtua zat on to be a great so ut on Create a v rtua mach ne (VM) that runs a 32-b t vers on of W ndows, and use that VM to run your ncompat b e app cat on If you’re runn ng SBS 2011 v rtua zed a ready, creat ng a sma VM for th s s no prob em If you’re runn ng SBS 2011 Standard Ed t on on a phys ca host, however, you have to run the VM on another host because SBS 2011 doesn’t support enab ng the Hyper-V ro e If you have the W ndows Sma Bus ness Server 2011 Prem um Add-On, you a ready have a perfect p ace to enab e Hyper-V See Chapter 6 for more deta s on sett ng up and configur ng v rtua mach nes us ng Hyper-V

What About Clients? SBS 2011 prov des fu support for 64-b t W ndows c ents That sa d, the need for 64-b t at the c ent eve s st far ess compe ng than t s for servers 32-b t W ndows s qu te adequate for the vast major ty of desktop and aptop computers used n bus ness today The except ons to th s are deve opment workstat ons, draw ng and computer-a ded des gn (CAD) workstat ons, or other spec a zed workstat ons used for memory- ntens ve app cat ons that need to address greater than 4 GB of RAM The 64-b t bus ness vers ons of W ndows 7, W ndows V sta, and W ndows XP support up to 128 GB of RAM and two phys ca processors If you have spec a zed needs for very arge RAM workstat ons, 64-b t s defin te y the way to go But most users w find 32-b t W ndows suffic ent, though th s s defin te y chang ng as the ava ab ty of desktop computers w th 8 GB and even 12 GB of RAM become more common Tab e 2-3 shows the support matr x for processors and RAM n W ndows Note Although you can run Windows XP Professional x64 Edition (XP x64) as a client op-

erating system in an SBS 2011 network, it is not a fully supported scenario. Certain wizards, including the Connectcomputer Wizard, will not work in XP x64.

What About Clients?

CHAPTER 2

17

Servers Use Network Operating Systems Because SBS 2011 has to supply services to as many as 75 users, and you’re depending on it to run your business, a high-powered, robust operating system and highly reliable hardware are essential. When your users rely on a server to get their work done and keep your business running, you certainly don’t want frequent failures— you don’t even want to reboot! In addition to supplying print, file, or other services, the network operating system has to provide network security. Different businesses and organizations have varying security needs, but all must have some level of data protection. Therefore, the system must offer a range of configurable security levels, from the relatively nonintrusive to the very stringent.

Clients Use Workstation Operating Systems Like other computers, client computers on a network need an operating system. However, a client operating system doesn’t need to manage the resources for other computers or manage security for the network. Rebooting a workstation can be an annoyance for the user but doesn’t usually disrupt anyone else’s work. On a Windows Small Business Server network, clients can run Microsoft Windows XP Professional (including Windows XP Tablet PC Edition and Windows XP Professional x64 Edition) and business editions of Windows Vista or Windows 7. However, for best performance and security, Windows Vista SP1 or Windows 7 should be deployed on clients.

Determining Your Needs Before des gn ng a network, dec de wh ch features of SBS 2011 your bus ness needs; do ng so he ps ensure that the network des gn s d ctated by bus ness needs rather than by fancy techno ogy Key needs to cons der nc ude ■

Centra zed user account management

■

Centra zed update management

■

Web and ema access for emp oyees

■

F e shar ng and centra zed fi e storage

■

Database storage us ng M crosoft SQL Server

■

Pr nter shar ng

■

Centra zed backup

■

Centra zed fax server

Planning the Network Infrastructure

CHAPTER 3

21

■

Remote access to the nterna network v a the Internet, nc ud ng remote access d rect y to the user’s desktop from the web

■

Management of remote computers

■

Co aborat on and document management (SharePo nt Foundat on 2010)

You a so must dec de how mportant the fo ow ng factors are, as we as what resources are ava ab e to support your cho ces ■

Performance

■

Re ab ty

■

Secur ty

Planning Get a thorough idea of what kind of work will be done on the network,

when and where it will be done, and by whom. For example, your organization might need to do payroll every other Friday, during which time the file server and printers are under a heavy load.

Choosing an Internet Connection To choose an Internet connect on method, you must ba ance an organ zat on’s bandw dth needs and budget aga nst the ava ab e Internet connect on methods The fo ow ng sect ons d scuss how to do th s, as we as how to choose an Internet serv ce prov der (ISP)

Determining Bandwidth Needs F rst, determ ne the base ne eve of bandw dth you requ re You can then ba ance th s aga nst the organ zat on’s budget and performance goa s A ow for 100 k ob ts per second (Kbps) of down oad bandw dth and 50 Kbps of up oad bandw dth for each s mu taneous user of ema and the web If remote access s mportant, a ow for a m n mum of 100 Kbps of up oad bandw dth for each s mu taneous remote access user Tab e 3-1 sts var ous Internet connect on speeds and the number of users supported for each speed, assum ng that users w be brows ng the web and us ng ema Th s tab e does not nc ude requ rements for remote connect ons Important Running an Internet-accessible web server on your network requires at

least 50 Kbps or more of upload bandwidth per simultaneous visitor, depending on the size of images or files. This can quickly swamp your Internet connection, which is one reason most small businesses pay for web hosting.

22 CHAPTER 3


Choosing ISPs After determ n ng the preferred connect on type and bandw dth, t’s t me to actua y find ISPs Two webs tes to check are http://www.cnet.com/internet-access and http://www .dslreports.com. In add t on to speed and cost, ook for the fo ow ng features ■

Static IP address To host any k nd of Internet-access b e serv ce such as ema , M crosoft Out ook Anywhere, remote access, or webs tes, you need a stat c IP address or an ISP that supports the Dynam c DNS serv ce, or you need to manage your externa DNS w th a DNS serv ce that supports dynam c updates, such as http://www.zoneedit.com SBS 2011 nc udes support for tzo com dynam c DNS f you use the bu t- n w zards to reg ster or transfer your doma n name

■

Terms of service and ports Many ISPs have terms of serv ce (TOS) on consumergrade accounts that proh b t host ng ema servers, or they have a po cy that b ocks spec fic ports such as port 25 You need to ask before you buy

■

Transfer limitations If the ISP has a month y data transfer m t, make sure the m t sn’t ower than your ant c pated usage—charges for go ng beyond the m t can be s gn ficant

■

Web hosting If you want the ISP to host the organ zat on’s Internet webs te, ook for v rtua host ng (so that your organ zat on can use ts own doma n name) w th enough d sk space on the ISP’s web servers

■

Backup Internet connection If your bus ness s dependent on a ways be ng connected to the Internet, choose a secondary Internet connect on w th suffic ent bandw dth to a ow you to ma nta n m n ma serv ce n case the pr mary Internet connect on fa s Th s second Internet connect on shou d use a d fferent ISP and a d fferent connect on techno ogy You can use a dua WAN router to use both connect ons s mu taneous y

Choosing a Network Type The next step n des gn ng a network s to choose a network type (See Tab e 3-3 ) Start by ook ng at where your computers are phys ca y ocated If you can eas y run cab e between a computers, the cho ces are s mp e G gab t Ethernet (G gE) or Fast Ethernet (100BaseT) Choose G gE f your w r ng supports t; otherw se, st ck to Fast Ethernet If you’re nsta ng new cab ng, h re a profess ona cab ng expert Spend ng money on good w r ng now can save you a lot of prob ems n the future If the computers are w de y scattered or mob e, cons der nc ud ng some w re ess access points (APs) These are network dev ces that perm t w re ess c ents access to a w red network Even Fast Ethernet s v rtua y as fast as the rea -wor d speeds of the fastest current w re ess standard (802 11n), wh e be ng far more re ab e, more secure, and cheaper as we For these reasons, use w re ess networks to supp ement w red networks, not to rep ace them


CHAPTER 3

25

Best Practices Avoid the consumer-focused HomePNA and HomePlug network types.

They’re more expensive, slower, less secure, and less reliable than Ethernet or a properly configured 802.11a/b/g/n wireless network.

Choosing the Right Network Cable Choos ng the r ght cab e for a w red Fast Ethernet (100 Mbps) network s easy—Cat 5 cab e However, there are except ons to th s ru e that perta n to ex st ng nsta at ons and new construct on Cab es n an ex st ng network m ght not be usab e 10-megab t Ethernet equ pment m ght be usab e for sma networks unt t can be rep aced, but expect to rep ace t soon—you’ find t s ow Coax a (th nnet) Ethernet and Cat 3 Unsh e ded Tw sted Pa r (UTP) cab es are unre ab e and s ow and shou d be rep aced New construct on shou d run severa strands of Cat 5e or, dea y, Cat 6 A though Cat 5 cab e can be used w th G gab t Ethernet, t s marg na at best Cat 5e and Cat 6 cab es are more re ab e and prov de headroom for poss b e 10-G gab t Ethernet standards Cab es shou d converge at a reasonab y c ean, centra y ocated w r ng c oset w th adequate power, vent at on, and secur ty for a servers and network dev ces (Be sure to eave room for future growth ) Sh e ded Cat 5, Cat 5e, and Cat 6 cab es are ava ab e for s tuat ons that potent a y nvo ve h gh eve s of e ectromagnet c nterference (such as antennas) You shou d use p enum-grade cab e any t me w r ng s p aced n a drop ce ng (Before runn ng cab e n a drop ce ng, ta k to the bu d ng manager )

Choosing a Wireless Standard: 802.11a/b/g/n Current y, you can choose from four w re ess standards 802 11b, 802 11a, 802 11g, and 802 11n Here’s what you need to know about each (a so refer to Tab e 3-3) ■

802.11b 802 11b was the first w de y dep oyed standard, though the speed was m ted (11 Mbps theoret ca ; 5 Mbps or even ess n the rea wor d) 802 11b supports a max mum of 32 users per AP, and a max mum of 3 s mu taneous channe s n use n the same ocat on Channels separate w re ess networks, w th each channe prov d ng 11 Mbps of bandw dth You shou d not buy new equ pment that supports on y 802 11b, and f you current y have 802 11b equ pment, you shou d upgrade t to 802 11n There are ser ous secur ty cons derat ons w th o der w re ess hardware that prec ude t from be ng dep oyed n a bus ness env ronment


CHAPTER 3

27

■

802.11g 802 11g s faster than 802 11b (54 Mbps theoret ca ; 13 Mbps rea -wor d) and backward-compat b e w th 802 11b 802 11g supports a max mum of 32 users per AP, and a max mum of 3 s mu taneous channe s n use n the same ocat on

■

802.11a 802 11a s faster than 802 11g (54 Mbps theoret ca ; 19 Mbps rea -wor d) and s more to erant of m crowave nterference and network congest on because t uses the 5 GHz frequency band 802 11a supports a max mum of 64 users per AP, and a max mum of 8 channe s n use s mu taneous y n the same ocat on 802 11a s not compat b e w th e ther 802 11b or 802 11g If you dec de to use 802 11a network dev ces, st ck w th dev ces from the same vendor and cons der a tr -mode 802 11a/b/g dev ce that w a ow other dev ces, such as aptops w th bu t- n 802 11b/g connect v ty, to work on the w re ess network (Th s strategy a so perm ts the h ghest network dens ty, w th 11 channe s ava ab e s mu taneous y for w re ess networks )

■

802.11n 802 11n s faster than 802 11g (up to 540 Mbps theoret ca ; 100–130 Mbps rea -wor d) and backward-compat b e w th 802 11g and 802 11b Most 802 11n equ pment s n the same frequency band (2 4 GHz) as 802 11b/g, but the standard supports dua -band equ pment that can a so use the 5-GHz range of 802 11a Th s dua -band equ pment prov des the greatest flex b ty and compat b ty and s espec a y good at avo d ng nterference from other equ pment Choos ng dua -band equ pment from a s ng e OEM s the safest cho ce for compat b ty at the h ghest speeds If you’re buyng new w re ess equ pment, we strong y recommend 802 11n and prefer dua -band 802 11n where poss b e

Choosing Network Devices After se ect ng a network type and Internet connect on method, create a network d agram to v sua y show wh ch network dev ces are needed Then se ect the necessary dev ces for the network, such as sw tches, w re ess access po nts, firewa s, and network adapters Best Practices Choose a single brand of network hardware if possible. This ensures

greater hardware compatibility, simplifies administration, and makes obtaining vendor support easier.

28 CHAPTER 3


■

Firewall The DSL or cab e modem s then p ugged nto the firewa , wh ch shou d be a router or firewa Some modems are comb ned w th bu t- n routers that have bas c firewa capab t es Consumer routers or DSL modems are not suffic ent protect on for a bus ness network

■

Perimeter network Th s s an opt ona area of the network between the DSL or cab e modem and the firewa , where ow-secur ty dev ces such as w re ess access po nts can be p aced

■

Internal network The nterna network nc udes the SBS computer, the c ent computers, and any network-connected dev ces, such as pr nters

Planning Wireless access points should be on the internal network and use 802.11i

(WPA2) encryption. You can also place access points in the perimeter network when you want to provide Internet access to the general public (such as in a coffee shop, conference room, or lobby).

Choosing a Network Switch Ethernet networks use the star network topo ogy (a so known as hub and spoke), wh ch means that a network dev ces must be p ugged nto a centra hub or sw tch Choos ng the r ght sw tch requ res eva uat ng the fo ow ng factors ■

Switch or hub Don’t buy a hub un ess you have a spec a zed need and understand why you’re do ng t Get a sw tch nstead Sw tches are nexpens ve, prov de add t ona performance, and fac tate m x ng 10 Mbps, 100 Mbps, and 1 Gbps dev ces on the same network segment

■

Number of ports Make sure that the sw tch prov des more than enough ports for a computers, access po nts, network pr nters, and Network Attached Storage (NAS) dev ces on the network, a ong w th spare ports for expans on or to use n the event of a port fa ure

■

Speed Fast Ethernet (100/10 Mbps) sw tches offer bas c performance for sma bus nesses, but G gE (1000/100/10 Mbps) sw tches are hard y d fferent n pr ce and prov de extra bandw dth for mproved performance of fi e servers and h gh-qua ty stream ng v deo where the network cab ng w support t

■

Management Managed sw tches prov de the ab ty to v ew the status of attached dev ces from a remote connect on, wh ch can be usefu for off-s te techn c ans In genera , save the cash and st ck w th an unmanaged sw tch un ess the cost d fference s s ght or the organ zat on uses an off-s te consu tant who wants the ab ty to remote y adm n ster sw tches

30 CHAPTER 3


Choosing Wireless Access Points As you earned ear er n the chapter, w re ess access po nts perm t c ents to w re ess y connect to a w red network Access po nts are often ntegrated nto routers, but they are a so ava ab e as stand-a one dev ces that must be p ugged nto a sw tch ke any other network dev ce Avo d w re ess “gateway” or router products for connect ng to your nterna network— they w comp cate your network management and TCP/IP configurat on They’re fine for externa y connected w re ess access po nts Some w re ess routers can be reconfigured to be s mp e access po nts Note Business-grade access points are more expensive than consumer-oriented access

points; however, they are usually more reliable and full-featured.

When choos ng an access po nt, cons der the fo ow ng features ■

Routers w th bu t- n access po nts are often no more expens ve than stand-a one access po nts and are usefu when creat ng a per meter network But be sure they can be used as a pure access po nt—many can funct on on y as a router, wh ch w comp cate your network setup

■

Access po nts shou d support 802 11 (WPA2) WEP s s mp y not acceptab e for any w re ess dev ce connected to your nterna network, and even WPA shou d not be cons dered suffic ent protect on for an nterna y connected access po nt

■

Access po nts shou d support 802 1x (RADIUS) authent cat on f you want to prov de the h ghest eve of secur ty and ease-of-use to a w re ess network SECURITY ALERT Two “features” that some suggest to improve wireless security are

disabling of SSID broadcasts and Media Access Control (MAC) address filtering. Don’t bother. They are a significant and ongoing administrative burden, and a hacker with a port scanner can easily defeat them anyway.

■

Some access po nts have two or more antennas that can be adjusted for better coverage; others support externa antennas that can be mounted on a wa for better p acement

■

Stand-a one w re ess br dges (often referred to as wireless Ethernet bridges) and some access po nts prov de the ab ty to w re ess y br dge (connect) two w red networks that can’t be connected v a cab es There are a number of d fferent types of br dgng modes, nc ud ng Po nt-to-Po nt and AP C ent Po nt-to-Po nt uses two w re ess br dges to nk two w red networks AP C ent uses an AP on the ma n network (to wh ch w re ess c ents can connect) and a w re ess br dge n AP C ent mode on the remote network segment, act ng as a w re ess c ent


CHAPTER 3

31

is a reasonable maximum, with an average of no more than two to four simultaneously active users per AP yielding the best network performance. ■

Use wireless bridges to place another Ethernet network segment (or another wireless access point) in a location unreachable by cables. Wired clients on this segment communicate with other wired devices on this segment at the speed of the wired network (1000/100/10 Mbps); however, communication with the main network segment takes place at the speed of the wireless network (10–100 Mbps real-world bandwidth).

■

When selecting channels for access points, sniff (search by using a wireless client) for the presence of other networks and then choose an unused channel, preferably one that is four or more channels separated from other channels in use. For example, channels 1, 6, and 11 can be used simultaneously without interference.

Choosing a Firewall Device or Router SBS 2011 s des gned to connect d rect y to a firewa and does not prov de any d rect protect on for the rest of the SBS network Th s s a major change from ear er vers ons of SBS that acted as the gateway between the Internet and the nterna network when SBS was dep oyed w th two network cards (NICs) W ndows Sma Bus ness Server 2011 Standard nc udes the new W ndows F rewa that s part of W ndows Server 2008 R2 to protect the server, but t shou d be protected by an add t ona , separate firewa that w a so act to protect the computers on the nterna network You shou d ook for the fo ow ng features on your network firewa dev ce ■

Packet filtering F rewa s shou d support nbound packet fi ter ng and Statefu Packet Inspect on (SPI)

■

Protection from specific attacks F rewa s shou d support protect on from the den a -of-serv ce (DoS) attacks and other common attacks such as P ng of Death, SYN F ood, LAND Attack, and IP Spoofing

■

Network Address Translation (NAT) NAT s the backbone of most firewa dev ces, prov d ng bas c secur ty and Internet connect v ty to nterna c ents

■

IPv6 Support As IPv6 becomes more pervas ve, and as our poo of ava ab e IPv4 addresses approaches exhaust on, the need to d rect y support IPv6 for our Internet connect on becomes more compe ng Choos ng a firewa dev ce that fu y supports IPv6 now w save money and t me ater

■

VPN pass-through To perm t proper y authent cated Internet users to estab sh VPN connect ons w th a W ndows Sma Bus ness Server computer beh nd a firewa , the firewa must support VPN pass-through of the des red VPN protoco (PPTP, L2TP, and/or IPSec)


CHAPTER 3

33

■

VPN tunnels Some firewa dev ces prov de d rect support for estab sh ng VPN connect ons If you do choose to use a firewa dev ce to estab sh VPN connect ons w th c ents and servers n remote offices, make sure the firewa supports the necessary number of s mu taneous VPN tunne s

■

UPnP support W ndows Sma Bus ness Server can automat ca y configure firewa s that support Un versa P ug and P ay (UPnP) to work w th W ndows Sma Bus ness Server serv ces such as Exchange Server and remote access (by open ng the necessary ports on the firewa ) UPnP support can be found n most consumer firewa dev ces as we as n some bus ness firewa s Note Enabling UPnP on a dedicated firewall device makes configuring the device to

work with Windows Small Business Server easy, but it does have security implications. We suggest using UPnP to do the initial setup of the firewall device, if the device supports it, but then disabling UPnP completely. ■

Dual-WAN support Some firewa s come w th support for two WAN connect ons to ncrease speed and re ab ty, wh ch s a great so ut on for networks ook ng for a re ab e Internet connect on Other firewa s prov de a ser a port so that an externa d a up modem can be used as a backup connect on, but th s connect on s much s ower

■

RADIUS support RADIUS support on your firewa w enab e add t ona funct ona ty and secur ty, nc ud ng eas y ntegrat ng Two Factor Authent cat on (TFA) nto your remote access configurat on

■

Content filtering Most firewa s make b ock ng certa n webs tes poss b e, such as webs tes conta n ng spec fied keywords Many bus nesses use th s feature to reduce the emp oyees’ ab ty to v s t object onab e webs tes, a though most content fi ters are arge y neffect ve

■

Built-in wireless access point F rewa s w th bu t- n access po nts and sw tched, G gE, w red ports comb ne severa funct ons and can be a cost-effect ve so ut on However, the r pr mary funct on s to protect the network, and that shou d be the first and most mportant eva uat on cr ter on

Choosing Server Hardware If you have a server that can meet the capac ty needs of the network or can be upgraded to do so wh e a ow ng for future growth, by a means use th s server But rea st ca y, because there s no n-p ace upgrade to W ndows Sma Bus ness Server 2011 Standard, you shou d p an on buy ng a new server as part of your m grat on p an More Info See Chapter 7, “Migrating to Windows Small Business Server 2011 Standard,”

for more information about migrating to SBS 2011 from an existing SBS domain.

34 CHAPTER 3


Although it is technically possible to change your public name, it’s neither easy nor painless, and it’s virtually impossible to change your internal name without having to completely rebuild your network from scratch. So it’s worth spending time up front to make sure you’re choosing a name that is appropriate and has the support of all parties. Another possibility is to choose a completely generic name for your internal domain that has nothing whatsoever to do with your company name. This works great if you change your public name because nothing has to change on your network. But it’s not an approach we like. We’ve always preferred naming based on the company name—it’s just easier for everyone to understand and remember.

Naming Computers It’s easy for you to keep a map of what the d fferent c ents and servers are ca ed and where they are on the network, but f you make fe hard on users, you pay n the ong run So namng a the computers after Shakespearean characters or Norse gods m ght make sense to you, but t sn’t go ng to he p users figure out that Puck s the W ndows Sma Bus ness Server computer and Od n s the desktop used for payro On the other hand, us ng Srv1 for the SBS server te s everyone mmed ate y wh ch computer t s When nam ng computers, use a cons stent convent on and sens b e names, such as the fo ow ng ■

SRV1 or SBSSRV for the W ndows Sma Bus ness Server 2011 Standard computer

■

FrontDesk for the recept on st’s computer

In th s book, we’ be us ng a somewhat more comp cated nam ng convent on that dent fies the phys ca host computer, the ro e of the computer, and the IP address of the computer Thus our SBS server s hp160-SBS2011, s gn fy ng that t’s runn ng on the Hew ett-Packard DL 160 G6 server, and that t’s runn ng W ndows Sma Bus ness Server 2011 Standard There are severa v rtua mach nes runn ng on that HP server, so t gets a fa r workout Our nam ng convent on s more comp cated than most sma bus nesses need, but t serves our needs where we are cont nua y bu d ng and rebu d ng test env ronments for wr tng projects U t mate y, t doesn’t matter what you name your computers, as ong as everyone understands the convent on and can find the resources they need

Choosing Naming Conventions

CHAPTER 3

39

Planning for Security It s far eas er to mp ement effect ve secur ty measures to protect your SBS network f you p an for secur ty before you actua y start nsta ng software In the fo ow ng sect ons, we’ cover some of the most common attack vectors and the pre m nary steps you can take n th s p ann ng stage to prepare your defenses ■

Careless or disgruntled employees and former employees Interna users and former users are the b ggest r sk factors to data oss and data theft on most computer networks Whether from az ness, d sregard of secur ty po c es, or outr ght ma ce, the nterna user s often the most dangerous on your network To he p reduce r sks re ated to th s, refer to the “Ensur ng Phys ca Secur ty” sect on of th s chapter as we as to Chapter 8, “Comp et ng the Gett ng Started Tasks ”

■

Internet hackers A computers and dev ces attached d rect y to the Internet are subject to random attacks by hackers Accord ng to the Cooperat ve Assoc at on for Internet Data Ana ys s (CAIDA), dur ng a random three-week t me per od n 2001 more than 12,000 DoS attacks occurred 1200–2400 were aga nst home computers and the rest were aga nst bus nesses If your organ zat on has a h gh profi e, t m ght a so be subject to targeted attack by hackers who don’t ke your organ zat on or who are engag ng n corporate esp onage For more nformat on about secur ng a network aga nst Internet hackers, see the “Secur ng Internet F rewa s” sect on of th s chapter

■

Wireless hackers and theft of service W re ess access po nts are exposed to the genera pub c ook ng for free Internet access and to mob e hackers To reduce th s r sk, refer to the “Secur ng W re ess Networks” sect on n th s chapter

■

Viruses and worms Networks are subject to v rus exposure from ema attachments, nfected documents, and worms such as CodeRed and B aster that automat ca y attack vu nerab e servers and c ents Refer to the “Secur ng C ent Computers” sect on of th s chapter for more nformat on

Ensuring Physical Security A though secur ty s not someth ng that can be ach eved n abso ute terms, t shou d be a c ear y defined goa The most secure operat ng system and network n the wor d s defenseess aga nst someone w th phys ca access to a computer Eva uate your phys ca env ronment to dec de what add t ona secur ty measures you shou d take, nc ud ng the fo ow ng ■

P ace servers n a ocked server room And contro who has keys!

■

Use case ocks on your servers, and don’t eave the keys n them

■

P ace network hubs, routers, and sw tches n a ocked cab e room or w r ng c oset

■

Insta case ocks on c ent systems or pub c y access b e systems

40 CHAPTER 3


■

Use aptop ocks when us ng aptops n pub c

■

Use B tLocker to encrypt the data on aptops that conta n sens t ve data

Securing Client Computers Even a h gh y secure network can be qu ck y comprom sed by a poor y secured c ent computer—for examp e, a aptop runn ng an o der vers on of W ndows w th sens t ve data stored on the hard dr ve To max m ze the secur ty of c ent computers, use the fo ow ng gu de nes (refer to Chapter 8, “Comp et ng the Gett ng Started Tasks,” and Chapter 14, “Manag ng Computers on the Network,” for more secur ty procedures) ■

Use a secure operating system Use W ndows V sta or W ndows 7 on a c ent computers, w th a strong preference for W ndows 7 on aptops

■

Use NTFS, file permissions, BitLocker, and EFS Use NTFS for a hard dr ves, and app y appropr ate fi e perm ss ons so that on y va d users can read sens t ve data Encrypt sens t ve fi es on aptop computers us ng the Encrypt ng F e System (EFS), and encrypt at east the system dr ve on aptops us ng B tLocker (B tLocker s ava ab e on y on Enterpr se and U t mate vers ons of W ndows V sta and W ndows 7 )

■

Keep clients updated Use the Automat c Updates feature of W ndows to keep systems updated automat ca y Idea y, use the W ndows Software Update Serv ce (WSUS), ntegrated nto SBS 2011, to centra y contro wh ch updates are nsta ed, as descr bed n Chapter 15, “Manag ng Software Updates ”

■

Enable password policies Password Po c es s a feature of SBS 2011 that requ res user passwords to meet certa n comp ex ty, ength, and un queness requ rements, ensur ng that users choose passwords that aren’t tr v a to crack Note Remembering passwords has become an increasingly difficult prospect, leading

to the resurgence of the yellow-sticky-note method of recalling them. It’s important to discourage this practice, and encourage the use of distinctive but easy-to-remember passphrases. See the Under The Hood sidebar “Beyond Passwords—Two-Factor Authentication” for an alternative to annoyingly complex passwords. ■

Install antivirus software Ant v rus software shou d be nsta ed on the SBS 2011 computer as we as on a c ents The best way to do th s s to purchase a sma bus ness ant v rus package that supports both c ents and the server There are good th rd-party so ut ons spec fica y des gned for the SBS market from severa vendors

■

Install antispyware software Ant spyware software shou d be nsta ed on a c ent computers on the network and configured for rea -t me mon tor ng and da y fu scans

■

Keep web browsers secure Unpatched web browsers are a s gn ficant secur ty ssue A ways keep web browsers updated w th the atest secur ty updates

Planning for Security

CHAPTER 3

41

Securing Wireless Networks W re ess networks us ng the 802 11b, 802 11a, 802 11g, and 802 11n standards are very conven ent but can a so ntroduce s gn ficant secur ty vu nerab t es f not proper y secured To proper y secure w re ess networks, fo ow these recommendat ons ■

Change the defau t password of a access po nts

■

Change the defau t SSID P ck a name that doesn’t revea the dent ty or ocat on of your network

■

Enab e 802 11 (WPA2) encrypt on on the access po nts

■

If the access po nts don’t support WPA2-Enterpr se, don’t use them on your nterna network Note WPA2 provides two methods of authentication: an “Enterprise” method that

makes use of a RADIUS server, and a “Personal” method known as WPA2-Personal that uses a Pre-Shared Key (PSK) instead of a RADIUS server.

■

D sab e the ab ty to adm n ster access po nts from across the w re ess network

For more on configur ng and protect ng w re ess networks, see Chapter 19, “Manag ng Loca Connect v ty ”

Securing Internet Firewalls Most externa firewa dev ces are secure by defau t, but you can take some add t ona steps to max m ze the secur ty of a firewa ■

Change the defau t password for the firewa dev ce! We know th s seems obv ous, but unfortunate y, t s a too often gnored

■

D sab e remote adm n strat on, or m t t to respond ng to a s ng e IP address (that of your network consu tant)

■

D sab e the firewa from respond ng to Internet p ngs OK, we adm t th s s controvers a It’s certa n y a best pract ce, but t can a so make troub eshoot ng a connect v ty ssue remote y a ot harder

■

Enab e Statefu Packet Inspect on (SPI) and protect on from spec fic attacks, such as the P ng of Death, Smurf, and IP Spoofing

■

Leave a ports on the firewa c osed except those needed by the SBS 2011 server

■

Regu ar y check for open ports us ng trusted port-scann ng s tes We use http://www. dslreports.com.

■

Requ re two-factor authent cat on for a access to the firewa

■

Keep the firewa updated w th the atest firmware vers ons, wh ch are ava ab e for down oad from the manufacturer’s webs te

Planning for Security

CHAPTER 3

43

Summary In th s chapter, we covered how to des gn or prepare a network pr or to nsta ng W ndows Sma Bus ness Server 2011 Standard We a so covered bas c nam ng convent ons and how to p an for adequate network secur ty The next chapter covers p ann ng for fau t to erance and fau t avo dance on your SBS network to he p you bu d a re ab e SBS network that can support your bus ness

44 CHAPTER 3


CHAPTER 4

Planning Fault Tolerance and Avoidance E

ven the most opt m st c system adm n strator knows that sooner or ater she or he w be faced w th a major prob em We’ cover prepar ng for d sasters n depth n Chapter 28, “D saster P ann ng,” and you shou d refer to that chapter for nformat on on how to prepare for major prob ems and bu d a d saster recovery p an to respond qu ck y and effic ent y to major troub e But as exh arat ng as t may be to work through a major prob em and successfu y recover from t, t’s far better to avo d major prob ems as much as poss b e Th s chapter focuses on the hardware and software too s that he p you to bu d a h gh y ava ab e and fau t-to erant M crosoft W ndows Sma Bus ness Server (SBS) env ronment Remember, however, that hardware and software are on y a sma part of the equat on—bu d ng and dep oy ng for fau t to erance requ res t me, a c ear understandng of the necessary tradeoffs, and—most mportant—d sc p ne Yes, you can avo d most computer downt me, but you’ need to be rea st c about what your resources are and what you can reasonab y afford to spend Because SBS does not support c uster ng (a though we’ cover an nterest ng workaround us ng v rtua zat on n Chapter 6, “Configur ng SBS n Hyper-V”), your opt ons for h gh ava ab ty are somewhat m ted However, you can st take some mportant steps to mprove your ava ab ty and fau t to erance Your pr mary focus needs to be on bu dng fau t to erance nto your server and network nfrastructure Bu d ng fau t-to erant systems doesn’t come w thout costs, n both effort and money In th s chapter, we’ try to he p you make nformed dec s ons about where to most costeffect ve y bu d fau t to erance nto your SBS env ronment, wh e mak ng the best use of your current resources To use th s nformat on, you shou d have a c ear understand ng of the bus ness needs you’re try ng to reso ve, and a rea st c assessment of the resources ava ab e to meet those requ rements When p ann ng for a h gh y ava ab e and fau t-to erant dep oyment, you shou d cons der a po nts of fa ure and work to e m nate any s ng e po nt of fa ure Redundant power supp es, dua -d sk contro ers, mu t p e network nterface cards, and fau t-to erant d sk arrays such as redundant array of ndependent d sks (RAID) are a strateg es you can and shou d emp oy

45

Dust is the enemy of your server—it will impede cooling and can actually short out electrical components. Server rooms should not have carpeting. And remove any printers from the area—printers are dust generators. All too often, the spare parts end up jammed into a bin or shoved onto an upper shelf with inadequate or nonexistent identification. If your network is down and you need a power supply to get it back up, you don’t want to be pawing through a jumble of spare parts looking for the right power supply. Make every effort to develop a single, central, secure location for all spare parts. At least then you have only a single place to search. Then make sure the manufacturer’s part number is visible, and clearly label the computer or computers each part is for. Protect the part from dust and spilled coffee by keeping it in a sealed plastic storage bag. We like to tape a list of the manufacturer’s part numbers, details of the installed hardware, and the list of spare parts we have right inside the case cover of the server itself. It’s easy to find and doesn’t end up getting lost. It does you no good to have a spare power supply if you can’t find it or don’t know you have it. And don’t forget to include the location of any special tools required. It never ceases to amaze us how many different and apparently unique screwdriver bits we need to get into our various computers! We started our toolkit with an inexpensive computer toolkit, and we add tools to it as needed.

F na y, pract ce! If you’ve never rep aced a power supp y before, and you don’t have c ear and deta ed nstruct ons, t w take you orders of magn tude onger to rep ace t when the server s down and everyone s ye ng and the phone keeps r ng ng By pract c ng the rep acement of the power supp es n your cr t ca hardware, you’ save t me and reduce the stress nvo ved Idea y, document the steps you need to perform, and nc ude we - ustrated and deta ed nstruct ons on how to rep ace the power supp es of your cr t ca hardware as part of your d saster recovery standard operat ng procedures If you can swap out a fa ed power supp y n 10 m nutes, rather than wa t ng hours unt an outs de techn c an arr ves, you’ve saved more than enough money to pay for the spare part severa t mes over

Protecting the Power Supply

CHAPTER 4

49

themse ves before a ow ng the vo tage to get through to your server The effect veness of these stand-a one surge protectors depends on the speed of the r response to a arge vo tage ncrease and the mechan sm of fa ure when the r capac ty s exceeded If the surge protector doesn’t respond qu ck y enough to a sp ke, bad th ngs w happen Most UPSs a so prov de some protect on from sp kes They have bu t- n surge protectors, p us so at on c rcu try that tends to buffer the effects of sp kes The effect veness of the sp ke protect on n a UPS s not d rect y re ated to ts cost, however—the overa cost of the UPS s more a factor of ts effect veness as an a ternat ve power source Your respons b ty s to read the fine pr nt and understand the m tat ons of the surge protect on a g ven UPS offers A so remember that just as w th s mp e surge protectors, arge vo tage sp kes can cause the surge protect on to se f-destruct rather than a ow the vo tage through to your server That’s the good news; the bad news s that nstead of hav ng to rep ace just a surge protector, you’re ke y to have to repa r or rep ace the UPS Note Online or continuous UPSs are far more effective at protecting downstream elec-

tronic equipment than standard reactive UPSs. Even though an online UPS typically costs 1.5 to 2 times the price of a standard reactive UPS of the same capacity, it’s money well spent.

F na y, one other sp ke protect on mechan sm can be he pfu —the constant vo tage transformer (CVT) You’re not ke y to see one un ess you’re n a arge ndustr a sett ng, but they are often cons dered to be a suffic ent rep acement for other forms of surge protect on Unfortunate y, they’re not rea y opt ma for sp ke protect on They do fi ter some excess vo tage, but a arge sp ke s ke y to find ts way through However, n comb nat on w th e ther a fu y protected UPS or a good stand-a one surge protector, a CVT can be qu te effect ve They a so prov de add t ona protect on aga nst other forms of vo tage var at on that surge protectors a one can’t beg n to manage

Surges Vo tage surges and sp kes are often d scussed nterchangeab y, but we’d ke to make a d st nct on here For our purposes, a surge asts onger than most sp kes and sn’t near y as arge Most surges ast a few hundred m seconds and are rare y over 1000 vo ts They can be caused by many of the same factors that cause vo tage sp kes Prov d ng protect on aga nst surges s somewhat eas er than protect ng aga nst arge sp kes Most of the protect on mechan sms just d scussed a so adequate y hand e surges In add t on, most CVTs are suffic ent to hand e surges and m ght even hand e them better f the surge s so pro onged that t threatens to overheat and burn out a s mp e surge protector

Protecting the Power Supply

CHAPTER 4

51

Sags Vo tage sags are short-term reduct ons n the vo tage de vered They aren’t comp ete vo tage fa ures or power outages and are shorter than a fu -sca e brownout Vo tage sags can drop the vo tage we be ow 100 vo ts on a 110- to 120-vo t norma ne and cause most servers to reboot f protect on sn’t prov ded Stand-a one surge protectors prov de no defense aga nst sags You need a UPS or a very good CVT to prevent damage from a vo tage sag Severe sags can overcome the rat ng of a but the best constant vo tage transformers, so you genera y shou dn’t use a CVT as the so e protect on aga nst sags A UPS, w th ts battery power supp y, s an essent a part of your protect on from prob ems caused by vo tage sags

Brownouts A brownout s a p anned, de berate reduct on n vo tage from your e ectr c ut ty company Brownouts most often occur n the heat of the summer and are des gned to protect the ut ty company from over oad ng They are not des gned to protect the consumer, however In genera , a brownout reduces the ava ab e vo tage by 5 to 20 percent from the norma va ue A CVT or a UPS prov des exce ent protect on aga nst brownouts, w th n m ts Proonged brownouts m ght exceed your UPS’s ab ty to ma nta n a charge at the same t me that t s prov d ng power at the correct vo tage to your equ pment Mon tor the hea th of your UPS carefu y dur ng a brownout, espec a y because the r sk of a comp ete power outage ncreases f the power company’s vo tage reduct on strategy proves nsuffic ent The best protect on aga nst extended brownouts s a CVT of suffic ent rat ng to fu y support your cr t ca network dev ces and servers If you ve n an area that s subject to brownouts and your budget can afford t, a good CVT s an exce ent nvestment Th s transformer takes the reduced vo tage prov ded by your power company and ncreases t to the rated output vo tage A good constant vo tage transformer can hand e most brownouts for an extended t me w thout prob ems, but you shou d st supp ement the CVT w th a qua ty UPS and surge protect on between the transformer and the server or network dev ce Th s extra protect on s espec a y mportant wh e the power company s attempt ng to restore power to fu vo tage, because dur ng th s per od you run a h gher r sk of exper enc ng power and vo tage fluctuat ons

52 CHAPTER 4


Disk Arrays The most common computer hardware ma funct on s probab y a hard d sk fa ure Even though hard d sks have become more re ab e over t me, they are st subject to fa ure, espec a y dur ng the r first month or so of use They are a so vu nerab e to both catastroph c and degenerat ve fa ures caused by power prob ems Fortunate y, d sk arrays have become the norm for servers, and good fau t-to erant hardware RAID systems are ava ab e and supported on SBS The cho ce of RAID and the part cu ars of how you configure your RAID system can s gn ficant y affect the cost of your servers To make an nformed cho ce for your env ronment and needs, you must understand the tradeoffs and the d fferences n fau t to erance, speed, configurab ty, and so on

Hardware vs. Software RAID can be mp emented at the hardware eve , us ng RAID contro ers, or at the software eve , e ther by the operat ng system or by a th rd-party add-on SBS supports both hardware RAID and ts own software RAID Hardware RAID mp ementat ons requ re ded cated contro ers and cost somewhat more than an equ va ent eve of software RAID However, for that extra pr ce, you get a faster, more flex b e, and more fau t-to erant RAID When compared to the software RAID prov ded n SBS 2010, a good hardware RAID contro er supports more eve s of RAID, on-the-fly reconfigurat on of the arrays, hot-swap and hot-spare dr ves (d scussed ater n th s chapter), and ded cated cach ng of both reads and wr tes Software RAID requ res that you convert your d sks to dynam c d sks We don’t recommend convert ng your system d sk or boot d sks, because dynam c d sks can be more d fficu t to access f a prob em occurs, and the SBS setup and nsta at on program prov des on y m ted support For max mum fau t to erance, we recommend us ng hardware m rror ng (RAID-1) on your system dr ve Dynam c d sks, and the software RAID they support, are a so a prob em for v rtua zat on and shou d not be used when you are v rtua z ng SBS

RAID Levels for Fault Tolerance Except for eve 0, RAID s a mechan sm for stor ng suffic ent nformat on on a group of hard d sks so that even f one hard d sk n the group fa s, no nformat on s ost Some RAID arrangements go even further, prov d ng protect on n the event of mu t p e hard d sk fa ures The more common eve s of RAID and the r appropr ateness n a fau t-to erant env ronment are shown n Tab e 4-1

Disk Arrays

CHAPTER 4

55

your needs The fo ow ng sect ons take a c oser ook at each factor and how t we ghs n the overa dec s on-mak ng process

Intended Use The ntended use, and the k nd of d sk access assoc ated w th that use, p ays an mportant ro e n determ n ng the best RAID eve for your app cat on Th nk about how wr tentens ve the app cat on s and whether the manner n wh ch the app cat on uses the data s more sequent a or random Is your app cat on a three-square-mea s-a-day k nd of app cat on, w th re at ve y arge chunks of data be ng read or wr tten at a t me, or s t more of a grazer or n bb er, read ng and wr t ng tt e b ts of data from a sorts of d fferent p aces? If your app cat on s re at ve y wr tentens ve, you’ want to avo d software RAID or RAID-5 and RAID-6 f other cons derat ons don’t requ re them W th RAID-5 and RAID-6, any app cat on that requ res more than 50 percent wr tes to reads s ke y to be at east somewhat s ower, f not much s ower, than t wou d be on a s ng e d sk or a RAID-1 m rror You can m t gate th s to some extent by us ng more but sma er dr ves n your array and by us ng a hardware contro er w th a arge cache to offload the par ty process ng as much as poss b e RAID-1, n e ther a m rror or dup ex configurat on, prov des a h gh degree of fau t to erance w th no s gn ficant pena ty dur ng wr te operat ons—a good cho ce for the system d sk If your app cat on s pr mar y read- ntens ve and the data s stored and referenced sequent a y, RAID-3 or RAID-4 m ght be a good cho ce Because the data s str ped across many dr ves, you have para e access to t, mprov ng your throughput And because the par ty nformat on s stored on a s ng e dr ve rather than d spersed across the array, sequent a read operat ons don’t have to sk p over the par ty nformat on and are therefore faster However, wr te operat ons are substant a y s ower, and the s ng e par ty dr ve can become an I/O bott eneck dur ng wr te operat ons Note RAID-3 and RAID-4 have been largely supplanted by other RAID technologies,

primarily RAID-5 and RAID-10. In an SBS environment, RAID-3 and RAID-4 are unlikely to be an appropriate choice, and you should consider them only for specialized applications.

If your app cat on s pr mar y read- ntens ve and not necessar y sequent a , RAID-5 and RAID-6 are obv ous cho ces They prov de a good ba ance of speed and fau t to erance, and the cost s substant a y ower than the cost of RAID-1 or RAID-10 D sk accesses are even y d str buted across mu t p e dr ves, and no s ng e dr ve has the potent a to be an I/O bott eneck However, wr tes requ re ca cu at on of the par ty nformat on and the extra wr te of that par ty, s ow ng wr te operat ons down s gn ficant y W ndows Sma Bus ness Server fi e shares are a good fit for RAID 5 and RAID 6, but avo d them for the vo ume that ho ds wr tentens ve database fi es

58 CHAPTER 4


If your app cat on prov des other mechan sms for data recovery or uses arge amounts of temporary storage that doesn’t requ re fau t to erance, a s mp e RAID-0, w th no fau t to erance but fast reads and wr tes, s a poss b ty However, we strong y adv se aga nst RAID-0 on an SBS server un ess you c ear y understand that anyth ng on a RAID-0 array s comp ete y unprotected and s actua y more ke y to fa than a s ng e d sk

Fault Tolerance Carefu y exam ne the fau t to erance of each of the poss b e RAID cho ces for your ntended use A RAID eve s except RAID-0 prov de some degree of fau t to erance, but the effect of a fa ure and the ab ty to recover from subsequent fa ures are d fferent If a dr ve n a RAID-1 m rror or dup ex array fa s, a fu , comp ete, exact copy of the data rema ns Access to your data or app cat on s un mpeded, and performance degradat on s m n ma , a though you do ose the benefit ga ned on read operat ons of be ng ab e to read from e ther d sk Unt the fa ed d sk s rep aced, however, you have no fau t to erance on the rema n ng d sk Once you rep ace the fa ed d sk, overa performance s s gn ficant y reduced wh e the new d sk s n t a zed and the m rror s rebu t Modern RAID contro ers can vary the speed of data reconstruct on when rep ac ng a fa ed d sk, a ow ng you to ba ance the speed of regenerat on aga nst the performance degradat on In a RAID-3 or RAID-4 array, f one of the data d sks fa s, a s gn ficant performance degradat on occurs because the m ss ng data needs to be reconstructed from the par ty nformat on A so, you’ have no fau t to erance unt the fa ed d sk s rep aced If the par ty d sk fa s, you’ have no fau t to erance unt t s rep aced, but a so no performance degradat on Once you rep ace the fa ed d sk, overa performance s s gn ficant y reduced wh e the new d sk s n t a zed and the par ty nformat on or data s rebu t In a RAID-5 array, the oss of any d sk resu ts n a s gn ficant performance degradat on, and your fau t to erance w be gone unt you rep ace the fa ed d sk Once you rep ace the d sk, you won’t return to fau t to erance unt the ent re array has a chance to rebu d tse f, and performance s ser ous y degraded dur ng the rebu d process In a RAID-6 array, the oss of any d sk resu ts n a s gn ficant performance degradat on, but you w st be fau t to erant The fa ure of a second d sk w not cause data oss, but t w eave you w th no fau t to erance Once you rep ace a fa ed d sk, you won’t return to fu fau t to erance unt the ent re array has a chance to rebu d tse f, and performance s ser ous y degraded dur ng the rebu d process If a dr ve n a RAID 0+1 or RAID-10 array fa s, a fu , comp ete, exact copy of the data rema ns Access to your data or app cat on s un mpeded, and performance degradat on s m n ma Unt the fa ed d sk s rep aced, however, you have ncomp ete fau t to erance on the array A second d sk fa ure, f t occurs on the oppos te s de of the m rror, w cause data oss Once you rep ace the fa ed d sk, overa performance s s gn ficant y reduced wh e the new d sk s n t a zed and the m rror s rebu t Modern RAID contro ers can vary the speed of data reconstruct on when rep ac ng a fa ed d sk, a ow ng you to ba ance the speed of regenerat on aga nst the performance degradat on

Disk Arrays

CHAPTER 4

59

RAID systems that are arrays of arrays can prov de for mu t p e fa ure to erance These arrays prov de for mu t p e eve s of redundancy and are appropr ate for m ss on-cr t ca app cat ons that must be ab e to w thstand the fa ure of more than one dr ve n an array

Availability A eve s of RAID, except RAID-0, prov de h gher ava ab ty than a s ng e dr ve However, f ava ab ty s expanded to a so nc ude the overa performance eve dur ng fa ure mode, some RAID eve s prov de defin te advantages over others Spec fica y, RAID-1 and ts der vat ves, RAID-10 and RAID 0+1, prov de enhanced ava ab ty when compared to RAID eve s 3, 4, 5, and 6 dur ng fa ure mode The performance degradat on s m n ma when compared to a s ng e d sk f one ha f of a m rror fa s, whereas a RAID-5 or RAID-6 array has substant a y comprom sed performance unt the fa ed d sk s rep aced and the array s rebu t In add t on, RAID systems that are based on an array of arrays can prov de h gher ava ab ty than RAID eve s 1 through 6 Runn ng on mu t p e contro ers, these arrays are ab e to to erate the fa ure of more than one d sk and the fa ure of one of the contro ers, prov d ng protect on aga nst the s ng e po nt of fa ure nherent n any s ng e-contro er arrangement RAID 1 that uses dup exed d sks runn ng on d fferent contro ers—as opposed to RAID-1 that uses m rror ng on the same contro er—a so prov des th s add t ona protect on and mproved ava ab ty Hot-swap dr ves and hot-spare dr ves (d scussed ater n th s chapter) can further mprove ava ab ty n cr t ca env ronments, espec a y hot-spare dr ves By prov d ng for automat c fa over and rebu d ng, they can reduce your exposure to catastroph c fa ure and prov de for max mum ava ab ty

Performance The re at ve performance of each RAID eve depends on the ntended use The best comprom se for many s tuat ons s arguab y RAID-5 or RAID-6, but you shou d quest on the adequacy of that comprom se f your app cat on s fa r y wr tentens ve Espec a y for re at ona database data and ndex fi es where the database s moderate y or h gh y wr tentens ve, the performance h t of us ng RAID-5 or RAID-6 can be substant a A better a ternat ve s to use RAID 0+1 or RAID-10 Whatever eve of RAID you choose for your part cu ar app cat on, t w benefit from usng more sma d sks rather than a few arge d sks The more dr ves contr but ng to the str pe of the array, the greater the benefit of para e read ng and wr t ng you’ be ab e to rea ze— and your array’s overa throughput w mprove

60 CHAPTER 4


Cost The de ta n cost between RAID configurat ons s pr mar y the cost of dr ves, potent a y nc ud ng the cost of add t ona array enc osures because more dr ves are requ red for a part cu ar eve of RAID RAID-1—e ther dup ex ng or m rror ng— s the most expens ve of the convent ona RAID eve s because t requ res at east 33 percent more raw d sk space for a g ven amount of net storage space than other RAID eve s Another cons derat on s that RAID eve s that nc ude m rror ng or dup ex ng must use dr ves n pa rs Therefore, t’s more d fficu t (and more expens ve) to add on to an array f you need add t ona space on the array A net 144-g gabyte (GB) RAID 0+1 array, compr s ng four 72-GB dr ves, requ res four more 72-GB dr ves to doub e n s ze—a somewhat daunt ng prospect f your array cab net has bays for on y s x dr ves, for examp e A net 144-GB RAID-5 array of three 72-GB dr ves, however, can be doub ed n s ze s mp y by add ng two more 72-GB dr ves, for a tota of five dr ves RAID arrays based on 2 5- nch dr ves are rap d y rep ac ng trad t ona 3 5- nch dr ves The sma er 2 5- nch dr ves take up ess phys ca space for the same amount of tota storage, wh e consum ng substant a y ess power and generat ng ess heat The n t a cost of the array s essent a y s m ar to that of an equ va ent array us ng 3 5- nch dr ves, but the ongo ng costs are ess Our current preferred array system uses e ght 2 5- nch SAS dr ves configured as RAID 0+1 The ent re array fits n the space of a pa r of standard CD/DVD dr ves

Hot-Swap and Hot-Spare Disk Systems Hardware RAID systems can prov de for both hot-swap and hot-spare capab t es A hot-swap d sk system a ows fa ed hard d sks to be removed and a rep acement d sk to be nserted nto the array w thout power ng down the system or reboot ng the server When the new d sk s nserted, t s automat ca y recogn zed and e ther w be automat ca y configured nto the array or can be manua y configured nto t Add t ona y, many hot-swap RAID systems a ow you to add hard d sks nto empty s ots dynam ca y and automat ca y or manua y ncrease the s ze of the RAID vo ume on the fly w thout a reboot A hot-spare RAID configurat on uses an add t ona , preconfigured d sk or d sks to automatca y rep ace a fa ed d sk These systems can be configured to automat ca y regenerate the array n the event of a fa ure, thus ma nta n ng max ma redundancy When comb ned w th a RAID configurat on that can w thstand mu t p e dr ve fa ures, such as RAID-6, a hot-spare system prov des a very h gh degree of redundancy and ava ab ty Even where you don’t have a hot-spare dr ve a ready configured nto your array, t makes sense to a ways keep a match ng spare dr ve ava ab e n your rep acement-parts cab net Hard dr ves aren’t a that expens ve, and hav ng a spare w save you t me f you have a dr ve fa ure n your array P us, w th dr ve s zes and techno ogy chang ng rap d y, t can be annoyng to try to find a match ng dr ve two or three years after you buy the or g na array

Disk Arrays

CHAPTER 4

61

Redundant Networking Hav ng a server up and runn ng s fa r y use ess f the server can’t commun cate w th the rest of your network or the outs de wor d Bu d ng redundancy nto your power and d sk systems s mportant, but t does you tt e good f your network ng fa s Protect ng aga nst a network-card fa ure can be as s mp e as hav ng a spare network card, dea y of the same type as s n your server In the event of a fa ure, rep ac ng the card takes on y a few m nutes onger than t takes to reboot the server, f you can find the spare A better opt on s to eave the spare card p ugged n to a spare s ot but d sab ed n W ndows F na y, f your server supports t, us ng network card team ng prov des redundancy n the event of fa ure w th h gher throughput under norma operat on But be sure your app cat on supports teamed network ng before mp ement ng t Unfortunate y, SBS doesn’t offic a y support network team ng, and t can p ay havoc w th the SBS w zards G ven that, we don’t recommend t When your network nterface s on the motherboard, as s common these days, t’s genera y not as easy to prov de dent ca redundant network nterfaces un ess they are bu t nto the server Nonethe ess, hav ng a server-qua ty network card ava ab e and ready to drop nto the server n the event of a fa ure can make recovery much qu cker If your bus ness depends on Internet connect v ty (and whose bus ness doesn’t at east requ re ema these days?), one po nt of fa ure that can eas y be m ssed s your Internet connect on So v ng th s prob em, however, s not at a d fficu t—s mp y rep ace your standard router w th a dua -WAN router and br ng n a second Internet serv ce We have both cab e and DSL ava ab e to our office, so we added a X ncom dua -WAN router that does bas c oad ba anc ng when both connect ons are work ng, but st prov des acceptab e bandw dth when e ther connect on s down F na y, under network ng, we strong y suggest your server have a ow- eve network port that can be used to d rect y connect to the server even f the operat ng system s unrespons ve If you have a Hew ett-Packard dev ce, th s s ca ed an LO port (short for ntegrated ghts out) For De , t’s a DRAC (De Remote Access Card) Other server manufacturers have s m ar techno og es Th s s a network card that s powered up and reachab e we before any operatng system gets oaded and s managed ent re y n firmware

Other Spare Parts So you’ve got a spare power supp y, a spare hard dr ve for your array, and a spare NIC Is that enough? We , t puts you way ahead of many bus nesses, but are there any other parts that you shou d keep ava ab e? Any other per phera or card that you cou dn’t run your bus ness w thout s a good cand date for a spare Another cand date s a spare v deo card, though th s s ess cr t ca You can, after a , a ways Remote Desktop nto the server f you need to, and rep acement v deo cards are easy and qu ck to come by

62 CHAPTER 4


Any other cards or per phera s that you wou d have prob ems do ng w thout for the t me t takes to get a new one to rep ace a fa ure s a good cand date for your spare-parts cab net We ke to keep a spare network sw tch w th a few spare network cab es ava ab e Another smart cho ce s to keep a spare of your DSL modem or boundary router

Summary Bu d ng a h gh y ava ab e and fau t-to erant system requ res you to carefu y eva uate both your requ rements and your resources to e m nate s ng e po nts of fa ure w th n the system You shou d eva uate each of the hardware subsystems w th n the overa system for fau t to erance, and ensure that recovery procedures are c ear y understood and pract ced to reduce recovery t me n the event of a fa ure UPSs, redundant power supp es, redundant networkng, and RAID systems are a methods for mprov ng overa fau t to erance Now that we’ve covered the p ann ng and preparat on of your SBS network, t’s t me to move on to the actua nsta at on and setup of SBS In the next part, we’ cover new nsta at ons, m grat ng from an ex st ng SBS or W ndows Server network, and some spec a cons derat ons for us ng v rtua zat on to bu d your SBS network The first chapter n th s next part covers a typ ca first-t me nsta at on of W ndows Sma Bus ness Server 2008

Summary

CHAPTER 4

63

Part II

Installation and Setup CHAPTER 5

Insta ng Sma Bus ness Server 2011 67

CHAPTER 6

Configur ng SBS n Hyper-V 81

CHAPTER 7

grat ng to W ndows Sma Bus ness Server 2011 M Standard 111

CHAPTER 8

Comp et ng the Gett ng Started Tasks 181

CHAPTER 5

Installing Small Business Server 2011 T

h s chapter covers perform ng a c ean nsta at on of M crosoft W ndows Sma Bus ness Server (SBS) 2011 A nsta at ons of SBS 2011 are c ean nsta s because there s no d rect upgrade path from an ex st ng SBS nsta at on—on y a m grat on We’ cover m grat ons n deta n Chapter 7, “M grat ng to W ndows Sma Bus ness Server 2011,” so f you’re nsta ng n an ex st ng W ndows doma n env ronment—e ther SBS or W ndows Server—you’ want to jump ahead to Chapter 7 If you’re nsta ng n a v rtua env ronment, and t’s a fresh nsta , go ahead and read th s chapter, but ho d off on actua y perform ng any of the steps unt you’ve had a chance to read Chapter 6, “Configur ng SBS n Hyper-V ”

Planning Chapters 2 through 4 a ready covered most of the p ann ng ssues assoc ated w th nsta ng SBS, but there are a few more tems to take care of You shou d have the hardware a assemb ed; now t’s t me to ■

Ver fy the phys ca configurat on of the network

■

Dec de on what IP address range you’ be us ng

■

Choose network names

You’ a so want to dec de how the storage on your SBS server shou d be apport oned The nsta at on w zard for W ndows Sma Bus ness Server 2011 s qu te good and asks on y a few bas c quest ons about your bus ness and the network names and passwords you want to use Everyth ng e se s saved for the Gett ng Started task st once the nsta at on comp etes

Planning Partitions One th ng that the nsta at on w zard does not exp c t y ask s how to part t on your hard d sk space The defau t nsta at on w put everyth ng on a s ng e part t on that takes up a the space on your first hard d sk SBS 2011 makes t easy to move data such as user

67

The server (and ma n network ng equ pment) shou d be n a separate room that can be ocked In a p nch, us ng a ockab e cage n a mu t purpose room can work, but then choose your servers for the r no se eve A keycode ock s a good cho ce because t can be eas y changed f an emp oyee eaves, and most keycode ocks a ow for separate keys for nd v dua s and for determ n ng who has been n the room See Chapter 3, “P ann ng Your SBS Network,” for more on p ann ng for secur ty P ann ng the og ca network ng s another mportant step to make sure you’ve done before start ng the actua nsta We ke to use a s mp e spreadsheet that shows the necessary nformat on we’ need for the nsta at on Deta s on the spreadsheet nc ude ■

Internet serv ces prov der (ISP) nformat on, nc ud ng account names, IP addresses, support phone number, and so on

■

Interna network deta s, nc ud ng IP address range, router IP address, number and names of c ents, and number and names of servers

■

DNS and NetBIOS names that w

■

Router configurat on, nc ud ng any updates that are requ red to the router, what ts defau t sett ngs are f you have to reset t, what sett ngs you’ve changed on the router to configure t for SBS, and so on If your router s enab ed for Un versa P ug and P ay (UPnP), SBS can make at east some of the changes for you automat ca y

be used for the new network

Note Many routers default to either 192.168.0.1, 192.168.1.1, or 10.0.0.1 for their IP

address. If you have to reset the router, make sure you have a well-documented way to upload a configuration file to return it to the configuration you’ve chosen for your network. Leaving the router at one of these common defaults can create issues when setting up virtual private networks, so it’s not recommended.

Preparing the Server F na y, there are a few ast steps to take before aunch ng the nsta at on ■

Make sure the server s s zed appropr ate y for the oad under wh ch you p an to p ace t For more nformat on on server s z ng, see Chapter 3

■

If you’re nsta ng on an ex st ng server, back up a data and record any mportant sett ngs

■

Remove the un nterrupt b e power supp y (UPS) management cab e from the server (even f t’s USB)

■

Upgrade the system BIOS to the atest vers on ava ab e

Preparing the Server

CHAPTER 5

69

■

Set the boot order n the BIOS to boot from the DVD before the hard d sk

■

Locate any mass storage dr vers necessary for the system

■

Configure the firewa or router as requ red

Installation The actua nsta at on of W ndows Sma Bus ness Server 2011 s s mp e compared to ear er vers ons of SBS The n t a nsta at on of the operat ng system asks fewer quest ons, and the nsta at on of the SBS port on a so asks far fewer quest ons P us both can be automated or sem -automated us ng answer fi es We’ wa k through a bas c nsta at on first, and then address custom zat ons, advanced sett ngs, and automat on

Installation Process The nsta at on process for W ndows Sma Bus ness Server 2011 s n two stages The first stage nsta s 64-b t W ndows Server 2008 R2 Standard, and the second stage nsta s SBS tse f The mportant th ng here s that the under y ng operat ng system s W ndows Server 2008 R2 Standard There are on y three m tat ons p aced on W ndows Server 2008 R2 by SBS ■

SBS can on y be n a s ng e doma n env ronment—no trust re at onsh ps are poss b e

■

The SBS server must ho d a of the F ex b e S ng e Master Operat on (FSMO) ro es Add t ona doma n contro ers can be nsta ed n the SBS network, but none of the FSMO ro es can be moved

■

A max mum of 75 users or dev ce C ent Access L censes (CALs) are a owed

Installing the Base Operating System Insta ng the under y ng W ndows Server 2008 R2 Standard operat ng system can be done us ng any of the dep oyment methods supported by W ndows Server 2008 R2, but you w usua y do t by boot ng from the W ndows Sma Bus ness Server 2011 Standard D sk1 and fo ow ng these steps 1. At the n t a screen of the Insta W ndows W zard, shown n F gure 5-1, set the oca -

zat on nformat on for th s nsta at on of SBS

70 CHAPTER 5


Figure 5-1 The f rst nsta at on w ndow

2. C ck Next to open the Insta page of the Insta W ndows W zard, as shown n F gure

5-2

Figure 5-2 The nsta Now page of the nsta W ndows W zard

Installation

CHAPTER 5

71

3. C ck Insta Now to start Set Up The next screen presents the cens ng terms Read the

terms, se ect the box to accept the cens ng terms, and then c ck Next 4. On the next screen, you are asked f you want an Upgrade or a Custom Insta at on

Se ect Custom Insta at on Note You can choose the Upgrade option, but because upgrades to SBS 2011 aren’t pos-

sible, this option will lead you in a merry circle, accomplishing nothing.

5. C ck Custom (Advanced) to open the Where Do You Want To Insta W ndows page

You’ see a st of dr ves and part t ons ava ab e for nsta ng SBS If the dr ve you want to use sn’t sted, c ck Load Dr ver to open the Load Dr ver d a og box shown n F gure 5-3 Dr vers can be oaded from floppy d sk, CD, DVD, or a USB flash dr ve

Figure 5-3 The Load Dr ver d a og box dur ng nsta at on

6. C ck OK to have W ndows search attached removab e med a and d sp ay the resu ts on

the Se ect The Dr ver To Be Insta ed page, shown n F gure 5-4 If the dr ver sn’t d sp ayed, c ck Browse and nav gate to the dev ce and fo der where the dr ver s ocated

Figure 5-4 The Se ect The Dr ver To Be nsta ed page of the nsta W ndows W zard

72 CHAPTER 5


7. C ck Next to oad the se ected dr ver and return to the Where Do You Want To Insta

W ndows page Se ect the part t on where you want to nsta W ndows 8. C ck Next to beg n the actua nsta at on of W ndows Server 2008 R2 Standard (See

F gure 5-5 ) No further quest ons w beg ns

be asked unt the SBS port on of the nsta at on

Figure 5-5 The nsta W ndows screen shows the progress of nsta at on

Installing the SBS Portion After the under y ng operat ng system s nsta ed, W ndows w og on and the SBS nsta at on w automat ca y start Th s nsta at on w configure your t me zone, your network ng, and your server and W ndows doma n names; configure your bus ness nformat on; and set your adm n strator account and password for the SBS doma n A so dur ng th s process, you’ have a chance to nsta any requ red network ng dr vers, f W ndows doesn’t have a bu t- n dr ver for your network card, and down oad the atest updates to protect your server Note Windows Small Business Server 2011 Standard installation requires that a function-

ing network card be detected prior to installation. If your network card is not automatically detected by Windows Server 2008 R2, you’ll need to download the driver and have it available before the installation of SBS can proceed.

The next screen (see F gure 5-6) asks you to spec fy a setup mode a c ean nsta or a m grat on Se ect C ean Insta , and c ck Next to cont nue the nsta at on

Installation

CHAPTER 5

73

Figure 5-6 Choos ng a setup mode

Cont nue the nsta at on by fo ow ng these steps 1. The Ver fy The C ock And T me Zone Sett ngs page shown n F gure 5-7 opens C ck

the Open Date And T me To Ver fy The C ock And T me Zone Sett ngs nk to the standard W ndows Date And T me d a og box Set the t me zone and current date and t me f they aren’t correct, and c ck OK to return to the Ver fy The C ock And T me Zone Sett ngs page C ck Next

Figure 5-7 Use the Open Date And T me nk on th s page to ver fy the t me and date are

correct y set

2. On the Server Network Configurat on screen, se ect how you want the server to detect

network sett ngs Chose Automat c, or you can spec fy the IP address for your network adapter and server C ck Next

74 CHAPTER 5


3. C ck Go On ne And Get The Most Recent Insta at on Updates (Recommended) Th s

w

down oad on y cr t ca updates that are d rect y re ated to nsta at on ssues

4. When the update check s comp ete, c ck Next to open the Company Informat on

page shown n F gure 5-8 Th s nformat on w be used to custom ze var ous other areas of SBS Noth ng s requ red here, but there’s no good reason not to enter the nformat on, e ther—none of t s sent to M crosoft

Figure 5-8 Company nformat on screen

5. C ck Next to open the Persona ze Your Server And Your Network screen, supp y a

name for your server and the name for your nterna network, as shown n F gure 5-9 C ck Next

Figure 5-9 Prov d ng a server and doma n name

Installation

CHAPTER 5

75

Using the SBS Answer File Generator New n W ndows Sma Bus ness Server 2008 and st n force n SBS 2011 s the ab ty to s mp fy the SBS port on of the nsta at on us ng an answer fi e The answer fi e s requ red for do ng a m grat on from an ex st ng doma n env ronment, but t’s opt ona for a c ean new nsta at on It does, however, have some advantages because t a ows you to custom ze some port ons of the nsta that aren’t ava ab e n the norma nsta D sc1 of W ndows Sma Bus ness Server 2011 Standard nc udes a too ca ed the SBS Answer F e Generator (SBSAfg exe) to create an answer fi e SBSAfg exe s ocated n the \Too s d rectory To use SBSAfg exe, fo ow these steps 1. Copy the fi e SBSAfg exe from the SBS 2011 D sc1 to your oca hard d sk Where you

copy t sn’t mportant as ong as you can find t 2. From W ndows Exp orer, doub e-c ck SBSAfg to start the SBS Answer F e Too , shown

n F gure 5-12

Figure 5-12 The SBS Answer F e too

78 CHAPTER 5


3. F

n the fie ds of the Answer F e Too to configure your nsta at on of SBS If you eave a requ red fie d b ank, you’ be prompted for that va ue dur ng the nsta at on

4. When you’ve fi ed n the fie ds of the Answer F e Too , c ck Save As to save the answer

fi e The fi e name shou d be SBSAnswerF e xm 5. To use the answer fi e, copy t to removab e med a such as a USB flash dr ve or USB

hard dr ve and connect the USB dr ve to the SBS server prior to the n t a SBS nsta at on screen (shown ear er n F gure 5-5); SBS w automat ca y oad the answer fi e and proceed to use t dur ng the nsta at on You can a so copy t to the root of any hard d sk attached to the SBS server Note If you create an empty XML file with the name SBSAnswerFile.xml and make it

available to the SBS installation process, as described in step 5, you will have additional options available during the installation process.

Note If you’re installing on a Hyper-V child partition, where there is no USB available,

you can use a virtual floppy drive (VFD) with the SBSAnswerFile.xml on it. Floppy disks work just as well for automating the installation.

Us ng the answer fi e s the on y way you can spec fy a d fferent nterna root DNS doma n name other than “ oca ” If you use the standard SBS nsta at on, t w automat ca y add a oca to the nterna doma n name But when us ng an answer fi e, you can spec fy any root DNS doma n to add

Summary Th s chapter has covered the steps requ red to prepare for and perform a c ean nsta at on of W ndows Sma Bus ness Server 2011 Standard After nsta at on, add t ona configurat on spec fic to your env ronment s done us ng the Gett ng Started task st, wh ch s covered n Chapter 8, “Comp et ng the Gett ng Started Tasks ” Chapter 6, wh ch fo ows, d scusses Hyper-V n genera , and t descr bes the spec a cons derat ons for nsta ng SBS n a Hyper-V env ronment These cons derat ons, wh e spec fic to Hyper-V, are a so re evant n a genera way for any v rtua zat on env ronment Chapter 7 covers m grat ng an ex st ng W ndows Server or W ndows Sma Bus ness Server env ronment to W ndows Sma Bus ness Server 2011 Standard

Summary

CHAPTER 5

79

CHAPTER 6

Configuring SBS in Hyper-V H

yper-V s M crosoft’s hyperv sor-based, nat ve W ndows Server 2008 R2 v rtua zat on so ut on V rtua zat on s one way to s mp fy and conso date your W ndows Sma Bus ness Server (SBS) 2011 server hardware Us ng v rtua zat on for your SBS network can be a cost-effect ve so ut on that prov des an exce ent end-user exper ence wh e a so enab ng mproved d saster recovery and ease of management However, v rtua zat on s s mp y a too , and one you shou d choose when it solves a business problem When we wrote the Microsoft Windows Small Business Server 2003 Administrator’s Companion, v rtua zat on was a t ny fract on of the market and a most exc us ve y the prov nce of very arge organ zat ons M crosoft had no v rtua zat on products and prov ded tt e or no support for compan es and nd v dua s us ng v rtua zat on By the t me we wrote Microsoft Windows Small Business Server 2003 R2 Administrator’s Companion, a huge sh ft had a ready taken p ace M crosoft had bought out a v rtua zat on company and had two products on the market V rtua PC and V rtua Server More and more compan es were ook ng to v rtua zat on as a way to conso date servers, reduce server room footpr nts, and prov de flex b e test env ronments V rtua zat on had gone from the “Hey, that’s k nda neat” phase to the “Hmmm, you know, that m ght just make sense” phase Compan es arge and sma were act ve y nvest gat ng v rtua zat on, p ann ng how to use t, or a ready dep oy ng t Now, fast forward a few years, and v rtua zat on s a way of fe for many of us We cou dn’t beg n to do what we need to do w thout be ng ab e to v rtua ze, and we’re act ve y dep oy ng v rtua so ut ons n product on M crosoft has gone from hav ng a coup e of v rtua zat on products to hav ng a su te of so ut ons around v rtua zat on, nc ud ng bu d ng t r ght n to the operat ng system w th the nc us on of Hyper-V n W ndows Server 2008

81

Important Normally, servers used for SBS 2011 are equipped with only a single net-

work card because SBS 2011 supports only a single NIC configuration. However, if you are using Hyper-V virtualization, you’ll want a second NIC to ensure that you maintain management access to the physical computer even if there are problems with the virtualized SBS. That second NIC can be connected to the same subnet (range of IP addresses) as the primary NIC, or it can be on a completely separate network.

To configure the n t a sett ngs of a Hyper-V Server nsta at on, fo ow these steps 1. Log on to the new y nsta ed M crosoft Hyper-V Server R2 computer You’ be prompt-

ed to change your n t a password 2. After your password change has been accepted, you’ be ogged n to the ma n Hyper-

V Server desktop An un nsp r ng pa r of command w ndows appears, one runn ng Sconfig cmd as shown n F gure 6-3

Figure 6-3 The n t a Sconf g.cmd screen for a new Hyper V Server nsta at on

3. Use the Sconfig cmd menus to configure the n t a sett ngs of the Hyper-V Server Do

not jo n t to a doma n— eave the server n a workgroup The sett ngs we used on our test setup are shown n Tab e 6-1 In add t on, you’ ke y want to se ect Down oad And Insta Updates and enab e Remote Desktop, at a m n mum The n t a configurat on w take at east one reboot, and poss b y two 4. After you’ve fin shed configur ng the Hyper-V Server, you shou d se ect opt on 10 on

the ma n Sconfig menu Th s w d sab e the automat c aunch ng of Sconfig every t me you og on to the server You can a ways get t back by typ ng Start Sconfig from the ma n Cmd w ndow Th s w aunch Sconfig and a so re-enab e the automat c aunch ng 5. Se ect opt on 15 to ex t Sconfig and return to a s mp e Cmd w ndow

88 CHAPTER 6


Installing on Full Windows Server 2008 R2 To nsta the Hyper-V ro e on fu W ndows Server 2008 R2, first comp ete the norma nsta at on and configurat on of W ndows Server 2008 R2, as descr bed n Chapter 24, “Insta ng the Second Server ” When n t a configurat on has comp eted, you can nsta the Hyper-V ro e us ng the fo ow ng steps 1. Open the Server Manager conso e f t sn’t open a ready 2. Se ect Add Ro es from the Act on menu to open the Before You Beg n page of the Add

Ro es W zard 3. Read the adv ce on the Before You Beg n page It’s actua y good adv ce and a use-

fu rem nder If you’ve read the page, understand a ts mp cat ons, and don’t ever want to see the page aga n, se ect the Sk p Th s Page By Defau t check box We eave t unchecked, persona y Note If you’ve already run the Add Roles Wizard and selected Skip This Page By De-

fault, you won’t see the Before You Begin page of the Add Roles Wizard.

4. C ck Next to open the Se ect Server Ro es page of the Add Ro es W zard 5. Se ect Hyper-V from the st of ro es 6. C ck Next to open the Hyper-V page, as shown n F gure 6-4 Th s page descr bes the

Hyper-V ro e and nc udes a Th ngs To Note sect on that has caut ons and adv sor es spec fic to the Hyper-V ro e The page a so has a nk to severa Add t ona Informat on pages w th up-to-date nformat on on Hyper-V

Figure 6-4 The Hyper V page of the Add Ro es W zard

Installation

CHAPTER 6

89

7. After you’ve read the Th ngs To Note sect on, c ck Next to open the Create V rtua

Networks page shown n F gure 6-5

Figure 6-5 The Create V rtua Networks page of the Add Ro es W zard

8. Se ect the ethernet cards you want to create v rtua networks for The genera ru e s to

eave at east one network card not used for v rtua networks to ensure that you ma nta n fu remote connect v ty to the server 9. When the Add Ro es W zard has a the nformat on necessary to proceed, t w

open the Confirm Insta at on Se ect ons page If everyth ng ooks correct, c ck Insta to beg n the nsta at on

10. When the nsta at on comp etes, you’ see the Insta at on Resu ts page The Hyper-V

nsta at on w r ght away

requ re a reboot C ck C ose to comp ete the w zard C ck Yes to reboot

11. After the server reboots, og back on w th the same account you used to add the

Hyper-V ro e The Resume Configurat on W zard w open, and when the configurat on s comp ete, you’ see the fina Insta at on Resu ts page 12. C ck C ose to ex t the w zard

90 CHAPTER 6


Initial Configuration After you’ve nsta ed the Hyper-V ro e, you need to actua y configure Hyper-V and then start add ng v rtua mach nes The management too for Hyper-V s the Hyper-V Manager conso e L ke other management conso es n W ndows Server 2008 R2, t ntegrates nto the Server Manager conso e You can use t there or run t as a stand-a one too We prefer standa one—frank y, t takes up ess screen space Open Adm n strat ve Too s, and se ect Hyper-V Manager from the st to run the stand-a one Hyper-V Manager conso e Note You could run the Hyper-V Manager console by starting it from the command line,

but unlike other Windows Server 2008 management consoles, it’s not put in %windir%\ system32. It is actually in %ProgramFiles%\Hyper-V, which isn’t on your path. The command line for this is “%ProgramFiles%\Hyper-V\virtmgmt.msc” (quotes required)

Note If you’re running Hyper-V on Server Core, you need to install the Hyper-V man-

agement tools onto a Windows 7 or Windows Server 2008 R2 computer and run them remotely. See Microsoft Knowledge Base article 974877 at http://support.microsoft.com/ kb/974877. You use the same steps as if you were running the console locally, but you have to connect to the server first.

Configuring Networks The first step after nsta ng Hyper-V s to configure your networks The step n the Add Ro es W zard creates the network and attaches t to the network cards you se ected Depend ng on the se ect ons you made, the networks created dur ng the nsta m ght need to be changed to reflect the type of network you need And, of course, f you nsta ed on Hyper-V Server, no network configurat on has been done at a Hyper-V supports three k nds of v rtua networks

■

External An externa network s a v rtua network sw tch that b nds to the phys ca network adapter, prov d ng access to resources outs de the v rtua network An externa network can be ass gned to a VLAN

■

Internal An nterna network s a v rtua network sw tch that a ows v rtua mach nes on the server to connect to each other and to the parent part t on An nterna network can be ass gned to a VLAN

■

Private A pr vate network s a v rtua network sw tch that a ows v rtua mach nes to connect to each other, but t prov des no connect on between the v rtua mach nes and the phys ca computer

Initial Configuration

CHAPTER 6

91

Setting Network Type To set your networks to be externa networks, a ow ng them to connect through the phys ca network adapter to outs de the phys ca computer, use the fo ow ng steps 1. Open the Hyper-V Manager conso e f t sn’t a ready open 2. Se ect the Hyper-V computer n the eft pane, and then c ck V rtua Network Manager

n the Act ons pane to open the V rtua Network Manager as shown n F gure 6-6

Figure 6-6 The V rtua Network Manager

3. Se ect the V rtua Network you want to make an externa network Ed t the name to

prov de a more mean ngfu descr pt on, and add any notes you want to add 4. Se ect Externa , and se ect the phys ca network adapter you want to connect th s v r-

tua network to from the drop-down st, as shown n F gure 6-7

92 CHAPTER 6


Figure 6-7 Attach ng a v rtua network to a phys ca adapter to create an externa network

5. C ck OK to c ose the V rtua Network Manager, and app y your changes

Server Settings The next step n configur ng your Hyper-V server s to set the overa server sett ngs and the user-spec fic sett ngs Genera server sett ngs nc ude the defau t ocat on for hard d sks and the defau t ocat on for v rtua mach nes User-spec fic sett ngs nc ude keyboard sett ngs and saved credent a s To set the server sett ngs for a Hyper-V server, use the fo ow ng steps 1. Open the Hyper-V Manager conso e f t sn’t a ready open 2. Se ect the Hyper-V computer n the eft pane, and then c ck Hyper-V Sett ngs n the

Act ons pane to open the Hyper-V Sett ngs d a og box, shown n F gure 6-8

Initial Configuration

CHAPTER 6

93

Figure 6-8 The Hyper V Sett ngs d a og box

3. Se ect V rtua Hard D sks n the eft pane, and enter the top of the path to use as a

defau t for stor ng the v rtua hard d sk (VHD) fi es used by v rtua mach nes You can change the actua path of any spec fic VHD ater Th s just sets the defau t ocat on 4. Se ect V rtua Mach nes n the eft pane, and set the defau t path for stor ng v rtua

mach ne snapshot fi es 5. Se ect Keyboard n the eft pane, and spec fy how spec a W ndows key comb nat ons

(such as A t+Tab and Ctr +Esc) are used 6. Se ect Mouse Re ease Key, and set the defau t key comb nat on to re ease a captured

mouse when connect ng to a v rtua mach ne that doesn’t have ntegrat on components nsta ed 7. Se ect De ete Saved Credent a s or Reset Check Boxes to remove any saved credent a s

on the server or to reset a the Don’t Ask Me Aga n check boxes on the server

94 CHAPTER 6


Note System Center Virtual Machine Manager (SCVMM) 2008 R2 fully supports Hyper-V

R2. If you use more than one or two VMs and support more than one host server, SCVMM is a great product. And we’re pretty cautious about saying things like that.

The bas c steps for creat ng a VM are as fo ows ■

Create a new VM, g v ng t a name and ocat on

■

Ass gn RAM to the VM

■

Connect to a network

■

Ass gn or create a v rtua d sk

■

Spec fy where the operat ng system w

be oaded from

The New V rtua Mach ne W zard hand es a these bas c steps but s pretty m ted, and nsuffic ent for creat ng a VM for SBS You’ want to actua y configure the VM further before nsta ng SBS or the SBS second server on your VM We’ start by wa k ng through the steps for creat ng a VM and then show you how to change that bas c VM to be a b t more usefu and flex b e

Creating a Basic VM To create a new VM, fo ow these steps 1. Open the Hyper-V Manager conso e f t sn’t a ready open 2. Se ect the Hyper-V computer n the eft pane, c ck New, and then c ck V rtua Mach ne

on the Act ons menu to start the New V rtua Mach ne W zard 3. If you haven’t d sab ed the Before You Beg n page, you can read the descr pt on of

what’s go ng to happen, or c ck the More About Creat ng V rtua Mach nes nk to open the He p pages for creat ng a VM Se ect the Do Not Show Th s Page Aga n check box so that you don’t have to see th s page aga n 4. C ck Next to open the Spec fy Name And Locat on page, shown n F gure 6-9

96 CHAPTER 6


Figure 6-9 The Spec fy Name And Locat on page of the New V rtua Mach ne W zard

5. Enter a name for the VM, and se ect the Store The V rtua Mach ne In A D fferent Loca-

t on check box When you se ect th s check box, a the fi es for th s VM w be stored n a d rectory w th the same name as the VM, shown be ow n the Locat on fie d Note For this first VM, with a name of hp160-sbs2011 and a default location of E:\

VMs\, the result will be a new directory of E:\VMs\hp160-sbs2011, with the files and subdirectories of the VM stored in it.

6. C ck Next to open the Ass gn Memory page, shown n F gure 6-10 Spec fy the amount

of memory that w be ass gned to the new VM You shou d spec fy the same amount of memory you wou d spec fy for the RAM of a phys ca SBS computer, but do not exceed the memory of the host physical computer.

Creating a Virtual Machine

CHAPTER 6

97

Figure 6-10 The Ass gn Memory page of the New V rtua Mach ne W zard

7. C ck Next to open the Configure Network ng page Se ect the network that the VM

w

be connected to, as shown n F gure 6-11

Figure 6-11 The Conf gure Network ng page of the New V rtua Mach ne W zard

98 CHAPTER 6


8. C ck Next to open the Connect V rtua Hard D sk page, shown n F gure 6-12

Figure 6-12 The Connect V rtua Hard D sk page of the New V rtua Mach ne W zard

9. Se ect Create A V rtua Hard D sk to create a new, automat ca y expand ng, v rtua

d sk w th a nom na s ze of 127 GB Accept the defau t ocat on, and name or mod fy the d sk as appropr ate for your env ronment Even though 127 GB seems ke a ot, we suggest you change the S ze fie d to at east 200 GB The defau t s to create a dynam ca y expand ng hard d sk Now that’s just great f th s sn’t a product on server, but we th nk t’s a good dea to create a fixed-s ze VHD for a product on system Even though dynam c VHDs have gotten a ot faster s nce the or g na re ease of Hyper-V, there’s st a defin te performance advantage to a fixed-s ze VHD To use a fixed-s ze VHD, run the New V rtua Hard D sk W zard and create the d sk first, and then attach t at th s stage of the New V rtua Mach ne W zard, or sk p the Connect V rtua Hard D sk page of the w zard for now and attach a d sk ater Important The maximum size of an IDE VHD in Hyper-V is 2 terabytes (2040 GB,

actually). But a dynamically expanding virtual hard disk doesn’t actually take up any more room on your physical hard disk or array than it needs to. As you expand your use of the VM, the size of the disk will continue to grow, up to the size you set when you create the disk. But if you run out of actual disk space because you overcommitted the total size of dynamic VHDs, ugly things will happen.


CHAPTER 6

99

10. C ck Next to open the Insta at on Opt ons page, as shown n F gure 6-13

Figure 6-13 The nsta at on Opt ons page of the New V rtua Mach ne W zard

The cho ces are ■

Install An Operating System Later Th s opt on requ res you to configure how your operat ng system w

■

be nsta ed manua y before start ng the VM

Install An Operating System From A Boot CD/DVD-ROM Th s opt on a ows you to connect to the phys ca computer’s CD or DVD dr ve, or to mount an ISO fi e stored on the phys ca computer’s hard d sk as f t were a phys ca CD/DVD dr ve

■

Install An Operating System From A Boot Floppy Disk Th s opt on a ows you to connect to a v rtua floppy d sk ( vfd) fi e as f t were a phys ca floppy dr ve

■

Install An Operating System From A Network-Based Installation Server Th s opt on changes the BIOS sett ng for the VM to enab e a network boot from a PXE server, and t a so changes the network card for the VM to be an emu ated egacy network adapter nstead of the defau t synthet c network adapter

11. C ck Next to open the Comp et ng The New V rtua Mach ne W zard summary page, or

c ck F n sh to sk p the ast step On the ast page, you can choose to automat ca y start the new VM as soon as you c ose the w zard, but we th nk that’s a bad opt on Just sk p t—you shou d probab y adjust the sett ngs for the new VM before you start t anyway

100 CHAPTER 6


Machine Settings After you’ve created the VM for your SBS server, you shou d make some changes to the mach ne sett ngs that the New V rtua Mach ne W zard has configured To adjust the sett ngs of a VM, se ect the VM n the center V rtua Mach nes pane of Hyper-V Manager, and c ck Sett ngs on the Act on menu to open the Sett ngs d a og box for the VM, as shown n F gure 6-14

Figure 6-14 The Sett ngs d a og box for the hp160 sbs2011 v rtua mach ne

The sett ngs page of a VM a ows you to contro the v rtua hardware ava ab e to that VM The sett ngs that can be changed on a VM nc ude

■

Add Hardware Add a SCSI Contro er, network adapter, or egacy network adapter

■

BIOS Change the boot order and Num ock state

■

Memory Set the amount of memory ass gned to the VM SBS VMs are m ted to 32 GB of RAM, just as they are on phys ca hardware

■

Processor Set the number of og ca processors ass gned to the VM Th s s m ted to the number of og ca processors ava ab e on the host computer or four og ca processors, wh chever s ess For SBS 2011, ass gn at east two og ca processors, and four s preferred

■

IDE Controllers 0, 1 Set the dr ves connected to each IDE contro er Both Hard D sk and DVD Dr ve types are supported on IDE contro ers Creating a Virtual Machine

CHAPTER 6

101

When you configure the settings on a virtual machine, you enable dynamic memory for that machine and you set a Startup RAM and a Maximum RAM, along with a memory buffer percentage, and the memory weight of the virtual machine, as shown in Figure 6-14. The Hyper-V host first attempts to start all the virtual machines that are scheduled to start by allocating the Startup RAM specified to each VM. Once that RAM has been allocated, it looks at the buffer specified for each virtual machine and, if it can, reserves the full buffer to each virtual machine. If it is unable to assign each virtual machine the full buffer specified, it then uses a combination of the weighting of the memory for the virtual machines and the memory pressure of the virtual machines to allocate the available memory resources as effectively as possible. As the memory pressure from each virtual machine changes dynamically over time, the Hyper-V host will be allocated more or less RAM depending on the settings of the VMs on the host and the available RAM resources. To use dynamic memory, your Hyper-V host must be running SP1 and your guest operating systems must be supported. For SBS networks, this means you must install Windows Server 2008 R2 SP1 on the Premium Add-on server if you have one, and upgrade the integration components on the virtual machine. Dynamic memory allocation is not supported for the main SBS server. Additional virtual machines running Windows Server 2003, Windows Server 2008, Windows Vista (Enterprise or Ultimate), or Windows 7 (Enterprise or Ultimate) are also able to take advantage of dynamic memory if they have been upgraded to the latest service pack.

Disks and Controllers Hyper-V uses a pa r of synthet c IDE contro ers for hard d sks and DVD dr ves by defau t You must use an IDE for the boot hard d sk—the synthet c SCSI contro er won’t have dr vers ava ab e n the operat ng system unt after the ntegrat on components are nsta ed If you’re fam ar w th the IDE contro er n V rtua Server 2005, you’ know that t was s ow and on y supported hard d sks up to 127 GB We qu ck y earned to use V rtua Server’s SCSI contro er and floppy d sk to oad the dr vers dur ng nsta at on, great y speed ng up the process But that workaround s no onger necessary and won’t work w th the Hyper-V SCSI contro er The new IDE contro er n Hyper-V has fu LBA-48 support, and t’s much faster than the o d V rtua Server one In W ndows Server 2008 R2 Hyper-V, a v rtua mach nes nc ude a SCSI contro er by defau t You can add add t ona SCSI contro ers f necessary You shou d use a SCSI d sk type for any add t ona data d sks you ass gn to the SBS VM W ndows Server 2008 R2 supports hot add and remove of SCSI hard d sks to runn ng VMs


CHAPTER 6

103

Network Adapters When you create a new VM, t w automat ca y nc ude a s ng e network adapter Un ess you choose to nsta the operat ng system from the network, t w add one of the synthet c network adapters that are new to Hyper-V These work great and are defin te y the preferred cho ce—un ess you are runn ng an operat ng system that doesn’t have ntegrat on components ava ab e for t If that’s the case, you need to change th s adapter to a egacy network adapter You can’t d rect y change the adapter type—you need to de ete the ex st ng one and add a egacy adapter Because SBS 2011 nc udes the necessary ntegrat on components bu t n to the base operat ng system, you shou d a ways choose a synthet c network adapter un ess you are us ng PXE to boot from the network

COM and Floppy Hyper-V automat ca y configures a pa r of v rtua COM ports (COM1 and COM2) and a v rtua floppy d sk dr ve for each VM But t doesn’t actua y connect them to anyth ng To connect a COM port to the host computer, you need to use named p pes, wh ch are, unfortunate y, useess for fax ng or anyth ng e se we m ght be do ng w th our SBS servers For floppy d sks, you need to create a v rtua floppy d sk fi e ( vfd) A VFD fi e s an mage of a floppy d sk There s no way n Hyper-V to connect d rect y to any ex st ng floppy dr ve on the server

Working with a Virtual Machine Work ng w th a Hyper-V VM s a most dent ca to work ng w th a phys ca computer You shou d do v rtua y everyth ng you need to do from the c ent operat ng system, just as you wou d on a phys ca computer You can connect to the c ent operat ng system us ng Remote Desktop when that s a supported opt on, and you can a ways connect us ng the V rtua Mach ne Connect on You can open the V rtua Mach ne Connect on to a part cu ar VM by e ther doub e-c ck ng the VM n the Hyper-V Manager conso e or se ect ng t and then c ck ng Connect on the Act on menu You can connect e ther oca y from the parent part t on or remote y f you’re runn ng the Hyper-V Remote Management Too s Th s connect on to the VM s the same as the phys ca keyboard, mouse, and mon tor of a phys ca computer However, there are some act ons that need to be performed from the parent part t on, e ther from the Hyper-V Manager conso e or the from the menu bar of the V rtua Mach ne Connect on

Starting, Stopping, Saving, Snapshotting To start a VM, you need to e ther set the VM to automat ca y start or use the Hyper-V Manager conso e to start the VM R ght-c ck the VM n the conso e, and se ect Start from the menu If you have the V rtua Mach ne Connect on for that VM open, you can se ect Start from the Act on menu

Working with a Virtual Machine

CHAPTER 6

105

To stop a VM, you shou d shut down the operat ng system n the VM You can n t ate th s from the Hyper-V Manager conso e or on the V rtua Mach ne Connect on Act on menu, f ntegrat on components are nsta ed n the VM You can a so stop a VM by r ght-c ck ng the VM n the conso e and se ect ng Turn Off, but th s can cause corrupt on ssues for the VM’s operat ng system and s not recommended when other a ternat ves are ava ab e Se ect ng Turn Off s exact y ke pu ng the power cord out of the back of a runn ng phys ca server You can save a VM from the Hyper-V Manager conso e or the V rtua Mach ne Connect on for that VM by se ect ng Save from the Act on menu Th s w save the current state of the VM to d sk and s s m ar to h bernat ng a phys ca computer It does re ease memory and resources back to the parent part t on Paus ng a VM s s m ar to putt ng a phys ca computer nto s eep mode It’s not act ve y do ng anyth ng, but t a so doesn’t re ease any of the VM’s resources back to the parent part t on, except that t sn’t us ng a CPU or do ng any d sk I/O But the RAM t has a ocated to the VM stays unava ab e to other VMs Snapshots are one of the ways VMs are more usefu and flex b e than any phys ca computer Snapshots a ow you to take a “p cture” of a runn ng v rtua mach ne at an exact moment n t me and save t You can revert back to that snapshot ater, start ng up the VM at that exact configurat on Th s s extremely usefu for bu d ng test computers because t ets you try a new configurat on or software app cat on w thout the r sk of hav ng to rebu d the computer f someth ng rea y bad happens, or just w thout wast ng the t me try ng to get back to where you were before the change f t d dn’t work Snapshots can be a powerfu too , g v ng you the ab ty to try someth ng w th the ca m assurance that you can recover comp ete y f t doesn’t work And snapshots happen n seconds Just se ect the VM n the Hyper-V Manager conso e, r ght-c ck, and se ect Snapshot The VM can be runn ng or not— t doesn’t matter After you create a snapshot, the VM returns to ts prev ous state You can rename the snapshot, check the sett ngs that app ed at the t me of the snapshot, de ete t, or even de ete an ent re snapshot subtree A these act ons are ava ab e from the Act ons pane of the Hyper-V Manager conso e or from the Act on menu of the V rtua Mach ne Connect on You can a so revert a VM to ts prev ous snapshot or se ect another snapshot n the tree and app y t As you can see, t’s powerfu stuff, and the poss b t es are someth ng you’ just have to work w th a b t to beg n to understand A caut on, however t’s genera y a really bad idea to use snapshots on product on SBS servers Or on any other doma n contro er

Clipboard The Hyper-V V rtua Mach ne Connect on supports a m ted ab ty to pass the contents of your c pboard between the parent part t on and the runn ng VM On y text can be passed, but th s a ows you to rep ay the text as keystrokes nto the VM To use th s capab ty, you need to copy text to your c pboard on the parent part t on us ng Ctr +C or any other method

106 CHAPTER 6


Hyper-V shou d a ways run n a part t on where tt e or noth ng e se s go ng on The parent part t on shou d be just that—str ct y a parent Th s keeps the attack surface of the ent re set of v rtua mach nes sma er, reduces the number of reboots requ red, and pr or t zes the resources for the VMs, wh ch shou d be the ones do ng the heavy ft ng We can mag ne scenar os where the parent part t on s a so runn ng a coup e of key nfrastructure ro es as we —DNS and DHCP come to m nd We genera y prefer not to do th s, but t can make fe a b t eas er n some scenar os However, once you start runn ng any other ro es beyond Hyper-V on your parent part t on, you’ve changed the cens ng equat on

Licensing W th W ndows Server 2008 R2 Standard, you are ent t ed to what are ca ed 1+1 cens ng r ghts Th s means you can use the same phys ca cense to nsta W ndows Server 2008 R2 on the parent part t on and the first ch d part t on, as long as the only role you install into the parent is Hyper-V. That’s an mportant m tat on As soon as you start add ng n other ro es, you ose the r ght to run a ch d part t on w thout buy ng a fu cense for t The copy of W ndows Server 2008 R2 Standard that s nc uded n the Prem um Add-on s a fu copy of W ndows Server 2008 R2 and can be used w th these 1+1 r ghts Add t ona y, there s a spec fic exc us on that a ows the parent part t on to not have to be jo ned to the SBS doma n It can run n workgroup mode as ong as t’s on the same phys ca network as the SBS doma n W ndows Server 2008 R2 Enterpr se g ves you the r ght to nsta a parent part t on and four ch d part t ons as ong as that parent part t on s used on y for the Hyper-V ro e As soon as you add n any other ro es to the parent, you ose one of your secondary r ghts W ndows Server 2008 R2 Datacenter g ves you the r ght to nsta a parent part t on and as many ch d part t ons as you want Of course, the actua cost of a Datacenter cense s just a b t out of the reach of most sma bus nesses

Configuration When you configure a ch d part t on for SBS 2011 Standard, you shou d a ocate the same eve of hardware resources to the ch d as you wou d to a phys ca server runn ng SBS 2011 Standard Th s means a minimum of 6 GB of RAM, but we th nk 10 GB s a more appropr ate m n mum for any product on env ronment And ass gn four processor cores to the SBS server VM You shou d a ways use the synthet c network adapters, wh ch are much faster than the egacy emu at on ones And create the same number of v rtua hard d sks for your server as you wou d have arrays w th a phys ca computer We ke to have a m n mum of three d sks— one for the system, one for user space, and one for M crosoft Exchange data Even f your c rcumstances requ re you to have them s tt ng on the same RAID array, hav ng three separate v rtua d sks puts you n a pos t on to add more arrays f you need to and eas y move the VHDs over to the new array to ba ance the oad The one configurat on we see used ncreas ng y as consu tants and others beg n to understand the power and capab t es of 64-b t servers s the “SBS Prem um n a Box” dep oyment

108 CHAPTER 6


Th s starts w th a sma Hyper-V parent part t on, poss b y runn ng the M crosoft Hyper-V Server, and then two ch d part t ons—the first runn ng the ma n SBS server and the second runn ng the Prem um Add-on second server w th SQL Server on t Or, n many dep oyments, a W ndows Server 2008 R2 Standard server runn ng Remote Desktop Serv ces Th s a - n-one so ut on cou d eas y be supported on a s ng e, we -thought-out, m d-range server, w th two quad-core CPUs and 16 to 24 GB of RAM, a good cach ng RAID contro er, and a Ser a -Attached SCSI (SAS) d sk array

Summary V rtua zat on s a hot top c these days, and w th good reason The new capab t es of 64b t servers and M crosoft’s new Hyper-V techno ogy make t a compe ng opt on n many scenar os In th s chapter, we covered the bas cs of us ng Hyper-V to v rtua ze W ndows Sma Bus ness Server 2011 In the next chapter, we cover m grat ng from an ex st ng W ndows Sma Bus ness Server network to SBS 2011

Summary

CHAPTER 6

109

CHAPTER 7

Migrating to Windows Small Business Server 2011 Standard W

th M crosoft W ndows Sma Bus ness Server 2011 Standard (SBS 2011), there s no “upgrade” from any other vers on The on y way to preserve an ex st ng dep oyment of SBS, nc ud ng ema and Act ve D rectory, s to m grate to SBS 2011 Th s s true whether you’re com ng from the 32-b t W ndows Sma Bus ness Server 2003 (SBS 2003), the 64-b t W ndows Sma Bus ness Server 2008 (SBS 2008), or another copy of SBS 2011 M grat on s far more comp ex than a c ean nsta or n-p ace upgrade, a though the SBS team has made a s gn ficant effort to s mp fy the most common cases However, SBS 2011 requ res some s gn ficant changes to your network that you need to p an out ahead of t me ■

SBS 2011 supports on y a s ng e network nterface card (NIC) The preferred SBS 2003 configurat on s two NICs, so f you’re m grat ng from SBS 2003, you’ need to reconfigure t for a s ng e NIC first

■

SBS 2011 Prem um does not nc ude Internet Secur ty and Acce erat on (ISA) If you’re an SBS 2003 Prem um customer runn ng ISA as your firewa , you’ need to rep ace t w th an a ternat ve

■

Your new SBS 2011 server w have a d fferent name than your ex st ng SBS server, and a d fferent IP address The m grat on process w configure DNS to correct for th s

■

The new Companyweb SharePo nt s te w rep ace your ex st ng Companyweb s te You can m grate your ex st ng Companyweb, but the process adds comp ex ty to the m grat on process

■

After you start the m grat on, there rea y s no “undo” button And you’ have 21 days to comp ete the process and remove the o d server from the network

These are a s gn ficant ssues, n our op n on But f you prepare your ex st ng SBS server proper y and p an your m grat on thorough y before beg nn ng the process, the m grat on w succeed

111

In th s chapter, we’ pr mar y be cover ng the m grat on from SBS 2003 because that w be the argest group of m grat ons, but much of what we’ cover here s a so app cab e to m grat ons from SBS 2008 or SBS 2011 If you’re m grat ng from one of these ater vers ons, we recommend st that you read th s chapter thorough y before you beg n, and fo ow the bas c steps here However, you’ use a s ght y d fferent document from M crosoft to refer to dur ng the process

The Migration Process Before you start your SBS 2011 m grat on, you shou d read and understand th s chapter and the appropr ate M crosoft m grat on gu de There are three m grat on gu des, and the one you’ use depends on wh ch vers on of SBS you are m grat ng from The three gu des are ■

“M grate to W ndows Sma Bus ness Server 2011 Standard from W ndows Sma Bus ness Server 2003” at http://technet.microsoft.com/en-us/library/gg563801.aspx

■

“M grate to W ndows Sma Bus ness Server 2011 Standard from W ndows Sma Bus ness Server 2008” at http://technet.microsoft.com/en-us/library/gg615506.aspx

■

“M grate W ndows Sma Bus ness Server 2011 Standard to New Hardware” at http:// technet.microsoft.com/en-us/library/gg616008.aspx

We’ refer to these gener ca y as the Microsoft migration guides, and you shou d a ways refer to the appropr ate one for your spec fic m grat on scenar o The steps n a successfu m grat on are as fo ows 1. Prepare your ex st ng SBS server for m grat on 2. Create the SBSAnswerF e xm us ng the SBS AnswerF e Generator too 3. Insta SBS 2011, us ng the Answer F e to run n m grat on mode 4. Use the M grat on W zard to m grate data and sett ngs from your ex st ng SBS server to

your new SBS 2011 server 5. When m grat on s comp ete, demote your ex st ng SBS server to a doma n member

and then remove t from the doma n You must reformat the server before you can reuse t 6. If you’re us ng Fo der Red rect on n SBS 2003, you’ need to de ete the o d Group

Po cy object (GPO) for fo der red rect on 7. Perform opt ona post-m grat on tasks— nc ud ng mapp ng users to computers and

enab ng fo der red rect on—and M crosoft Exchange tasks such as add ng POP3 connectors and updat ng ma box quotas

112 CHAPTER 7

Migrating to Windows Small Business Server 2011 Standard

Preparing Your Server The most mportant part of any m grat on to SBS 2011 nvo ves proper y prepar ng your ex st ng SBS server The t me and thought you spend on a fu and carefu preparat on of your ex st ng SBS server has a d rect mpact on the success of your m grat on Don’t just start a m grat on w thout first prepar ng Read th s ent re chapter carefu y, and read M crosoft’s m grat on gu de as we Be sure you understand what w happen and what the requ rements are before you start The steps for prepar ng your server are as fo ows 1. Do a fu and comp ete backup of the ex st ng SBS server 2. Insta a current serv ce packs and other updates on the server 3. Configure your network for the m grat on 4. Configure Act ve D rectory 5. Run the Best Pract ces Ana yzer (BPA) to ver fy the hea th of the ex st ng SBS network 6. C ean up and opt m ze the current M crosoft Exchange ma boxes 7. Use the M grat on Preparat on Too to extend the Act ve D rectory schema, mod fy the

M crosoft Exchange Server mode, and extend the t me that both vers ons of SBS can be runn ng to 21 days 8. Ident fy ne-of-bus ness app cat ons runn ng on the ex st ng SBS server, and p an for

the r m grat on

Before You Start You’re go ng to need certa n too s dur ng th s process, and they may or may not a ready be on your source server To s mp fy th ngs and make sure you have everyth ng ready and ava ab e, we suggest you down oad the fo ow ng ahead of t me ■

W ndows PowerShe 2 0 and the Management Framework Core from http:// go.microsoft.com/fwlink/?LinkId=188528

■

M crosoft Base ne Configurat on Ana yzer 2 0 (MBCAv2) from http://go.microsoft.com/ fwlink/?LinkId=188529

■

M crosoft NET Framework 2 0 SP1 from http://go.microsoft.com/fwlink/?linkid=153680

■

M crosoft SBS 2003 Best Pract ces Ana yzer from http://go.microsoft.com/fwlink/ ?LinkId=113752

A so, co ect any other too s you genera y ke to have ava ab e dur ng the bu d process If you create an ISO fi e of these or burn them to a DVD, they’ be ava ab e whenever and wherever you need them For ISO creat on, we ke the s mp c ty of ISO Recorder (http://isorecorder.alexfeinman.com/isorecorder.htm) It’s s mp e, t does the job rea y we , and t’s free

114 CHAPTER 7


Go ahead and nsta W ndows PowerShe 2 0, MBCAv2, and the BPA on your source server They usua y don’t tr gger a reboot

Back Up Your Existing SBS Server The first and most mportant step n any m grat on s mak ng sure you have a fu and ver fied backup We a do backups, and we hope that we never need to use them But f you aren’t tak ng steps to actua y ver fy that your backup can be restored, you haven’t rea y got a backup you can count on Before beg nn ng any SBS m grat on, t’s essent a that you estabsh a sound fa back pos t on that w a ow you to recover n case someth ng goes wrong Of course, noth ng should go wrong, but we’re firm be evers n Murphy’s Laws—after a , we wrote the books on them! For deta s on how to back up your ex st ng SBS 2003 server, see http://go.microsoft.com/ fwlink/?LinkId=27140, or see Chapter 13, “Back ng Up and Restor ng Data,” n our Microsoft Windows Small Business Server 2003 R2 Administrator’s Companion book (For SBS 2008, see Chapter 16, “Configur ng Backup,” n our Windows Small Business Server 2008 Administrator’s Companion book or Chapter 16 n th s book for SBS 2011 ) In addition to do ng a convent ona backup us ng SBS Backup, we strong y suggest makng an mage backup of at east the system vo ume of your ex st ng SBS server and any other vo umes that are used to store core SBS data fi es, such as M crosoft Exchange data fi es Th s w a ow for a faster fu recovery n the event that you have to cance the m grat on for some reason Products we’ve used for th s mage backup nc ude StorageCraft, Acron s, and W ndows Home Server Current y, we’re us ng, and rea y k ng, W ndows Storage Server 2008 R2 Essent a s to back up the v rtua hard d sks (VHDs) of SBS Whatever backup methods you use, you shou d verify the integrity of the backup by do ng a test restore For mage backups, th s means restor ng the ent re part t on mage to a d sk of equa or greater s ze and, at a m n mum, ver fy ng that fi es can be read and opened For an SBS Backup test, you shou d restore mu t p e fi es from d fferent ocat ons to an a ternate ocat on and ver fy that the fi es can be opened and read

Install Current Updates It seems obv ous to us, but bears repeat ng nonethe ess—br ng your current SBS server up to date, nsta ng a current serv ce packs and secur ty updates If you’re runn ng SBS 2003 R2 or ater, w th bu t- n W ndows Server Update Serv ce (WSUS), th s shou d be happen ng automat ca y But even f you’re sure you are up to date, connect to M crosoft Update to ver fy The m grat on process expects m n mum eve s of serv ce packs, and not be ng fu y “patched up” can create ssues n the m grat on G ven that the m grat on s a one-way process, you rea y don’t want to get we nto t and find you have a b ocker We hope the too s n th s preparat on stage w enab e you to catch any b ockers before you start, but t’s st just a rea y good dea to get a your updates nsta ed before you start

Preparing Your Server

CHAPTER 7

115

Most consumer-grade routers nc ude m n ma firewa capab t es, but they rea y aren’t suffic ent to proper y protect an SBS network You shou d e ther add a firewa app ance n add t on or buy a true firewa router, such as one of the TZ ser es firewa s from Son cWALL (http://www.sonicwall.com/us/products/TZ Series.html) Other poss b t es nc ude WatchGuard firewa s (http://www.watchguard.com) and NETGEAR ProSecure firewa s (http://www. prosecure.netgear.com/products/prosecure-utm-series/models.php) The bas c process of network reconfigurat on uses the fo ow ng steps 1 Reconfigure DHCP for shorter cense t mes (opt ona ), and save the DHCP database 2. D sab e or remove the Internet-fac ng NIC n your ex st ng SBS server 3. Run the Configure E-Ma And Internet Connect v ty W zard (CEICW) to reconfigure

network ng 4. Insta a router/firewa , and connect to Internet 5. Connect the router/firewa to a sw tch on the nterna Ethernet 6. Run the Remote Access W zard to d sab e v rtua pr vate networks (VPNs) and reconfig-

ure Rout ng And Remote Access (RRAS) 7. Reconfigure c ent computers and dev ces w th fixed IP addresses and ver fy DHCP

configurat on

DHCP Reconfiguration A though t’s not abso ute y requ red, you can s mp fy DHCP address reconfigurat on on your SBS network f you shorten the ease t me n advance of beg nn ng the m grat on Th s w a ow c ent computers and dev ces on your network to get updated network nformat on w thout a reboot n a reasonab e t me frame The defau t DHCP ease durat on s e ght days To change the durat on, fo ow these steps 1. Log on to your ex st ng SBS server w th an account that has adm n strat ve pr v eges 2. Open the DHCP conso e (dhcpmgmt msc) 3. In the eft pane, dr

down and se ect the scope you want to change

4. Se ect Propert es from the Act on menu to open the Scope Propert es d a og box

shown n F gure 7-3


CHAPTER 7

117

Figure 7-3 The Scope Propert es d a og box for a DHCP scope

5. Change the Lease Durat on For DHCP C ents va ues to a shorter t me We ke to set an

8-hour ease here 6. C ck OK to c ose the Scope Propert es d a og box and return to the DHCP conso e

C ose the DHCP conso e Another usefu step to take at th s po nt s to back up the DHCP database If you are us ng a standard SBS DHCP w th no reservat ons or other custom zat ons, don’t bother—the w zards w take care of t But f you have done s gn ficant configurat on, you shou d probab y back up your DHCP database to make t eas er to restore that configurat on See the M crosoft Know edge Base art c e at http://support.microsoft.com/kb/962355

Disable or Remove the Second NIC The first essent a step n reconfigur ng your SBS 2003 network from a two NIC SBS network to a s ng e NIC network s to d sconnect the externa y fac ng NIC from your ex st ng Internet connect on and d sab e or remove the network card You can get away w th d sab ng t, but then you’ have more comp a nts from the SBS w zards, so we prefer remov ng t phys ca y from the server After you’ve removed the network card, you need to reconfigure your SBS network to the IP address range you’ use for your Internet connect on

118 CHAPTER 7


Figure 7-4 The Manage nternet And E Ma page of the SBS Server Management conso e

6. C ck Connect To The Internet to open the CEICW 7. C ck Next to open the Connect on Type page of the CEICW, as shown n F gure 7-5

Figure 7-5 The Connect on Type page of the CE CW

120 CHAPTER 7


8. Se ect Broadband, and c ck Next to open the Broadband Connect on page, as shown

n F gure 7-6 Se ect A Loca Router Dev ce W th An IP Address from the My Server Uses drop-down st

Figure 7-6 The Broadband Connect on page of the CE CW

9. C ck Next to open the Router Connect on page shown n F gure 7-7 Type n the IP

address you’ be us ng w th your new router/firewa and the IP addresses for your ISP’s DNS servers Note If your router/firewall does DNS forwarding, you can use the IP address of

the router/firewall for the Primary DNS Server address and leave the Secondary DNS Server address blank. If you want to always use root hints for DNS, you can leave both addresses blank.


CHAPTER 7

121

Figure 7-7 The Router Connect on page of the CE CW

10. Se ect the My Server Uses A S ng e Network Connect on For Both Internet Access And

The Loca Network check box 11. C ck Next If the IP address of the router/firewa

s n a d fferent address range from your prev ous nterna address, you’ see the message shown n F gure 7-8

Figure 7-8 The warn ng message generated dur ng network reconf gurat on

12. C ck Yes to open the nformat on message shown n F gure 7-9 Because we’re not con-

nected to anyth ng at th s po nt, c ck No

Figure 7-9 The f rewa

122 CHAPTER 7

nformat ona message of the CE CW


13. On the Web Serv ces Configurat on page, se ect the serv ces that you want to be ava -

ab e when your ex st ng SBS server s back on ne 14. C ck Next tw ce more, and then c ck F n sh to comp ete the w zard 15. C ck C ose when the CEICW fin shes

If you’ve chosen to use a d fferent IP address range for your SBS network than the one you’re current y configured to use, now s a good t me to change t by fo ow ng these steps 1. On the Manage Internet And E-ma page of the Server Management conso e, c ck

Change Server IP Address to open the Change IP Address Too d a og box shown n F gure 7-10

Figure 7-10 The Change P Address Too

2. Type n the new IP address for the server and c ck OK When the too comp etes, you’

see the message shown n F gure 7-11

Figure 7-11 When you change the server s P address, t offers to run the CE CW aga n

3. C ck No to comp ete the process and c ose the Change IP Address Too d a og box As

shown n F gure 7-12, the IP address has been reconfigured to po nt to the new router/ firewa that we w nsta at 192 168 51 1


CHAPTER 7

123

Figure 7-12 The P address has changed on the server

Note If you have fixed IP devices on your network, you’ll need to manually reconfigure

their default gateway. This won’t matter for devices that don’t need to connect to the Internet, such as printers, but if you have additional servers or workstations that use fixed IP addresses, you should reconfigure them now to point to the new router.

Install Router and Firewall After you’ve reconfigured your ex st ng SBS to use a s ng e network card, you need to reconnect t to the Internet You need to nsert a router nto the network f you don’t a ready have one, and configure t for the network address range that you’ve chosen for your SBS network In many cases, you’ a ready have a router n p ace—we d d But that router s ke y not a fu -fledged firewa Now s the t me to rep ace t or add an add t ona firewa app ance When you do, you’ need to configure the firewa for your SBS network The port’s SBS 2003 uses nc ude ■

25 S mp e Ma Transfer Protoco (SMTP) Used by M crosoft Exchange for ncom ng and outgo ng ema

■

80 Hypertext Transfer Protoco (HTTP) Outbound, th s port s used to surf the web Inbound, t can be used to n t a y connect to the Remote Web Workp ace s te

124 CHAPTER 7


Disable VPNs Before you beg n the m grat on, you need to d sab e v rtua pr vate network ng to the SBS server If you need VPN access, you shou d choose a router/firewa that can act as a VPN endpo nt U t mate y, however, we th nk a better overa so ut on s to use Remote Web Access (RWA) and avo d VPNs whenever poss b e To d sab e VPNs on the ex st ng SBS server, fo ow these steps 1. Log on to the server w th the ma n Adm n strator account 2. Open the Server Management conso e f t doesn’t open automat ca y 3. In the eft pane of the Server Management conso e, c ck Internet And E-ma

The

Manage Internet And E-ma page opens 4. C ck Configure Remote Access to open the Remote Access W zard 5. C ck Next on the We come page to open the Remote Access Method page as shown n

F gure 7-13

Figure 7-13 The Remote Access Method page of the Remote Access W zard

6. Se ect D sab e Remote Access, c ck Next, and then c ck F n sh 7. When the w zard comp etes, c ck C ose to return to the Server Management conso e

Th s comp etes the network reconfigurat on for your SBS m grat on Now s a good t me to ver fy that a the computers and dev ces on your network are work ng as you’d expect and can connect proper y Pay part cu ar attent on to dev ces such as pr nters, w re ess access po nts, and web cams that have a fixed or DHCP reservat on address to make sure that they are commun cat ng correct y w th the rest of the network

126 CHAPTER 7


Configuring Active Directory Before you can comp ete the m grat on to SBS 2011, you need to ra se the doma n and forest funct ona eve s of your current SBS 2003 Act ve D rectory The m grat on requ res that the Act ve D rectory forest and doma n funct ona eve be W ndows Server 2003 The defau t for SBS 2003 s the M crosoft W ndows 2000 funct ona eve You can’t move to a W ndows Server 2003 funct ona eve f there are any W ndows 2000 or ear er doma n contro ers n your SBS doma n If there are, you must first demote them from be ng doma n contro ers For W ndows 2000, run Dcpromo exe as a doma n adm n strator to demote the egacy W ndows 2000 doma n contro er If you st have W ndows NT 4 doma n contro ers n your network, you’ need to rebu d these servers as non–doma n contro ers or remove them from the network ent re y G ven that W ndows NT 4 s no onger supported by M crosoft and won’t get any updates or secur ty patches, you need to remove any rema n ng W ndows NT 4 computers To ra se the doma n and forest funct ona eve of your SBS 2003 Act ve D rectory, fo ow these steps 1. Log on to the SBS 2003 server w th an account that has both Doma n Adm ns and

Enterpr se Adm ns pr v eges The Adm n strator account s a good cho ce for th s 2. C ck Start, then c ck Adm n strat ve Too s, and then c ck Act ve D rectory Doma ns

And Trusts to open the Act ve D rectory Doma ns And Trusts conso e shown n F gure 7-14, or you can type doma n msc at the Run menu

Figure 7-14 The Act ve D rectory Doma ns And Trusts conso e

Note Raising the domain functional level is an irreversible change. You can’t later

lower the functional level.


CHAPTER 7

127

3. C ck the doma n (examp e oca n F gure 7-14), and se ect Ra se Doma n Funct ona

Leve from the Act on menu to open the d a og box shown n F gure 7-15

Figure 7-15 The Ra se Doma n Funct ona Leve d a og box

4. Se ect W ndows Server 2003 from the drop-down st (th s shou d be the on y cho ce n

most SBS networks) and then c ck Ra se to ra se the doma n funct ona eve Note If the Current Domain Functional Level is shown as Windows Server 2003, you

won’t be able to change the functional level.

5. C ck OK at the warn ng that th s change can’t be reversed, and c ck OK aga n at the

success message 6. C ck Act ve D rectory Doma ns And Trusts n the eft pane at the top of the tree 7. C ck Ra se Forest Funct ona Leve on the act on menu to open the Ra se Forest Func-

t ona Leve d a og box shown n F gure 7-16 Note Raising the forest functional level is an irreversible change. You can’t later lower

the functional level.

128 CHAPTER 7


Figure 7-16 The Ra se Forest Funct ona Leve d a og box

8. C ck Ra se You’ see the warn ng message that th s change s rrevers b e as shown n

F gure 7-17

Figure 7-17 Ra s ng the forest funct ona eve s rrevers b e

9. C ck OK If the ra se was successfu , you’ see the nformat ona message n F gure 7-18

Figure 7-18 The Ra se Forest Funct ona Leve success nformat ona message

10. C ck OK to c ose the message, and then c ose the Act ve D rectory Doma ns And Trusts

d a og box


CHAPTER 7

129

Best Practices Analyzer The Best Pract ces Ana yzer (BPA) s a usefu too to run aga nst your SBS server regard ess of whether you’re p ann ng on m grat ng to SBS 2011 mmed ate y or ater on The BPA can dent fy a k nds of prob ems n an SBS env ronment w th over 200 errors, warn ngs, and nformat ona messages about the hea th of your SBS network You can down oad the BPA from http://go.microsoft.com/fwlink/?LinkId=113752 and then nsta t on your SBS 2003 server The Know edge Base art c e for the BPA s 940439 After you’ve down oaded the BPA, execute the SBS2003SP1-KB940439-x86-enu exe fi e to nsta t (The actua fi e name var es depend ng on the anguage ) You can then run the BPA us ng the fo ow ng steps 1. C ck Start, c ck A Programs, and se ect SBS Best Pract ces Ana yzer Too 2. The first t me you run the BPA, you’ be asked f you want to check for new vers ons

every t me you start t, and you’ be offered an opportun ty to check now C ck Yes to rece ve automat c updates, and choose to check now—even w th a fresh down oad, we st got a newer vers on after the check 3. From the We come screen shown n F gure 7-19, you can se ect the opt ons to use for a

scan or v ew a prev ous scan

Figure 7-19 The We come screen of the SBS Best Pract ces Ana yzer

4. C ck Se ect Opt ons For A New Scan to open the Start A Scan page shown n F gure

7-20

130 CHAPTER 7


Figure 7-20 The Start A Scan page of the SBS BPA

5. Type n a abe for the scan, and c ck Start Scann ng When the scan comp etes, you’

see a summary of the resu ts as shown n F gure 7-21

Figure 7-21 The Scann ng Comp eted summary page of the SBS BPA


CHAPTER 7

131

6. To v ew the resu ts of the scan, c ck V ew A Report Of Th s Best Pract ces Scan A typ -

ca report s shown n F gure 7-22

Figure 7-22 A typ ca report from an SBS BPA scan

7. C ck any sted ssue to see more deta s on the ssue, nc ud ng nks to Know edge

Base art c es on how to correct the ssue The deta screen for the Rece ve S de Sca ng ssue shown n F gure 7-22 s shown n F gure 7-23

132 CHAPTER 7


Figure 7-23 The Rece ve S de Sca ng ssue deta s from the SBS BPA

8. After you’ve corrected the ssues that cou d prevent a successfu m grat on, run the

BPA aga n by repeat ng steps 4 through 7 to ver fy that a the prob ems are corrected At a m n mum, you shou d correct a cr t ca ssues, and you shou d carefu y eva uate the ssues sted on the A Issues tab and correct any that are poss b e prob ems for your m grat on Important Do not proceed with your migration until all critical issues identified

by the BPA have been resolved. Seriously. The migration will fail if you do. You should also carefully evaluate any additional issues shown on the All Issues tab and resolve as many as possible.

Optimize Exchange Mailboxes You shou d have your users opt m ze the r M crosoft Exchange ma boxes to reduce the t me t takes to m grate them to Exchange 2010 If you’ve been enforc ng str ct ma box m ts, th s ke y sn’t a major ssue However, f you’ve got a coup e of users who are spec a and have ser ous y arge ma boxes, now s a good t me to try to get th s under contro Anyth ng that removes excess ma from the ma boxes s a good th ng, but the most obv ous steps are ■

Ask a users to empty the r De eted Items fo ders

■

Ask a users to empty the r Junk E-ma fo ders


CHAPTER 7

133

■

Ask a users to arch ve a ma

tems o der than some reasonab e date

■

Carefu y nspect Pub c Fo ders, and remove or arch ve any out-of-date or unused contents to reduce the overa s ze of the Pub c Fo der database

■

Make a separate arch ve (PST) of a act ve Pub c Fo ders as a backup

When users have had a reasonab e amount of t me to c ean up the r ma boxes, t’s usua y usefu to exam ne the ma box store n Exchange to see whether any outstand ng y arge ma boxes rema n Th s a ows you to have a more d rect d scuss on w th the owner of the ma box to he p reduce ts s ze You can check the s ze of ma boxes by open ng the Exchange System Manager and nav gat ng to Servers, then servername, then F rst Storage Group, then Ma box Store, and then Ma boxes, as shown n F gure 7-24

Figure 7-24 A very empty M crosoft Exchange Ma box store

Note The mailboxes listed in Figure 7-24 are not typical of a working system but reflect

what you would see on a brand-new system.

Running the Migration Preparation Tool There are severa tasks that need to be done on a SBS 2003 networks to prepare for the actua m grat on, nc ud ng the fo ow ng ■

Upgrade the Act ve D rectory schema

■

Set the M crosoft Exchange Server mode

■

Extend the t me that two SBS servers can coex st n the same network

To make fe eas er, these tasks are automated w th the M grat on Preparat on Too

134 CHAPTER 7


There’s one other task we’ cover n th s sect on—synchron z ng the t me source On most SBS networks, th s shou d a ready be OK, but t’s cr t ca for the proper m grat on to the new SBS 2011 server, so make sure t’s correct and synched to an externa source Important The changes made by the Migration Preparation Tool are irreversible. You

should ensure that you have a fully tested backup of your existing SBS 2003 server before running the Migration Preparation Tool. The only way to return to your original configuration is to restore your backup.

Before you start the m grat on, you need to upgrade the Act ve D rectory schema to a gn w th the schema used by SBS 2011 To upgrade the schema, you must be ogged on to the exst ng SBS server w th an account that s a member of the Doma n Adm ns, Enterpr se Adm ns, and Schema Adm ns groups The defau t Adm n strator account s n a three groups To ver fy that the account you are us ng s n the necessary groups, open Act ve D rectory Users And Computers and doub e-c ck the account you are us ng C ck the Member Of tab to see a st of groups the account be ongs to, as shown n F gure 7-25

Figure 7-25 The Member Of tab of the Adm n strator account propert es

To run the M grat on Preparat on Too , use the fo ow ng steps 1. Log on to your source server w th an account that has Doma n Adm ns, Enterpr se

Adm ns, and Schema Adm ns pr v eges 2. Insert the first SBS 2011 DVD nto the DVD dr ve of the source server If you have auto-

run enab ed on the source server, you’ see the screen shown n F gure 7-26


CHAPTER 7

135

Figure 7-26 The Autorun screen for W ndows Sma Bus ness Server 2011 Standard when run on

SBS 2003

Note If you don’t have a DVD drive on your existing SBS server, insert the DVD in a

client workstation and copy the entire tools directory to a location on the server and run SourceTool from there.

3. C ck Insta The M grat on Preparat on Too 4. Acknow edge the End-User L cense Agreement (EULA), and c ck Insta and then F n sh

(Leave the Run The M grat on Preparat on Too opt on se ected ) 5. On the Get Important Updates screen, choose e ther Down oad And Insta Updates

(Recommended) or Do Not Down oad Updates Persona y, we avo d down oad ng any add t ona updates at th s po nt, though the offic a M crosoft recommendat on s to a ways down oad updates 6. On the Prepare Your Source Server For M grat on page, se ect the I Have A Backup And

Am Ready To Proceed check box and then c ck Next The too w start updat ng your schema, extend ng your coex stence t me, and configur ng Exchange Server as shown n F gure 7-27 The process takes severa m nutes, so just be pat ent The argest chunk of t me s for the schema upgrade

136 CHAPTER 7


Figure 7-27 The M grat on Preparat on Too s prepar ng the source server for m grat on

7. When the too comp etes ts tasks, c ck Next and the source server w

be scanned for any add t ona prob ems If any are dent fied, as shown n F gure 7-28, correct them before cont nu ng

Figure 7-28 The M grat on Preparat on Too found an ssue that must be corrected before

cont nu ng


CHAPTER 7

137

8. Rev ew the M grat on Gu de, se ect the check box for t, and then c ck Create An

Answer F e See the steps under Creat ng A M grat on Answer F e, ater n th s chapter After you’ve fin shed creat ng t and stor ng t on the USB or other med a you’ use, c ck F n sh to c ose the W ndows Sma Bus ness Server 2011 Standard M grat on Preparat on Too 9. When you ex t the M grat on Preparat on Too , you’ be prompted to reboot You

shou d reboot your server before go ng any further After you reboot, you need to make sure your ex st ng SBS 2003 server s correct y synchron zed w th an externa t me source To set the t me synchron zat on on your SBS server, use the fo ow ng steps 1. Log on to your ex st ng SBS server w th an account that has Doma n Adm ns pr v eges 2. Open a command w ndow (cmd exe) Type the fo ow ng commands n the w ndow, as

shown n F gure 7-29 w32tm /config /syncfromflags:domhier /reliable:no /update net stop w32time net start w32time

Figure 7-29 Conf gur ng W ndows T me synchron zat on

3. C ose the command w ndow Important If you are running SBS 2003 and SBS 2011 in virtual machines on a Hyper-V

server, the parent partition must have the same time zone, date, and time as the child partitions.

138 CHAPTER 7


F na y, before you can m grate your ex st ng SBS 2003 server, ensure that any ne-ofbus ness app cat ons are moved off the ma n SBS server, or that you have a c ear m grat on path to move them to another server on your SBS network after the m grat on comp etes Remember that once you m grate to SBS 2011, your o d SBS server must be comp ete y decomm ss oned and removed from the network Before you can return t to the SBS network, you need to format the system d sk and re nsta an operat ng system The o d and new SBS servers can co-ex st on the network for a max mum of on y 21 days

Creating a Migration Answer File After you have your ex st ng SBS server prepared for m grat on, you need to create an answer fi e that can be used to nsta SBS 2011 You must use an answer file for the nsta at on of SBS 2011 f you are m grat ng Fortunate y, there’s an exce ent Answer F e Generator too on the SBS 2011 nsta at on DVD But there s one step you need to take first—creat ng a new SBS adm n strator account

Administrator Account SBS 2003 creates a defau t Adm n strator account dur ng n t a nsta at on and setup Th s account, often referred to as the 500 account because of a d st nct ve port on of the GUID for the account, s the master account from wh ch a th ngs spr ng Th s s a egacy from when we were ess secur ty-aware and ess concerned about hav ng everyth ng nsta ed by and dependent on a we -known account Today, that s far from a best pract ce, and n SBS 2011 the Adm n strator account s d sab ed by defau t So to ensure that we have an account for both servers that has the necessary pr v eges to comp ete the m grat on, we’re go ng to first create a new adm n strator account and make that account part of a the groups that the current Adm n strator account s part of Th s new account must have Doma n Adm ns, Enterpr se Adm ns, and Schema Adm ns pr v eges, at a m n mum In fact, we’re s mp y go ng to make a copy of the Adm n strator account To create the new adm n strator account, fo ow these steps 1. Log on to the ex st ng SBS 2003 server w th an account w th at east Doma n Adm ns

pr v eges 2. C ck Start, and open Act ve D rectory Users And Computers from the Adm n strat ve

Too s fo der 3. Open the Users fo der n the eft pane, and se ect the Adm n strator account n the

r ght pane 4 Se ect Copy from the Act on menu, as shown n F gure 7-30

Creating a Migration Answer File

CHAPTER 7

139

Figure 7-30 To ensure that a the necessary perm ss ons are cop ed to the new account, use

Act ve D rectory Users And Computers to copy the Adm n strator account

5. On the user Copy Object – User d a og box, enter the deta s for the new account, as

shown n F gure 7-31

Figure 7-31 Creat ng a new adm n strator account for SBS 2003

6. After supp y ng the nformat on for the new adm n strator account, c ck Next to fi

n password nformat on for the new account Use a password of at east e ght characters that s a m xture of uppercase and owercase etters, spec a characters, and numera s to ensure that t meets comp ex ty requ rements for SBS 2011

140 CHAPTER 7


7. C ck Next to open the Exchange ma box creat on step of the Copy Object – User

W zard, as shown n F gure 7-32

Figure 7-32 Creat ng the Exchange ma box for the new adm n strator account

8. C ck Next and then c ck F n sh to create the account The account w

be created n

the Users conta ner, wh ch sn’t where we want t 9. Expand the MyBus ness organ zat ona un t (OU) conta ner, and then expand the Users

OU under t so that you can see the SBSUsers OU as shown n F gure 7-33

Figure 7-33 The MyBus ness OU s expanded so that you can see the SBSUsers OU

Creating a Migration Answer File

CHAPTER 7

141

10. Se ect the new user you just created, and drag t nto the SBSUsers OU You’ see the

warn ng shown n F gure 7-34

Figure 7-34 The warn ng about mov ng objects n Act ve D rectory

11. C ck Yes to move the user F gure 7-35 shows the SBSUsers OU w th the new adm n s-

trator account n t

Figure 7-35 The SBSUsers OU w th the new SBS Adm n strator account n t

12. C ose Act ve D rectory Users And Computers

Using the SBS Answer File Generator The SBS Answer F e Generator (SBSAfg exe n the Too s fo der of the Insta at on DVD) can be used to automate a fresh, new nsta of SBS, and we’ve covered t n some deta n Chapter 5, “Insta ng W ndows Sma Bus ness Server 2011 Standard ” But t has a second and more mportant funct on— t s used to generate an answer fi e for enab ng a m grat on nsta at on

142 CHAPTER 7


Note When using a self-signed certificate, you should leave the Certificate Authority

Name field blank. SBS will create the certificate and use the correct authority name. It’s very easy to choose a name that will cause problems, and by the time the installation fails, you’ll have wasted a significant amount of time.

After you have a the sett ngs for your m grat on wr tten down, t’s t me to run the SBS Answer F e Generator us ng the fo ow ng steps 1. Doub e-c ck the SBSAfg exe fi e n the \Too s d rectory of the first DVD (the Insta at on

DVD) of the SBS 2011 d str but on med a 2. In the Insta at on Type sect on of the W ndows Sma Bus ness Server 2011 Standard

Answer F e Too (shown n F gure 7-36), se ect M grat on From Ex st ng Server (Jo n Ex st ng Doma n)

Figure 7-36 The W ndows Sma Bus ness Server 2011 Standard Answer F e Too

3. F

n the fie ds accord ng to the tab e you created, mak ng sure to scro to the end of the fi e so that you don’t m ss any

4. C ck Pr nt to pr nt a copy of the sett ngs to the defau t pr nter f you want a hard copy

of the sett ngs Important The printout has the administrative password clearly visible. This will

also be the domain recovery password. Protect the printout accordingly, and destroy it when it’s no longer required.

144 CHAPTER 7


5. C ck Save As to save a copy as SBSAnswerF e xm You can save the copy to a oca

hard d sk, to a network share, or to removab e med a Important The SBSAnswerFile.xml file that is generated has the administrative pass-

word in plain text. This will also be the domain recover password. Protect the file until you use it, and delete it when you’re done.

6. C ck Cance to c ose the Answer F e Generator 7. Copy SBSAnswerF e xm to the root d rectory of the removab e med a you’ use dur ng

nsta at on of SBS 2011 Th s can be a USB key d sk, a floppy d sk, or other removab e med a that your server can read dur ng the nsta at on

Installing SBS 2011 OK—we’ve prepared our server, we’ve created our answer fi e, and we’re ready to go T me to nsta SBS 2011 We’re go ng to fo ow the norma steps covered n Chapter 5, except that we’re us ng the answer fi e we created ear er n th s chapter Insert the removab e med a w th the SBSAnswerF e xm , nsert your Insta at on DVD, and turn on the server Note You won’t actually need the answer file to be available until the Windows Server

2008 R2 portion of the installation completes.

You need to set your BIOS to boot from the DVD dr ve as the first opt on to ensure that the server boots from the DVD Then wa k through the norma W ndows Server 2008 R2 nsta at on steps as covered n Chapter 5 You’ choose your nsta at on d sk, and you can set the s ze of your system vo ume for SBS at th s t me Do not set t at fewer than 120 GB—we rea y prefer 200 GB or more It’s a rea pa n to ncrease the s ze ater, and there are just too many th ngs that end up go ng onto your pr mary system vo ume After you’ve answered the n t a nsta at on quest ons, the nsta at on of W ndows Server 2008 R2 proceeds automat ca y When t comp etes and the system reboots, the nsta at on of SBS w automat ca y beg n f the SBSAnswerF e xm fi e s ava ab e and you’ve set the answer fi e for unattended nsta at on Even f you’ve se ected the Run Unattended check box n the SBS Answer F e Generator, the nsta at on w stop f t s m ss ng a cr t ca p ece of nformat on If you’ve eft the Run Unattended check box c eared, the SBS nsta at on process w use the answers you’ve prov ded n the fi e, but t w expect manua nput from you to move from step to step The server w reboot severa t mes dur ng the nsta at on, but f you’ve fi ed out the answer fi e fu y and you’ve se ected the Run Unattended check box, you shou d be ab e to start t, answer the n t a quest ons, and go away for a wh e Have unch P ay a game of

Installing SBS 2011

CHAPTER 7

145

racquetba The who e process m ght be automated, but t’s st s ow When the nsta at on s comp ete, you’ see the Insta at on F n shed screen shown n F gure 7-37

Figure 7-37 The nsta at on F n shed screen, ready to start the m grat on from SBS 2003 to SBS 2011

Migrating Settings and Data After you’ve comp eted the nsta at on of SBS 2011 nto your SBS 2003 network, you have 21 days to comp ete the m grat on and decomm ss on the or g na server There are severa steps n the process—some automated, some not

146 CHAPTER 7


Starting the Migration Wizard To run the M grat on W zard, fo ow these steps 1. Log on to the new SBS 2011 server w th the new adm n strator account you created

ear er 2. Open the W ndows SBS Conso e f t doesn’t open automat ca y C ck ng the Start

The M grat on W zard nk n the Insta at on F n shed screen shown n F gure 7-37 w automat ca y aunch the W ndows SBS Conso e Note The Windows Small Business Server 2011 Standard Console is the official name

of the Windows SBS Console, but we don’t want to type that out every time, and we don’t think you want to read that whole long name every time, either. So we’ve shortened it to Windows SBS Console or even sometimes just SBS Console. But it’s still just the same console, and it’s the heart of everything you do with SBS.

3. C ck M grate To W ndows SBS to open the M grate To W ndows Sma Bus ness Server

2011 Standard W zard The first t me you run the w zard, you’ see a We come page 4. C ck Next to open the M grat on W zard Home page, shown n F gure 7-38

Figure 7-38 The M grat on W zard Home page before start ng the m grat on

5. Se ect Change Where To Store Data On The Dest nat on Server, and c ck Next to open

the page shown n F gure 7-39

148 CHAPTER 7


Figure 7-39 The Change Where To Store Data On The Dest nat on Server page

6. Th s s an opt ona task, so you can choose to sk p t Because the defau t ocat on for

Exchange Server data s on the C dr ve, we defin te y want to change that So c ck Change The Exchange Server Data Locat on to open the Move Exchange Server Data W zard 7. C ck Next and your server hard dr ves are exam ned When the w zard fin shes the ex-

am nat on, t prompts you w th the warn ng Server Backup Is Not Configured, as shown n F gure 7-40 We know that, so c ck OK

Figure 7-40 Warn ng that Server Backup sn t conf gured

8. On the Choose A New Locat on For The Data page, shown n F gure 7-41, se ect the

ocat on you want to use for the data and c ck Move

Migrating Settings and Data

CHAPTER 7

149

Figure 7-41 The Choose A New Locat on For The Data page of the Move Exchange Server Data

W zard

9. C ck F n sh when the task comp etes 10. Comp ete the rest of the re ocat ons on th s page now, or comp ete them ater SBS

nc udes w zards that s mp fy these tasks even after the m grat on s comp ete 11. C ck Sk p Task when you’ve comp eted a the steps you want to do at th s t me, and

then c ck Next to return to the M grat on W zard Home page Note You could also click Task Complete and return to the Migration Wizard Home

page, but by clicking Skip Task, you will have the option to return to this task later if you want to.

Configure the Network To configure the network, fo ow these steps 1. C ck Next to move to the Set Up The Network page shown n F gure 7-42 2. C ck Start The Connect To The Internet W zard nk to open the Before You Beg n page

of the Connect To The Internet W zard Read t carefu y to know what you’ need before you start

150 CHAPTER 7


Figure 7-42 The Set Up The Network page of the M grate To W ndows Sma Bus ness Server

2011 Standard W zard

3. C ck Next and the w zard w

start detect ng your current network and ocat ng your router When t comp etes, you’ see the page shown n F gure 7-43

Figure 7-43 The Connect To The nternet W zard has correct y detected the router and server P

addresses


CHAPTER 7

151

4. C ck Next If you have a UPnP router, the w zard w

automat ca y configure t If you don’t, you’ see a page descr b ng how to manua y configure the sett ngs requ red

5. C ck F n sh, and then se ect Task Comp ete and c ck Next to return to the M grat on

W zard Home page The Configure The Network task now shows as Comp eted

Configure the Internet Address To configure the Internet address, fo ow these steps 1. C ck Next to open the Configure The Internet Address page Read the warn ng about

cert ficate d str but on to remote users If you are us ng se f-s gned cert ficates and you don’t fo ow the adv ce shown now, your users w be ocked out of Remote Web Access (RWA) and Out ook Web Access (OWA) unt you d str bute new cert ficates to them 2. C ck Start The Internet Address Management W zard when you’re ready to move your

RWA and OWA s tes to the new SBS 2011 server 3. C ck Next on the Before You Beg n page (after read ng t) to open the Do You Want To

Reg ster A New Doma n Name page, shown n F gure 7-44

Figure 7-44 The Do You Want To Reg ster A New Doma n Name page of the nternet Address Management W zard

152 CHAPTER 7


4. Se ect the appropr ate cho ce for your network If you’re not chang ng your Internet

doma n name, choose I A ready Have A Doma n Name That I Want To Use 5. C ck Next to open the How Do You Want To Manage Your Doma n Name page, shown

n F gure 7-45 If you’re a ready manag ng your doma n name, there’s no reason to change

Figure 7-45 SBS 2011 can automat ca y manage DNS records and your doma n name

6. C ck Next to open the Store Your Doma n Name Informat on page of the w zard, as

shown n F gure 7-46


CHAPTER 7

153

Figure 7-46 The Store Your Doma n Name nformat on page of the nternet Address Manage

ment W zard

7. Type your Internet doma n name n the Doma n Name And Extens on fie d and then

c ck Configure Th s w configure your RWA s te, your Exchange ema address, and your Internet router f t supports UPnP If t doesn’t, you need to manua y configure the sett ngs on the router If you need to use a remote access prefix other than remote yourdomainname.com for your RWA s te, you can c ck the Advanced Sett ngs nk to open the Advanced Sett ngs d a og box shown n F gure 7-47 But rea y, st ck w th the defau ts un ess there s a compe ng reason not to

Figure 7-47 You can change the defau t doma n pref x f necessary

154 CHAPTER 7


8. C ck Configure to run the Internet Address Management W zard, as shown n F gure

7-48

Figure 7-48 The Conf gur ng Your Server page of the nternet Address Management W zard

9. If your router doesn’t use UPnP (and we certa n y don’t run t on ours or recommend

that others do), you’ see a warn ng on the Congratu at ons! page, as shown n F gure 7-49


CHAPTER 7

155

Figure 7-49 f your router doesn t have UPnP enab ed, you

nternet Router

see a warn ng symbo next to

10. C ck on the V ew Warn ng Deta s nk to open the Internet Address Management

Warn ng Deta s d a og box shown n F gure 7-50 You can safe y gnore th s warn ng now, but wr te down the ports sted You’ want to go manua y configure your router or firewa to forward those ports to your new SBS 2011 server

Figure 7-50 The nternet Address Management Warn ng Deta s d a og box

156 CHAPTER 7


11. C ck C ose and then c ck F n sh to return to the Configure The Internet Address page

of the M grat on W zard Se ect Task Comp ete and then c ck Next to return to the M grat on W zard Home page

Migrate Network Settings To m grate network sett ngs, fo ow these steps 1. C ck Next to open the M grate Network Sett ngs page of the M grat on W zard, shown

n F gure 7-51

Figure 7-51 The M grate Network Sett ngs page of the M grat on W zard

2. C ck Launch The DNS Forwarders M grat on Task When the task comp etes, you’ see

the nformat ona message shown n F gure 7-52

Figure 7-52 The DNS Forwarders have been m grated successfu y


CHAPTER 7

157

3. C ck OK to return to the M grate Network Sett ngs page 4. C ck Launch The Mob e Users Group M grat on Task to m grate the Mob e Users

group The Mob e Users group s not a defau t SBS 2011 Secur ty Group 5. C ck OK when the w zard comp etes to return to the M grate Network Sett ngs page 6. C ck the Cert ficate M grat on Instruct ons nk for deta s on how to m grate cert fi-

cates M grat on of Se f-Issued cert ficates s not supported, but Trusted Th rd-Party cert ficates can be m grated to the new SBS 2011 server 7. Se ect Task Comp ete and then c ck Next to return to the M grat on W zard Home

page

Migrate Exchange Mailboxes and Settings To m grate Exchange ma boxes and sett ngs, fo ow these steps 1. C ck Next to open the M grate Exchange Ma boxes And Sett ngs page of the M gra-

t on W zard 2. C ck the M grate Exchange Server Ma boxes And Pub c Fo ders nk to open the

TechNet art c e on m grat ng M crosoft Exchange Th s s a critical step f you’re runn ng M crosoft Exchange on your ex st ng SBS server The steps you’ be perform ng w

a. Remove the Internet Connectors from the source server

b. Move any POP3 connectors from the source server f you’re current y us ng POP3

c. Move your Pub c Fo ders from the source server to the dest nat on server

d. Move the Offl ne Address book from the source server to the dest nat on server

e. Move the users’ ma boxes from the source server to the dest nat on server

3. Carefu y read each step of the process Do not try to sk p any steps, but fo ow them

r gorous y 4. C ck the Remove Internet Connectors nk, and fo ow the nstruct ons exact y to re-

move the Sma Bus ness SMTP Connector from the SBS 2003 source server, as shown n F gure 7-53

158 CHAPTER 7


Figure 7-53 Remov ng the Sma Bus ness SMTP Connector on the source SBS 2003 server

5. Fo ow the nstruct ons for mov ng POP3 connectors f you’re us ng them Th s s an

opt ona step 6. Fo ow the nstruct ons for mov ng Pub c Fo ders carefu y Th s s a cr t ca step and

can take a substant a amount of t me on a arge Pub c Fo der store Do not proceed unt the Pub c Fo der Instances fo der s empty, as shown n F gure 7-54 Important It takes awhile for the Public Folder Instances container to completely

empty, and for a while it seems as if nothing is happening at all. Be patient.


CHAPTER 7

159

Figure 7-54 The Pub c Fo der nstances conta ner must be comp ete y empty

7. Fo ow the nstruct ons for mov ng your offl ne address book (OAB) Un ke the prev ous

steps, th s s done on the dest nat on server, as shown n F gure 7-55

Figure 7-55 Mov ng the Off ne Address Book from the source server to the SBS 2011 dest nat on

server

160 CHAPTER 7


8. When the Move Offl ne Address Book W zard comp etes successfu y, se ect the Offl ne

Address Book n the Exchange Management Conso e C ck Propert es from the Act on menu to open the Defau t Offl ne Address L st Propert es d a og box 9. C ck on the D str but on tab, and then se ect the Enab e Web-Based D str but on check

box, as shown n F gure 7-56

Figure 7-56 Enab ng web based d str but on for the OAB

10. C ck Add, and se ect OAB (Defau t Web S te) for the dest nat on server C ck OK, and

then c ck OK aga n to c ose the Defau t Offl ne Address L st Propert es d a og box 11. Cont nue to fo ow the nstruct ons to set the offl ne address book for the Ma box

database When th s task s comp ete, you can beg n to move the users’ ma boxes 12. On the dest nat on server, fo ow the nstruct ons to move the ma boxes In the Ex-

change Management Conso e, nav gate to the Rec p ent Configurat on conta ner 13. Se ect Ma box n the eft pane, and then se ect a the ma boxes n the center pane, as

shown n F gure 7-57


CHAPTER 7

161

Figure 7-57 Mov ng a the ma boxes from the source server to the dest nat on server

14. C ck New Loca Move Request n the r ght pane to open the New Loca Move Request

W zard shown n F gure 7-58

Figure 7-58 The ntroduct on page of the New Loca Move Request W zard

162 CHAPTER 7


15. C ck Browse to open the Se ect Ma box Database d a og box, shown n F gure 7-59

Se ect the dest nat on SBS 2011 server and then c ck OK to return to the New Loca Move Request W zard

Figure 7-59 The Se ect Ma box Database d a og box

16. C ck Next to open the Move Sett ngs page, shown n F gure 7-60 Set a reasonab e

number of messages to sk p f there s corrupt on of a ma box You m ght have to do add t ona c eanup on a prob em ma box to successfu y move a the ma boxes

Figure 7-60 Conf gure the Move Sett ngs page for the Loca Move Request


CHAPTER 7

163

17. C ck Next, then c ck New, and then c ck F n sh to c ose the New Loca Move Request

W zard Any ma boxes that can’t be moved w manua y c ean up any prob em ma boxes

need to be de eted, so be prepared to

18. When a the moves have comp eted, c ck on Move Request n the Rec p ent Configu-

rat on conta ner and h gh ght the comp eted Move Requests tem C ck C ear Move Request Acknow edge the warn ng and then c ose the Exchange Management Conso e, and return to the M grate Exchange Ma boxes And Sett ngs page 19. Se ect Task Comp ete, and c ck Next to return to the M grat on W zard Home page

Remove Legacy Group Policies and Logon Settings To remove egacy Group Po c es and ogon sett ngs, fo ow these steps 1. C ck Next to open the Remove Legacy Group Po c es And Logon Sett ngs page These

scr pts and Group Po c es have a ready been m grated but now need to be removed because they’re not compat b e w th SBS 2011 If you have custom zat ons n these scr pts or Group Po c es, you’ need to save them and reapp y them after the m grat on s comp ete us ng the new methods n SBS 2011 2. Log on to the SBS 2003 source server w th an adm n strat ve account 3. C ck Start and then c ck Run 4. Type \\localhost\sysvol\<domainname.local>\scripts and then press Enter to open

W ndows Exp orer n the rep cat on fo der for ogon scr pts (Rep ace <domainname. local> w th your doma n name In our test network, t’s examp e oca ) 5. De ete or rename the SBS LOGIN SCRIPT bat fi e, as shown n F gure 7-61

Figure 7-61 Renam ng the og n scr pt f e w

prevent t from runn ng

6. If any of your users have custom ogon scr pts, d sab e or de ete them n Act ve D rec-

tory Users And Computers, fo ow ng the steps n the TechNet art c e at http://technet. microsoft.com/en-us/library/gg554043.aspx 7. Return to the M grat on W zard, and c ck Remove O d Group Po cy Objects Fo ow

the nstruct ons n the TechNet art c e to remove the o d GPOs

164 CHAPTER 7


Note If you have customizations in your legacy SBS GPOs, you’ll want to save them to

a different location and then rebuild them after the migration completes.

8. Be carefu to not remove the new SBS GPOs Most of these start w th “W ndows SBS ”

The o d GPOs most y start w th “Sma Bus ness Server” n the GPO name 9. Fo ow the nstruct ons to remove the SBS 2003 WMI F ters, and then c ose the Group

Po cy Management Conso e and return to the M grat on W zard 10. Se ect Task Comp ete, and c ck Next to return to the M grat on W zard Home page

Migrate Users’ Shared Data To m grate users’ shared data, fo ow these steps 1. C ck Next to open the M grate Users’ Shared Data page of the M grat on W zard 2. C ck How Do I M grate Users’ Shared Data to open the TechNet art c e on mov ng the

users’ shares 3. Fo ow the steps to re-create the shared fo ders on the new SBS 2011 server and copy

the data from the o d server 4. When you’ve fin shed, c ck Task Comp ete and then c ck Next to return to the M gra-

t on W zard Home page

Migrating Companyweb M grat ng the Companyweb s te s an mperfect so ut on at best Because of the change n vers ons between SharePo nt n SBS 2003 and SharePo nt n SBS 2011, the m grat on of the SharePo nt s te s not a s mp e or comp ete y transparent so ut on You can eas y move the fi es from your ex st ng Companyweb s te by us ng a USB st ck and W ndows Exp orer Mov ng the ent re s te nvo ves a good dea more work Un ess you have made s gn ficant custom zat ons and your users have data stored n the SBS 2003 Companyweb s te, you can sk p th s step Whether you move fi es, move the ent re s te, or s mp y start over w th a new Companyweb s te, you need to fo ow these steps 1. C ck Next to open the M grate Your Interna Web S te page of the M grat on W zard 2. If you ntend to m grate e ther fi es or the ent re s te, c ck the M grate The Interna

Web S te nk to open the he p top c on m grat ng Companyweb 3. Fo ow the steps carefu y When you’re fin shed, c ck Task Comp ete and then c ck

Next to return to the M grat on W zard Home page 4. If you opt to not m grate the s te or to m grate the s te ater, c ck Sk p Task and then

c ck Next to return to the M grat on W zard Home page


CHAPTER 7

165

Migrating Fax Data To m grate fax data, fo ow these steps 1. C ck Next to open the M grat ng Fax Data page of the M grat on W zard 2. Se ect where you want to store your fax data on the new SBS 2011 server You can

choose e ther the defau t ocat on for the fax serv ce or Companyweb (Interna Web S te) The opt on to store n Companyweb s a new opt on n SBS 2011 3. C ck the C ck To Start M grat ng Your Fax Data nk to beg n the m grat on 4. When the m grat on comp etes, c ck OK to return to the M grate Fax Data page 5. C ck Task Comp ete and then c ck Next to return to the M grat on W zard Home page 6. If you opt to not m grate the fax data or f you don’t use the fax serv ce, c ck Sk p Task

and then c ck Next to return to the M grat on W zard Home page

Migrating Users and Groups As a norma part of Act ve D rectory rep cat on when the SBS 2011 server was nsta ed, the users and groups have a ready been m grated But they aren’t yet v s b e n the W ndows SBS Conso e To make them v s b e n the W ndows SBS Conso e, fo ow these steps 1. C ck Next to open the M grate Groups page of the M grat on W zard 2. C ck D sp ay The Secur ty Group M grat on Instruct ons to open the he p top c 3. Now you have a cho ce You can go through a fa r y comp cated step-by-step nstruc-

t on to m grate each nd v dua group manua y, or you can run the GroupConverter app cat on We th nk t just makes sense to use the Group Converter, and then do any c eanup afterwards f necessary 4. Open W ndows Exp orer on the dest nat on server, and nav gate to the C \Program

F es\W ndows Sma Bus ness Server\B n d rectory 5. Doub e-c ck on the GroupConverter app cat on to open the W ndows SBS “7” Act ve

D rectory Group Converter shown n F gure 7-62 Note In Figures 7-62 through 7-64, we get to see the name SBS 2011 had during its

very early days. Oops. Apparently, this file slipped through the cracks. We did file a bug on it, however, so we expect it will get fixed in the next Service Pack.

166 CHAPTER 7


Figure 7-62 The Group Converter automat ca y converts SBS 2003 groups to work w th SBS

2011

6. C ck Next to open the Se ect The Secur ty Groups page shown n F gure 7-63

Figure 7-63 The Se ect The Secur ty Groups page of the Group Converter app cat on


CHAPTER 7

167

7. Don’t bother convert ng standard SBS 2003 groups—SBS 2011 has a ready created the

appropr ate groups to match up to the o d ones But f you have created any custom secur ty groups or any d str but on groups, you’ probab y want to m grate those Se ect the secur ty groups you want to convert, and c ck Next to open the Se ect The D str but on Groups page, shown n F gure 7-64

Figure 7-64 The Se ect The D str but on Groups page of the Group Converter app cat on

8. Se ect any d str but on groups you want to cont nue to use, and then c ck F n sh and

then F n sh aga n to c ose Group Converter and return to the M grate Groups page of the M grat on W zard 9. C ck Next to open the M grate User Accounts page of the M grat on W zard 10. C ck the Run The Change A User Ro e W zard nk to open the Se ect New User Ro e

page of the Change A User Ro e W zard, as shown n F gure 7-65 11. Se ect Rep ace User Perm ss ons Or Sett ngs, and se ect the ro e you want to ass gn to

these users 12. C ck Next to open the Se ect User Account page Th s page w

when you start

168 CHAPTER 7


probab y be b ank

Figure 7-65 The Se ect New User Ro e page of the Change A User Ro e W zard

13. C ck D sp ay A User Accounts In The Act ve D rectory to show a the accounts as

shown n F gure 7-66

Figure 7-66 The Se ect User Accounts page of the Change A User Ro e W zard


CHAPTER 7

169

14. Se ect the users you want to change, and c ck Add to move them to the r ght pane 15. C ck Change User Ro e to update the users C ck F n sh when the w zard comp etes to

return to the M grate User Accounts page 16. Repeat steps 10 through 15 unt a the accounts you want to manage n the W ndows

SBS Conso e have been m grated (Don’t bother w th spec a accounts such as the STS Worker account or the SharePo nt accounts shown n F gure 7-66 ) 17. Se ect Task Comp ete, and c ck Next to return to the M grat on W zard Home page

Finish the Migration When you fin sh m grat ng users and groups, the next step s to fin sh the m grat on and decomm ss on the source server When you c ck Next on the M grat on W zard Home page, you get one ast chance to comp ete any steps you marked as sk pped, as shown n F gure 7-67

Figure 7-67 One ast chance to comp ete sk pped tasks before the w zard s done

If there are any opt ona tasks that you de ayed because you weren’t ready to comp ete them, now s the t me to comp ete them Se ect Do Not F n sh The M grat on Yet, and then c ck Next to reset the Sk pped flag and mark them Not Started, as shown n F gure 7-68

170 CHAPTER 7


Figure 7-68 Restart ng the M grat on W zard to do tasks that were sk pped the f rst t me

C ck Next to beg n do ng the opt ona tasks you sk pped prev ous y When you get to the end of the tasks st aga n, c ck Next and then se ect F n sh The M grat on f you have any sk pped tasks that you don’t want to do F na y, c ck Next to open the F n sh The M grat on page On th s page, you are to d to demote the o d SBS 2003 server to no onger be a doma n contro er To demote the SBS 2003 server, fo ow these steps 1. Log on to the SBS 2003 server w th an adm n strat ve account 2. Open a command w ndow At the prompt, type ncpa.cpl and press Enter to open the

Network Connect ons app cat on as shown n F gure 7-69


CHAPTER 7

171

Figure 7-69 The Network Connect ons app cat on

3. R ght-c ck the rema n ng act ve network connect on and se ect Propert es 4. Se ect Internet Protoco (TCP/IP), and c ck Propert es to open the Internet Protoco

(TCP/IP) Propert es d a og box shown n F gure 7-70

Figure 7-70 The Preferred DNS Server address s st

172 CHAPTER 7

po nt ng to the source server


5. Change the Preferred DNS Server address to the IP address of the dest nat on server, as

shown n F gure 7-71 C ck OK to c ose the TCP/IP Propert es d a og and then c ck OK aga n

Figure 7-71 Change the Preferred DNS Server to po nt to the dest nat on server

6. Open a command w ndow At the prompt, type dcpromo and press Enter to open the

Act ve D rectory Insta at on W zard, as shown n F gure 7-72

Figure 7-72 The We come page of the Act ve D rectory nsta at on W zard


CHAPTER 7

173

7. C ck Next and the G oba Cata og server warn ng shown n F gure 7-73 w

be

d sp ayed

Figure 7-73 The G oba Cata og server warn ng when demot ng your source SBS 2003 server

8. C ck OK to open the Remove Act ve D rectory page shown n F gure 7-74

Figure 7-74 The Remove Act ve D rectory page of the Act ve D rectory nsta at on W zard

9. Leave the check box c eared, and c ck Next to open the Adm n strator Password page 10. Type n a password, type t n aga n to confirm t, and then c ck Next to open the Sum-

mary page shown n F gure 7-75

174 CHAPTER 7


Figure 7-75 The Summary page of the Act ve D rectory nsta at on W zard

11. C ck Next and the w zard w

remove Act ve D rectory and demote the or g na SBS 2003 server to a doma n member

12. When the w zard comp etes successfu y, c ck F n sh and then c ck Restart Now 13. On the F n sh The M grat on page of the M grat on W zard, se ect The Source Server Is

No Longer A Doma n Contro er and c ck Next 14. D sconnect the or g na SBS 2003 server from the network, and do not reconnect t

unt you have comp ete y reformatted t and nsta ed a new operat ng system 15. On the SBS 2011 server, open the W ndows SBS Conso e f t sn’t open 16. C ck Network n the nav gat on bar and then c ck on the Computers tab, as shown n

F gure 7-76


CHAPTER 7

175

Figure 7-76 The Computers tab of the W ndows SBS Conso e

17. Se ect the former SBS 2003 computer n the C ent Computers sect on and c ck

Remove n the Tasks pane 18. C ck Yes at the prompt and the SBS 2003 computer s removed from the doma n

Re-Enabling Folder Redirection When the m grat on tasks are comp ete, you can re-enab e Fo der Red rect on for user accounts SBS 2011 a ows you to do fo der red rect on by nd v dua user account nstead of requ r ng you to do t as an a -or-none propos t on To enab e fo der red rect on, fo ow these steps 1. Open the W ndows SBS Conso e f t sn’t open 2. Se ect Users And Groups n the nav gat on bar and then c ck Users

176 CHAPTER 7


3. C ck Red rect Fo ders For User Accounts To The Server n the Tasks pane to open the

Fo der Red rect on Propert es d a og box shown n F gure 7-77

Figure 7-77 The Fo der Names page of the Fo der Red rect on Propert es d a og box

4. Se ect the fo ders that you want to red rect and then c ck User Accounts n the eft

pane to open the User Accounts page shown n F gure 7-78


CHAPTER 7

177

Figure 7-78 The User Accounts page of the Fo der Red rect on Propert es d a og box

5. Se ect the accounts you want to use fo der red rect on on and then c ck OK to red rect

the accounts 6. C ck C ose at the success message to return to the W ndows SBS Conso e

Final Thoughts Th s comp etes the bas c SBS m grat on from SBS 2003 to SBS 2011 If you’re m grat ng from SBS 2008 or SBS 2011, your steps are s ght y d fferent, but the overa process s essent a y s m ar The keys to a successfu m grat on are preparat on and met cu ous attent on to deta Fo ow the steps comp ete y, accurate y, and n order and you w have a successfu m grat on Dev ate from them, sk p steps because you th nk they don’t matter, jump ahead because you’re bored wa t ng for Pub c Fo ders to m grate, or engage n any other dev at on and you’ve set yourse f up for a m grat on fa ure But fo ow the steps, and you shou d have success If you have a sma SBS doma n and you carefu y c ean your Exchange ma boxes and Pub c Fo ders before beg nn ng the m grat on, there’s no reason that you can’t perform a comp ete m grat on n a weekend But don’t even beg n unt you have thorough y read a the documentat on and are sure you understand the steps nvo ved

178 CHAPTER 7


Before you beg n a m grat on, make sure your backups are re ab e and that you have a fa back pos t on Know how ong you have to work w th a prob em before you have to stop and restore your source SBS server from backup You can’t reverse a m grat on—you can on y restore from backup and start aga n

Summary In th s chapter, we covered the m grat on from an SBS 2003 network to an SBS 2011 network Each m grat on w be s ght y d fferent and w present ts own set of cha enges By be ng fu y prepared and understand ng a the steps that are nvo ved n a m grat on, you’ be n the best pos t on to have a successfu m grat on w th m n mum d srupt on to your end users In the next chapter, we cover the Gett ng Started Tasks that a nsta at ons need to comp ete Some of these tasks w have been comp eted as part of the m grat on, but others rema n

Summary

CHAPTER 7

179

CHAPTER 8

Completing the Getting Started Tasks A

fter M crosoft W ndows Sma Bus ness Server (SBS) 2011 s nsta ed, you have the usua array of chores to comp ete, configure, and set up before your network s comp ete Not a of these chores have to be done at once and some don’t need to be done at a , but you do need to rev ew the st Start by open ng the W ndows Sma Bus ness Server 2011 Standard Conso e (SBS Conso e) When you se ect Home, you’ see the st d sp ayed n the eft pane shown n F gure 8-1 In th s chapter, we’ cover the tems n the Gett ng Started Tasks sect on n order and then ook at the tems under the Network Essent a s Summary, wh ch appears n the pane on the r ght

Figure 8-1 Se ect Home to see the tems sted under Gett ng Started Tasks.

181

The SBS Conso e s a handy too you can use from any ocat on—the W ndows SBS server computer, a c ent computer, or remote y—to manage users, groups, network sett ngs, shared resources, backup, and secur ty Important Advanced administrative tasks are performed using Windows Server 2011

tools available from the Administrative Tools menu. For example, to manage non–Windows SBS users and computers, use Active Directory Users And Computers Management Console.

Finish the Installation If there are any prob ems, a V ew Insta at on Issues nk appears C ck t and correct the probems A so, c ck the Us ng The W ndows Sma Bus ness Server 2011 Standard Conso e nk to open a he p fi e descr b ng W ndows SBS Conso e funct ons

Connect to the Internet Norma y, f the connect on s a ready set up and the router s proper y configured, the Internet connect on s made dur ng the nsta at on of W ndows SBS 2011 Whether or not th s connect on s set up, you w need to run the Connect To The Internet W zard f the connect on was not made for some reason dur ng nsta at on If you change your router or Internet prov der, you m ght need to run the w zard aga n n the future To manua y connect, c ck the Connect To The Internet nk to get started The n t a page of the Connect To The Internet W zard adv ses you on what you need to proceed—name y, the fo ow ng ■

The IP address for the router you’ be connect ng from

■

The ogon nformat on necessary to connect to the router

After you co ect that nformat on, c ck Next The Connect To The Internet W zard attempts to detect ex st ng networks and routers (See F gure 8-2 )

182 CHAPTER 8


Figure 8-2 Detect ng networks

After the w zard fin shes detect ng networks, fo ow these steps 1. The next page of the Connect To The Internet W zard d sp ays the IP address of the

router and of the server (See F gure 8-3 ) If e ther or both of the addresses are ncorrect, type n the correct ons C ck Next

Figure 8-3 The w zard d sp ays the P addresses detected

Connect to the Internet

CHAPTER 8

183

2. As shown n F gure 8-4, the w zard proceeds to ocate and configure the router and

the server When the process s fin shed, a not ficat on appears announc ng that the Internet connect on s comp eted C ck F n sh

Figure 8-4 Detect ng the router and comp et ng the nternet connect on

Customer Feedback Options Customer Feedback Opt ons s an area of cons derab e mportance to M crosoft and even to us end users— n the ong run In the short term, you m ght wonder why you shou d part c pate n a program un ke y to be of d rect benefit to you We , t’s someth ng ke pay ng taxes for schoo s when you have no ch dren or your ch dren are a adu ts We pay those taxes because an educated popu ace s a greater soc a good On a ess ofty eve , the Customer Exper ence Improvement P an shou d resu t n better software n the future And because th s s software used by hundreds of m ons of peop e, some cons derab e soc a good shou d therefore emerge C ck Customer Feedback Opt ons and then c ck Read More About The Program On ne and dec de for yourse f whether you want to part c pate

184 CHAPTER 8


Set Up Your Internet Address Before you can set up your Internet presence, you must gather a var ety of nformat on ■

You must have an Internet doma n name If you don’t have one, you must reg ster one w th a doma n reg strat on serv ce You w need a prospect ve name and severa a ternat ves, and a cred t card to pay the reg strat on fee

■

If you a ready have an Internet doma n name, you’ need the name of your Internet prov ders as we as the ogon nformat on for the prov der

Choosing an Internet Domain Name

W

hen choosing an Internet domain name, you want a name that clearly identifies your organization without being too long or too abbreviated—both are

difficult to remember. For example, if your business name is a long one, shorten it in a comprehensible way. A name that’s too long tries the patience of people looking for your site. Names that are too short have their own hazards. Using initials can work, but they must provide some information and avoid being inadvertently humorous.

Note Don’t get hung up on needing to have a .com. You’re much more likely to be able

to get a name you like with a .net, .biz, or .info extension.

Registering a New Domain Name C ck the Set Up Your Internet Address nk to v ew the st of what you’ need to start the process C ck Next, and then fo ow these steps 1. As shown n F gure 8-5, the Internet Address Management W zard asks you to choose

between purchas ng a new doma n name and us ng one you a ready have Se ect I Want To Purchase A New Doma n Name, and then c ck Next

Set Up Your Internet Address CHAPTER 8

185

Figure 8-5 Gett ng a new doma n name

2. Type the doma n name you want to reg ster, and se ect the extens on from the drop-

down st C ck Next 3. Se ect a doma n name prov der from the st prov ded (shown n F gure 8-6) and then

c ck Next

Figure 8-6 Choos ng a name prov der

186 CHAPTER 8


Note Including your postal address improves the search because some national ex-

tensions are available only to residents. For example, you must be in Canada to register a domain name with the .ca extension.

4. If the doma n name you choose s not ava ab e, poss b e var at ons appear n the Ava -

ab e Doma n Names st Accept one of those or search aga n If the name s ava ab e, you can reg ster t, as shown n F gure 8-7 C ck Reg ster Now to be connected to the doma n name reg stry company

Figure 8-7 f the name you want s ava ab e, c ck Reg ster Now

5. After comp et ng the reg strat on, return to the page n F gure 8-7, and then c ck Next 6. On the Store Your Doma n Name Informat on page (shown n F gure 8-8), enter the

doma n name and the user name you reg stered ( f they’re not a ready entered) and the password you used when reg ster ng C ck Configure to comp ete the process


187

Figure 8-8 Stor ng the doma n reg strat on nformat on

Using an Existing Domain Name If you a ready have a reg stered doma n name, you can eas y set up your presence on the Internet Before you start, you’ need the doma n name and the name and ogon nformat on for your doma n prov der When you’re ready, c ck the Set Up Your Internet Address nk and fo ow these steps 1. Read the ntroductory mater a , and then c ck Next 2. On the Do You Want To Reg ster A New Doma n Name page, se ect I A ready Have A

Doma n Name, and then c ck Next 3. You next have to choose whether you want the server to manage the doma n name

or to manage t yourse f See the s debar “Who Manages the Doma n Name” for more nformat on Make your se ect on and c ck Next (If you choose se f-management, sk p to “Manag ng Your Doma n Name” ater n th s chapter ) 4. On the Type The Doma n Name That You Want To Use page, type the doma n name

you own and se ect the extens on from the drop-down st (shown n F gure 8-9) C ck Next

188 CHAPTER 8


Figure 8-9 Enter ng the ex st ng doma n name you want to use

5. Choose a doma n name prov der from the partner st, and c ck Next 6. C ck V s t Web S te, and fo ow the nstruct ons prov ded Then return to the Update

Doma n Name Reg strat on W th Your Prov der page, and c ck Next 7. On the Store Your Doma n Name Informat on page, type the doma n name and the

user name you reg stered ( f they’re not a ready entered) and the password you used when reg ster ng C ck Configure to comp ete the process The Internet Address Management W zard w n F gure 8-10

proceed to configure your server as shown


189

Figure 8-10 The w zard conf gures W ndows SBS 2011 to use your doma n name

Who Manages the Domain Name?

W

hen you have an existing domain name, you can do the management of the name yourself or let the server do it for you. It’s considerably easier to let

the server manage the domain name, but the key issues are as follows: ■

Is your name registered with one of the domain name providers partnered with Microsoft? If yes, let the server manage the domain name.

■

If your name is registered with another domain name provider, are you willing to have the registration transferred to one of the Microsoft partners? If yes, let the server manage the domain name.

However, you might have no choice but to manage the domain yourself if one of the following applies:

190 CHAPTER 8

■

The wizard doesn’t list the domain name extension for your existing domain name.

■

No partner domain name providers are listed for your country or region.


Managing Your Domain Name If you a ready have a reg stered doma n name and want to manage t yourse f, you’ need the doma n name and the name and ogon nformat on for your doma n prov der When you’re ready, c ck the Set Up Your Internet Address nk and fo ow these steps 1. Read the ntroductory mater a , and then c ck Next 2. On the Do You Want To Reg ster A New Doma n Name page, se ect I A ready Have A

Doma n Name, and then c ck Next 3. Type n the doma n name and extens on (as shown n F gure 8-11), and then c ck

Configure

Figure 8-11 Doma n nformat on for se f management

The Internet Address Management W zard configures the server to use your doma n name (See F gure 8-12 ) To ensure that your Remote Web Workp ace, ema , and other features work correct y, make sure the DNS sett ngs are correct y configured

192 CHAPTER 8


Figure 8-12 The w zard conf gures your server to use your doma n name

Configure Email As soon as you make your Internet connect on, you shou d configure ema Refer to Chapter 18 for nformat on on sett ng up a forms of ema

Add a Trusted Certificate Cert ficates are used to ver fy the dent ty of servers on the Internet Cert ficates a so encrypt data to make a Remote Web Workp ace connect on secure The defau t nsta at on of W ndows SBS 2011 configures what s ca ed a self-issued cert ficate Th s cert ficate ets users secure y access your webs tes f they nsta t on the r remote computer or dev ce However, f users try to access your webs tes w thout nsta ng the cert ficate on the r remote computer, they rece ve a cert ficate warn ng The warn ng te s users that the cert ficate be ng used to secure the webs te s not trusted, and as a resu t the s te s not trusted The user must c ck through the warn ng to ga n access to the webs te And n these t mes when users are r ghtfu y warned about ma c ous and decept ve webs tes, many w be re uctant to take what appears to be a r sk A trusted cert ficate ver fies the authent c ty of your server and the dent ty of the person or organ zat on app y ng for a cert ficate After you have a trusted cert ficate, remote users no onger have to nsta your cert ficate on the r computers So t s to your advantage to acqu re a trusted cert ficate


193

Purchasing a Certificate Cert ficates can be purchased from var ous prov ders on the Internet Just type "trusted cert ficate" n a search eng ne Or you can just c ck the Add A Trusted Cert ficate nk n the Gett ng Started Tasks st and fo ow these steps (If you have an ex st ng cert ficate you want to use, sk p to “Us ng an Ex st ng Cert ficate” ater n th s chapter ) 1. Read the ntroductory mater a on the Before You Beg n page, and then c ck Next 2. Se ect I Want To Buy A Cert ficate From A Cert ficate Prov der, and then c ck Next 3. Ver fy the nformat on for the trusted cert ficate, as shown n F gure 8-13 C ck Next

Figure 8-13 Ver fy ng nformat on for your cert f cate

4. The Generate A Cert ficate Request page d sp ays encoded data from your server that

s needed by the cert ficate prov der (See F gure 8-14 ) C ck Save To F e to save a copy to a ocat on you spec fy, and then c ck Copy to copy the data to your c pboard C ck Next 5. Fo ow the nstruct ons to purchase and then nsta a cert ficate

194 CHAPTER 8


Figure 8-14 Generat ng a request for a trusted cert f cate

Using an Existing Certificate If you have a cert ficate and t’s ava ab e for export, you can move t to W ndows SBS 2011 Exporting a Trusted Certificate

To export a trusted cert ficate, fo ow these steps 1. Log on to the server where the cert ficate current y ex sts C ck Start and then c ck

Run Type mmc n the Open box, and c ck OK 2. Se ect Add/Remove Snap- n from the F e menu 3. In the Add Or Remove Snap- ns d a og box, se ect Cert ficates from the Ava ab e Snap-

ns st (shown n F gure 8-15), and then c ck Add


195

Figure 8-15 Construct ng a Cert f cates management conso e

4. In the pop-up w ndow, c ck Computer Account C ck Next 5. In the Se ect Computer d a og box, se ect Loca Computer C ck F n sh and then c ck

OK 6. Expand Cert ficates, expand Persona , and then c ck Cert ficates 7. R ght-c ck the cert ficate to be exported, c ck A Tasks, and then c ck Export, as

shown n F gure 8-16

Figure 8-16 Export ng a cert f cate

196 CHAPTER 8


8. On the We come To The Cert ficate Export W zard page of the Cert ficate Export W z-

ard, c ck Next 9. Ver fy that Yes, Export The Pr vate Key s se ected, and then c ck Next 10. Se ect Inc ude A Cert ficates In The Cert ficate Path If Poss b e and Export A Extended

Propert es, and then c ck Next Do not se ect De ete The Pr vate Key If The Export Is Successfu Enter a strong password to protect the cert ficate fi e, and then c ck Next 11. Save the pfx fi e (g v ng t an eas y dent fiab e name, such as trustcertificate.pfx) to a

secure ocat on, and then c ck Next C ck F n sh to comp ete Important Several certificates might have the same name. Be sure to choose a certifi-

cate that has a valid expiration date and that was issued by the expected trusted authority. If you’re not sure which certificate to choose, open Internet Information Services (IIS), establish which certificate IIS is using, and choose that one.

Importing a Trusted Certificate

After the trusted cert ficate has been exported, you w need to mport t to the W ndows SBS server and then run the w zard to add a trusted cert ficate Th s process nvo ves qu te a few steps, but each one s fa r y s mp e 1. Move the prev ous y created pfx fi e to the W ndows SBS server 2. Log on to the server runn ng W ndows SBS 2011 C ck Start and then c ck Run Type

mmc n the Open box and c ck OK 3. Se ect Add/Remove Snap- n from the F e menu 4. In the Add Or Remove Snap- ns d a og box, se ect Cert ficates from the Ava ab e Snap-

ns st and then c ck Add 5. In the pop-up w ndow, c ck Computer Account C ck Next 6. In the Se ect Computer w ndow, se ect Loca Computer C ck F n sh and then c ck OK 7. Expand Cert ficates, expand Persona , and then c ck Cert ficates 8. R ght-c ck Cert ficates, se ect A Tasks, and then se ect Import, as shown n F gure 8-17


197

Figure 8-17 mport ng a cert f cate

9. The Cert ficate Import W zard starts C ck Next on the We come To The Cert ficate

Import W zard page 10. Type or browse to the ocat on of the saved pfx fi e, and then use the drop-down st

to change the extens on to Persona Informat on Exchange ( pfx) C ck Open, and then c ck Next 11. Type the password that you used n the Export procedure, ver fy that Mark Th s Key As

Exportab e and Inc ude A Extended Propert es are se ected, and then c ck Next 12. Be sure that the cert ficate w

be mported to the Persona fo der, and then c ck Next C ck F n sh to comp ete the mport

For app cat ons to be ab e to use the cert ficate, after the trusted cert ficate has been mported you must run the Add A Trusted Cert ficate W zard and fo ow these steps 1. C ck the Add A Trusted Cert ficate nk on the Gett ng Started Tasks page 2. Read the ntroductory mater a on Before You Beg n, and then c ck Next 3. On the Get The Cert ficate page, c ck I Want To Use A Cert ficate That Is A ready In-

sta ed On The Server, and then c ck Next 4. On the Choose An Insta ed Cert ficate page, c ck the cert ficate that you just mport-

ed, and then c ck Next

198 CHAPTER 8


Protect Your Data The best way to protect your data s to configure the server backup Do th s as soon as poss b e after nsta at on For a the nformat on on sett ng up backup, see Chapter 16 “Configurng Backup ”

Add Users, Computers, and Devices For deta s on the fo ow ng nks, see the chapters sted ■

How Can Users Access Computers On The Network? Chapter 9, “Manag ng Users and Groups”

■

Add A New User Account Chapter 9, “Manag ng Users and Groups”

■

Connect Computers To Your Network Chapter 14, “Manag ng Computers on the Network”

■

How Can I Add A Shared Printer To The Network? Chapter 13, “Insta ng and Manag ng Pr nters”

Network Essentials Summary The Home page of the W ndows SBS Conso e shows a rea -t me summary of fundamenta network hea th C ck any of the fo ow ng nks to rev ew the nature of any a erts or warn ngs ■

Security The Secur ty Center reports the deta s of warn ngs or a erts and d rects you to the too s to so ve them

■

Updates Warns f necessary updates aren’t nsta ed Fo ow the nk to the Update Center to correct the prob em

■

Backup A erts you f backups have not been performed See Chapter 16, for the deta s on configur ng your backup p an

■

Other Alerts Warns of other potent a prob ems, such as c ents w thout v rus protect on or secur ty updates

Network Essentials Summary

CHAPTER 8

199

Summary Th s chapter has addressed the processes necessary to comp ete the Gett ng Started Tasks sect on, nc ud ng mak ng a connect on to the Internet, acqu r ng an Internet doma n name, and hand ng trusted cert ficates You can a ways return to the Home page of the W ndows SBS Conso e to perform tasks that you’ve postponed and rerun the w zards you’ve a ready used In the next chapter, we move on to the deta s of creat ng and configur ng nd v dua user accounts as we as the use of groups to refine and s mp fy the adm n strat on of your W ndows SBS 2011 network

200 CHAPTER 8


Part III

Performing the Basic Tasks CHAPTER 9

Manag ng Users and Groups 203

CHAPTER 10

Shares and Perm ss ons 223

Chapter 11

D sk Management 243

CHAPTER 12

Storage Management 275

CHAPTER 13

Insta ng and Manag ng Pr nters 315

CHAPTER 14

Manag ng Computers on the Network 337

CHAPTER 15

Manag ng Software Updates 363

CHAPTER 16

Configur ng Backup 383

CHAPTER 9

Managing Users and Groups W

hen t comes to a network, the users and adm n strators a have d fferent sets of needs, and some of those needs can come nto confl ct For the most part, users need re ab e access to the fi es, fo ders, app cat ons, pr nters, and other dev ces requ red to do the r jobs What they don’t need are error messages, de ays, or any other obstruct ons The person n charge of the network has h s or her own needs, such as sh e d ng need-to-know mater a from those who don’t need to know and protect ng the users from themse ves The key to br ng ng these needs nto ba ance s the configurat on of groups and users—the top c of th s chapter

Understanding Groups Because M crosoft W ndows Server 2008 R2 s the under y ng operat ng system for W ndows Sma Bus ness Server (SBS) 2011, a the bu t- n secur ty groups ntegra to W ndows Server 2008 R2 st ex st However, many of these groups are ntended for much arger, mu t doma n networks, so the des gners of SBS 2011 created a subset of organ zat ona un ts to s mp fy adm n strat on In pract ce, a group s usua y a co ect on of user, and somet mes computer, accounts The po nt of groups s to a ow the network adm n strator to ass gn r ghts and perm ss ons to groups rather than to nd v dua users Groups can be custom zed and users added or removed n a s ng e step SBS a ows two group types secur ty and d str but on Most groups are security groups because they’re the on y groups through wh ch perm ss ons can be ass gned Each secur ty group s a so ass gned a group scope, wh ch defines how perm ss ons are ass gned to the group’s members, and members of a secur ty group must be securable objects n the SBS doma n Securab e objects nc ude users, groups, and computers Contacts are not securab e objects and can be added on y to d str but on groups, not to secur ty groups User r ghts are ass gned to secur ty groups to estab sh what members of the group can or cannot do Some r ghts are automat ca y ass gned to some groups—for examp e, a user who s a member of the Remote Web Workp ace Users group has the ab ty to connect us ng Remote Web Workp ace Email distribution groups, on the other hand, are not secur ty-enab ed and can be used only w th ema app cat ons to send ema to sets of users and contacts

203

Creating Groups Creat ng new groups s exceed ng y easy n W ndows SBS 2011—so easy that you shou d th nk carefu y before you overcomp cate your network w th too many groups Too many d str but on groups s mere y a nu sance, but too many secur ty groups can have unforeseen consequences such as confl ct ng perm ss ons that can keep peop e from gett ng access to the resources they need

Setting Up a Distribution Group To create a new d str but on group, fo ow these steps 1. Open the W ndows SBS Conso e and se ect Users And Groups 2. C ck the Groups tab and then se ect Add A New Group n the Tasks pane The Add A

New Group W zard aunches Read the Gett ng Started text and then c ck Next 3. In the Add A New Group d a og box, as shown n F gure 9-1, type your nformat on n

the Group Name and Descr pt on fie ds Se ect D str but on Group n the Group Type box and then c ck Next

Figure 9-1 A new group needs a name and a descr pt on

4. On the Create A Group E-Ma Address page, the group name w

be automat ca y entered You can change the ema address for th s group, a though the defau t name— nked as t s to the group name— s probab y the eas est to remember and use In the E-Ma De very Opt ons box, you can se ect the check box to a ow peop e externa to

Creating Groups

CHAPTER 9

205

your organ zat on to send ma to the address Leave the check box c eared f you want the address to be comp ete y nterna C ck Next 5. Se ect the groups or nd v dua s you want to nc ude n th s d str but on group When a

members have been added to the Group Members st, c ck Add Group Note If you’re not ready to add members to the group yet, you can simply click Add

Group. Even without members, the group will be created and added to the list of groups.

Creating a Security Group The process of add ng a secur ty group s s ght y more comp cated than creat ng a d str but on group, but t’s st s mp e Use the fo ow ng steps to create a new secur ty group 1. Open the W ndows SBS Conso e, and se ect Users And Groups 2. C ck the Groups tab and then se ect Add A New Group n the Tasks pane The Add A

New Group W zard aunches Read the Gett ng Started text and then c ck Next 3. Enter your nformat on n the Group Name and Descr pt on fie ds In the Group Type

area, se ect Secur ty Group If you want to be ab e to send ema to th s group, se ect the Enab e Th s Secur ty Group To Rece ve E-ma check box, as shown n F gure 9-2 C ck Next

Figure 9-2 Name and se ect the group type for a new secur ty group

206 CHAPTER 9


Note If your security group will not be receiving email as a group, the wizard will skip

to the page described in step 5.

4. On the Create A Group E-Ma Address page, the group name w

be automat ca y entered You can change the ema address for th s group, a though the defau t name s probab y the eas est to remember and use In the E-Ma De very Opt ons box, you can se ect the check box to a ow peop e externa to your organ zat on to send ma to the address Leave the check box c eared f you want the address to be comp ete y nterna As shown n F gure 9-3, ema -enab ed secur ty groups have the add t ona opt on of a ow ng messages to be arch ved on Exchange Pub c Fo ders C ck Next

Figure 9-3 Secur ty groups that are ema

enab ed have the opt on of rece v ng ema from peop e externa to the organ zat on and the opt on of arch v ng messages n Exchange Pub c Fo ders

5. On the Se ect Group Members For page, se ect the groups or nd v dua s you want to

nc ude n th s secur ty group When a members have been added to the Group Members st, c ck Add Group Note If you’re not ready to add members to the group, just click Add Group. The group

will be created, and you can return to it and add members at some future time.

The w zard w report that the group has been created You can v ew the group n the SBS Conso e under Users And Groups by c ck ng the Groups tab

Creating Groups

CHAPTER 9

207

The Standard User Role Most SBS users shou d be ass gned the Standard User ro e Th s ro e enab es access to shared fo ders, ema , the Internet, pr nters, fax serv ces, Remote Web Workp ace, and SharePo nt Foundat on (Companyweb) A of these access po nts can be configured w th n the Standard User Ro e To make changes to the Standard User ro e, start the W ndows SBS Conso e and fo ow these steps 1. C ck Users And Groups and then c ck the User Ro es tab 2. R ght-c ck Standard User and se ect Ed t User Ro e Propert es The Standard User Prop-

ert es d a og box w open, as shown n F gure 9-5 In the eft pane, c ck a category to see the sett ngs for th s ro e

Figure 9-5 Sett ngs for a Standard User ro e ■

Genera d sp ays a descr pt on of the ro e

■

Remote Access shows how the user ro e can access the network from a remote ocat on By defau t, anyone w th th s user ro e can access Remote Web Workp ace and s automat ca y a member of the W ndows SBS Remote Web Workp ace Users An opt ona sett ng s to a ow the user ro e to access the V rtua Pr vate Network Seect ng th s check box adds a users ass gned to th s ro e to the W ndows SBS V rtua Pr vate Network Users group

■

Ema a ows you to set a max mum ma box s ze C ear the check box f you don’t want to mpose a m t on the amount of d sk space a user can use for stor ng ma

214 CHAPTER 9


■

Fo ders s a page for manag ng and red rect ng fo ders for the user ro e As on the Ema page, you can enforce a m t on the s ze of shared fo ders In add t on, fo der red rect on can be set and a fo der red rect on quota mposed

■

Groups shows the group membersh p for users ass gned th s ro e You can add a group membersh p by c ck ng Add or remove a group membersh p by h gh ght ng a group and c ck ng Remove

■

Web S tes a ows the cho ce of s tes to be ava ab e to th s user ro e

Important All the users assigned the same role will have the same settings. Changes

you make to a user role won’t just change future user accounts, they will change all accounts assigned to that role. Don’t remove any of the standard group memberships from any of the default SBS roles. Doing so will likely have unintended consequences.

3. C ck OK when fin shed You are asked f you want to app y the custom zat on to a ac-

counts based on the ro e C ck Yes and the user ro e changes are app ed

The Standard User with Administration Links The Standard User w th Adm n strat on L nks ro e has, as you’d suspect, the Standard User ro e access p us membersh p n groups that g ve users ass gned th s ro e the ab ty to perform adm n strat ve tasks C ck the Groups nk to v ew the groups that th s ro e nc udes

Network Administrator Role The Network Adm n strator Ro e prov des unrestr cted system access to any account t s ass gned to The E-ma and Fo ders sett ngs are the same as for the other defau t ro es Remote Access and Web S tes are d fferent, however On the Remote Access page, you can add or remove access to the v rtua pr vate network, but not to the Remote Web Workp ace (wh ch s on by defau t) S m ar y, the Web S tes page a ows Out ook Web Access to be granted or w thhe d, but a accounts based on the Network Adm n strator ro e w have access to Remote Web Workp ace and the nterna webs te If your network s adm n stered by a th rd-party prov der, access to Out ook Web Access and your v rtua pr vate network ( f you have one) sn’t necessary, but an adm n strator must be ab e to og on to the server

Creating a New User Role Perhaps you have some users for whom none of the standard user ro es s appropr ate In that case, t’s s mp e to create a new user ro e by fo ow ng these steps 1. Open the W ndows SBS conso e, se ect Users And Groups, and then se ect User Ro es 2. In the Tasks pane, se ect Add A New User Ro e to start the w zard

Managing User Roles

CHAPTER 9

215

3. In the Add A New User Ro e page, shown n F gure 9-6, enter text n the User Ro e

Name and Descr pt on fie ds

Figure 9-6 Creat ng a new user ro e

4. By defau t, the new user ro e s set to be based on the ex st ng Standard User ro e

C ear the check box f you want to start from scratch, or choose another user ro e to base the new ro e on 5. A so by defau t, the new user ro e w

appear as an opt ona cho ce when creat ng new user accounts C ear the check box f you don’t want the ro e to d sp ay n the Add New User Account W zard or the Add Mu t p e New User Accounts W zard

6. To make the new user ro e the defau t cho ce when add ng new user accounts, se ect

the check box abe ed The User Ro e Is The Defau t In The Add New User Account W zard And In The Add Mu t p e New User Accounts W zard C ck Next 7. On the Choose User Ro e Perm ss ons (Group Membersh p) page, add or remove group

membersh ps Remember that a user accounts you base on th s ro e w nher t these same membersh ps When you’ve adjusted group membersh ps, c ck Next 8. On the Choose E-ma Sett ngs page, enforce or remove a ma box s ze quota for th s

user ro e Out ook Web Access s on by defau t, but you can remove that as we want C ck Next

f you

9. Choose the remote access sett ngs for th s user ro e, as shown n F gure 9-7 C ck Next

when you have made these sett ngs

216 CHAPTER 9


Figure 9-7 Choos ng remote access sett ngs for a new user ro e

10. On the Choose Share Fo der Access For Th s User Ro e page, choose the Shared Fo der

sett ngs for the user ro e, nc ud ng the quota m ts that w be app ed Se ect Back to return to prev ous pages to change any of your se ect ons When fin shed, c ck Add User Ro e 11. The New User Ro e Was Added Successfu y To The Network page announces that

the new user ro e has been added and prov des an opt on to add a user account or mu t p e user accounts C ck F n sh or one of the se ect on areas to proceed to add ng accounts

Adding a New User Account User ro es are essent a y temp ates that make the add ng of user accounts remarkab y s mp e To add a new user account, open the W ndows SBS Conso e, se ect Users And Groups, se ect Users, and then fo ow these steps 1. In the Tasks pane, se ect Add A New User Account to start the w zard On the Add A

New User Account And Ass gn A User Ro e page shown n F gure 9-8, enter the fu name, user name, ema address, and other re evant nformat on Choose the user ro e to base the new account on C ck Next

Adding a New User Account

CHAPTER 9

217

The problem with these passwords is their complete lack of memorability. They’re the sort of passwords that get written on sticky notes and left around for anyone to find. A solution is to encourage users to be imaginative when creating a password. Among the best passwords are alphanumeric acronyms of phrases that have a meaning to the user but are not likely to be known to others. This makes the password easy for the user to remember, while at the same time making it hard for an outsider to guess. For example, a password that meets all requirements is ThinkOT[] (for “Think outside the box”). Or [Thinkit] (“Think inside the box”). Even better are passphrases—entire phrases or sentences, complete with spaces (which count as non-alphanumeric characters) and punctuation. “A picture is worth 1000 words” is an example of a passphrase that meets all requirements: length, uppercase and lowercase letters, numbers, and non-alphanumeric characters. Users should also be advised to avoid catchphrases that they themselves use a lot and certain patterns that would be easy for another person to guess, such as ■

A rotation or reuse of the characters in a logon name.

■

The user’s name or initials, the initials of his or her children or significant other, or any of these items combined with other commonly available personal data such as a birth date, telephone number, or license plate number.

It pays to educate your users about passwords and password privacy, but most of all, it pays to heed your own advice: Make sure the password you select for administration is a good password, and change it frequently. Doing so will help you avoid the consequences of having somebody break into your system and wreak havoc in your very own kingdom. An even better solution for passwords is to use two-factor authentication. As discussed in the Chapter 3 sidebar “Beyond Passwords—Two-Factor Authentication,” we think the use of a secondary authentication factor such as AuthAnvil provides an additional layer of security beyond simple passwords without adding an onerous burden on users.

Adding a New User Account

CHAPTER 9

219

Adding Multiple User Accounts Rather than add users one at a t me, you can group s m ar users together and add the r accounts s mu taneous y To add mu t p e user accounts, open the W ndows SBS Conso e, se ect Users And Groups, se ect Users, and then fo ow these steps 1. In the Tasks pane, c ck Add Mu t p e User Accounts to aunch the w zard 2. On the first page of the Add Mu t p e New User Accounts W zard, choose the user ro e

these accounts w be based on, and then c ck Add to beg n add ng new users based on the user ro e se ected, as shown n F gure 9-9

Figure 9-9 Add ng mu t p e user accounts

3. Enter the genera nformat on about the user and a password, just as you wou d when

add ng a s ng e user C ck OK when fin shed 4. C ck Add aga n to add another user When you’ve comp eted add ng the mu t p e user

accounts, you can h gh ght a user account to ed t or remove t 5. C ck Add User Accounts The Add ng New User Accounts To The Network page opens,

as shown n F gure 9-10, and the users are added

220 CHAPTER 9


Figure 9-10 New accounts are added to the network

Giving Users Access to Computers To og on to a computer on the network, users need a user account and perm ss on to access the computer So after you create a user account, the next step s to a ow access From the server, open the W ndows SBS conso e, c ck Users And Groups, and then fo ow these steps 1. C ck the Users tab and then doub e-c ck the user account 2. On the Propert es page, c ck Computers 3. Se ect the computers that you want to a ow th s user account to access, and grant the

user account the appropr ate eve of access 4. If appropr ate, se ect the Can Remote y Access Th s Computer check box C ck OK

when fin shed You can a ways return to th s page to change or update computer access for a user

Giving Users Access to Computers

CHAPTER 9

221

Summary In th s chapter, we covered the uses for groups and the s mp e creat on of user accounts Next, we move on to configur ng these users and groups to accomp sh the work of your network w thout gett ng n each other’s way

222 CHAPTER 9


CHAPTER 10

Shares and Permissions A

nyone who has used a computer for any ength of t me s fam ar w th the concept of sharing One shares photos and v deos and wr t ngs w th others Th s sn’t necessar y done on a network—shar ng s often done v a ema or on a webs te

On a bus ness network, shar ng s the key to gett ng work done However, not everyth ng needs to be shared w th everyone, wh ch s why the use of shares s a ways nked w th the use of perm ss ons

Share Permissions vs. File Permissions There are two k nds of perm ss ons nvo ved n any shared fo der—those on the actua share and those mposed by the under y ng fi e system These perm ss ons are subtractive Th s means that the most restr ct ve perm ss on w w n Manag ng perm ss ons on both the share and the fi e system at the same t me can often be qu te confus ng, and t’s d fficu t to keep track of the deta s of both We genera y recommend us ng the under y ng NTFS fi e perm ss ons to contro access and sett ng the share perm ss ons to Fu Contro for everyone for most norma shares The NTFS fi e perm ss ons g ve much greater granu ar ty and contro over exact y what eve of access s granted However, n some cases us ng a more restr ct ve share perm ss on s usefu When you do use a more restr ct ve share perm ss on, nd cate n the share name that the share s restr cted Whatever your cho ce, avo d configur ng both share perm ss ons and NTFS perm ss ons because the resu t can be unpred ctab e and hard to troub eshoot

Share Permissions W ndows SBS prov des easy ways to share fo ders After a fo der s shared, restr ct ons can be added or removed n the form of share permissions These perm ss ons app y on y at the fo der eve —not at the fi e eve —and are m ted to a ow ng or deny ng Fu Contro , Read, and Change Tab e 10-1 summar zes the three types of access, from most restr ct ve to east restr ct ve

223

The goal of UAC is to reduce the exposure of the operating system by requiring users to run in standard user mode, minimizing the ability of users to make changes that could destabilize their computers or expose the network to undetected virus infections on their computers. Prior to Windows Vista, the Windows usage model has been one of assumed administrative rights. Software developers assumed their programs could access and modify any file, registry key, or operating system setting. Even when Windows NT introduced security and differentiated between granting access to administrative and standard user accounts, users were guided through a setup process that encouraged them to use the built-in Administrator account or one that was a member of the Administrators group. A second problem is that even standard users sometimes need to perform tasks that require administrative rights, such as installing software and opening ports in the firewall. The UAC solution is to require administrative rights less frequently, enable legacy applications to run with standard user rights, make it easier for standard users to access administrative rights when they need them, and enable administrative users to run as if they were standard users.

NTFS Permissions The ab ty to ass gn enforceab e perm ss ons to fi es and fo ders s part of the NTFS fi e system If you ass gn NTFS perm ss ons, you need to understand how they work and how they are d fferent for a fi e and for the fo der that conta ns the fi e

What Permissions Mean NTFS perm ss ons affect access both oca y and remote y Share perm ss ons, on the other hand, app y on y to network shares and don’t restr ct access on the part of any oca user (or term na server user) of the computer on wh ch you’ve set the share perm ss ons W ndows 2008 Server has a set of standard fo der perm ss ons that are comb nat ons of spec fic k nds of access The nd v dua perm ss ons are Fu Contro , Mod fy, Read & Execute, L st Fo der Contents, Read, and Wr te Each of these perm ss ons cons sts of a group of spec a perm ss ons Tab e 10-2 shows the spec a perm ss ons and the standard perm ss ons to wh ch they app y

NTFS Permissions

CHAPTER 10 225

h gher eve of perm ss on, wh ch s Mod fy However, f the Sa es group perm ss on s changed to exp c t y Deny, Wa y s unab e to use the fo der, desp te h s membersh p— and ostens b y h gher eve of access— n the F nance group ■

Exp c t perm ss ons take precedence over nher ted perm ss ons Inher ted Deny w not prevent access f an object has an exp c t A ow perm ss on

■

The user who creates a fi e or fo der owns the object and can set perm ss ons to contro access

■

An adm n strator can take ownersh p of any fi e or fo der

Considering Inheritance Just to comp cate matters a b t more, there are two types of perm ss ons exp c t and nherted Explicit perm ss ons are the ones you set on fi es or fo ders you create Inherited perm ss ons are those that flow from a parent object to a ch d object By defau t, when you create a fi e or a subfo der, t nher ts the perm ss ons of the parent fo der If the A ow and Deny boxes are shaded when you v ew the perm ss ons for an object, the perm ss ons are nher ted If you don’t want the ch d objects to nher t the perm ss ons of the parent, you can b ock nher tance at the parent eve or ch d eve Where you b ock nher tance s mportant If you b ock at the parent eve , no subfo ders w nher t perm ss ons If you b ock se ect ve y at the ch d eve , some fo ders w nher t perm ss ons and others w not To make changes to nher ted perm ss ons, fo ow these steps 1. R ght-c ck the fo der and se ect Propert es 2. C ck the Secur ty tab and then c ck Advanced 3. On the Perm ss ons tab of the Advanced Secur ty Sett ngs For d a og box, h gh ght the

perm ss on you want to change and c ck Ed t 4. C ear the check box for Inc ude Inher tab e Perm ss ons From Th s Object’s Parent (See

F gure 10-1 ) You’ be g ven the opt on to copy ex st ng perm ss ons to the object or to remove a nher ted perm ss ons The object w no onger nher t perm ss ons from the parent object, and you can change perm ss ons or remove users and groups from the Perm ss ons st

228 CHAPTER 10


Figure 10-1 Chang ng nher tance

You can a so change nher ted perm ss ons by chang ng the perm ss ons of the parent fo der or by exp c t y se ect ng the oppos te perm ss on—A ow or Deny—to overr de the nher ted perm ss on

Adding a Shared Folder Shar ng a fo der s an easy process n W ndows SBS because, as usua , there’s a w zard to gu de you Start by open ng the W ndows SBS Conso e and then c ck ng Shared Fo ders And Web S tes In the Tasks pane, c ck Add A New Shared Fo der, and fo ow these steps 1. Enter the ocat on for the shared fo der as shown n F gure 10-2 If you don’t know the

exact address, c ck the Browse button When the ocat on s spec fied, c ck Next

Adding a Shared Folder

CHAPTER 10 229

Figure 10-2 Spec fy ng the ocat on for a new shared fo der

In the ower pot on of the d a og box s a button abe ed Prov s on Storage, and though th s sounds ke a p ace to store your gra n for the com ng w nter, t s n fact a nk to set up storage for the shared fo der Un ess you have a storage area network (SAN), you can safe y d sregard t If you do have a SAN, c ck the button to spec fy a storage subsystem 2. On the NTFS Perm ss ons page, you can accept the NTFS perm ss ons or change them

If you dec de to change the perm ss ons, first read the sect on “NTFS Perm ss ons” ear er n th s chapter C ck Next On the Share Protoco s page (shown n F gure 10-3), choose the protoco that users w use to access the share Un ess you have NFS (Network F e System) nsta ed on the computer, the defau t s SMB (Server Message B ock), a nat ve-to-W ndows protoco used for shares s nce W ndows NT C ck Next

230 CHAPTER 10


Figure 10-3 Spec fy ng a protoco for the share

4. On the SMB Sett ngs page, you can v ew the User L m t, Access-Based Enumerat on,

and Offl ne Sett ngs for the fo der C ck Advanced to change any of these C ck Next 5. On the SMB Perm ss ons page (shown n F gure 10-4), se ect the share perm ss ons you

want and then c ck Next Note For details on Share Permissions, see “Share Permissions” earlier in this chapter.


CHAPTER 10 231

Figure 10-4 Sett ng Share (SMB) perm ss ons

6. On the Quota Po cy page, you can set a quota to m t the s ze of the shared fo der

C ck Next Note For more on quotas, see Chapter 12, “Storage Management.”

7. On the F e Screen Po cy page, you can app y a fi e screen to m t the types of fi es the

shared fo der can conta n Choose a temp ate from the drop-down st (as shown n F gure 10-5) and a summary of the fi e screen propert es appears C ck Next

232 CHAPTER 10


Figure 10-5 Conf gur ng f e screen ng for a shared fo der

8. On the DFS Namespace Pub sh ng page, you can choose to pub sh the share to a DFS

namespace (Us ng and creat ng a DFS namespace s descr bed n Chapter 12 ) C ck Next 9. On the Rev ew Sett ngs And Create Share page, rev ew the sett ngs C ck Prev ous to

change sett ngs If the sett ngs are correct, c ck Create 10. A Confirmat on page opens ver fy ng the creat on of the share

Removing a Shared Folder To stop shar ng a fo der, open the W ndows SBS Conso e and fo ow these steps 1. C ck Shared Fo ders And Web S tes 2. Se ect the fo der you want to stop shar ng 3. In the Tasks pane, c ck Stop Shar ng Th s Fo der 4. A warn ng appears po nt ng out that f you stop shar ng the fo der, users w

no onger

be ab e to access t over the network C ck Yes to confirm Important If you remove a share when someone is connected to the folder, it will

cause a forced disconnect, which could produce a loss of data. Even if data is not lost, an unexpected and forced disconnect will surely produce user annoyance.


CHAPTER 10 233

Changing Share Permissions Chang ng the perm ss ons on a shared fo der s eas y done Open W ndows SBS Conso e, se ect Shared Fo ders And Web S tes, and then fo ow these steps 1. Se ect the share In the Tasks pane, c ck Change Fo der Perm ss ons 2. To change the perm ss ons for a user or group sted, h gh ght the name as shown n

F gure 10-6 and make the changes n the Perm ss ons area

Figure 10-6 Chang ng perm ss ons for users and groups

3. To add or remove users from th s share, c ck Add Or Remove to open the Shared Fo d-

ers d a og box shown n F gure 10-7 To add users or groups, h gh ght the name n the A Users And Groups st and then c ck Add 4. To remove users and groups, h gh ght the name n the Se ected Users And Groups st

and c ck Remove 5. C ck OK when fin shed

234 CHAPTER 10


Figure 10-7 Chang ng users and groups for shared fo ders

Special Shares In add t on to shares created by a user or adm n strator, the system creates a number of spec a shares that shou dn’t be mod fied or de eted These nc ude the adm n strat ve shares the ADMIN$ share and the h dden shares for each hard dr ve vo ume (C$, D$, E$, and so on) These shares a ow adm n strators to connect to dr ves that are otherw se not shared These shares are not v s b e by defau t and can be connected to on y by adm n strators Spec a shares ex st as part of the operat ng system’s nsta at on Depend ng on the computer’s configurat on, some or a of the fo ow ng spec a shares m ght be present (and none shou d be mod fied or de eted) ■

ADMIN$ Used dur ng the remote adm n strat on of a computer The path s a ways the ocat on of the fo der n wh ch W ndows was nsta ed (that s, the system root) On y Adm n strators can connect to th s share

■

driveletter$ The root fo der of the named dr ve On y Adm n strators can connect to these shares on W ndows SBS servers or c ents

■

IPC$ Used dur ng remote adm n strat on and when v ew ng shared resources Th s share s essent a to commun cat on and can’t be de eted

■

NETLOGON Used wh e process ng doma n ogon requests Do not remove

■

SYSVOL Requ red on doma n contro ers Do not remove

■

PRINT$ A resource that supports shared pr nters

Special Shares

CHAPTER 10 235

To connect to an unshared dr ve on another computer, you need to be ogged on us ng an account w th the necessary r ghts Use the address bar n any w ndow, and type the address us ng the fo ow ng syntax \\computer name\[driveletter]$ To connect to the system root fo der (the fo der n wh ch W ndows SBS s nsta ed) on another computer, use the fo ow ng syntax \\computer name\admin$

Ownership and How It Works Every object on an NTFS vo ume has an owner By defau t, the owner s the person who created the fi e or fo der The owner contro s how perm ss ons are set on the object and to whom perm ss ons are granted Even f the owner s den ed access, the owner can a ways change perm ss ons on an object The on y way to prevent th s s for the ownersh p to change Ownersh p of an object can change n any of the fo ow ng ways ■

An adm n strator can take ownersh p

■

Any user or group w th adm n strat ve r ghts on the computer where the object res des can take ownersh p

■

The owner can transfer ownersh p to another user f the owner has adm n strat ve r ghts or User Account Contro s turned off

Taking Ownership of an Object To take ownersh p of an object, you must be ogged on as an Adm n strator or as a remote user w th adm n strat ve r ghts, and then fo ow these steps 1. R ght-c ck the object and se ect Propert es C ck the Secur ty tab 2. C ck Advanced and then c ck the Owner tab C ck Ed t

To change the owner to a user or group that s not sted, c ck Other Users And Groups In the Se ect User, Computer, Or Group d a og box, type the name of the user or group, c ck Check Names, and then c ck OK To change the owner to a user or group that s sted, n the Change Owner To box, c ck the new owner 3. To change the owner of a subconta ners, se ect the Rep ace Owner On Subconta ners

And Objects check box

236 CHAPTER 10


However, there are some exceptions to this rule. For example, you might want to permit all authenticated users to access a volume in a certain subfolder but allow only a certain group to access the root directory. In this instance, you can create two file shares: one at the subfolder level with no share-level security (Full Control For Everyone), and one at the root folder level with share-level security to allow only the specified group access. Somewhat more useful is the ability to hide file shares by adding the dollar sign character ($) to the end of the share name. This notation allows any user to connect to the share—provided that she knows the share name. After users connect, they’re still bound by NTFS security permissions, but this approach can be handy for storing advanced tools so that an administrator can access them from a user’s system or user account. File security isn’t really an issue—you just don’t want users messing around with the files.

Effective Permissions Adm tted y, the subject of perm ss ons can be fraught w th anx ety—one reason s mp c ty shou d be your watchword However, there w be t mes when a resource w have acqu red a kudzu- ke accret on of perm ss ons and t w be your job to w e d the machete To determ ne what the effect ve perm ss ons are on an object—that s, what perm ss ons app y to a g ven user or group—fo ow these steps 1. R ght-c ck the fi e or fo der for wh ch you want to v ew perm ss ons Se ect Propert es 2. C ck the Secur ty tab and then c ck Advanced C ck the Effect ve Perm ss ons tab 3. C ck the Se ect button to open the Se ect User, Computer, Or Group d a og box 4. Locate the user or group you want and then c ck OK The se ected check boxes (as

shown n F gure 10-9) nd cate the effect ve perm ss ons of the user or group for that fi e or fo der

238 CHAPTER 10


Figure 10-9 V ew ng effect ve perm ss ons

Note Share permissions are not part of the effective permissions calculation. Access

to shared folders can be denied through share permissions even when access is allowed through NTFS file permissions.

Factors Considered in Determining Effective Permissions The factors that are cons dered when determ n ng effect ve perm ss ons are as fo ows ■

G oba group membersh p

■

Loca group membersh p (except when access ng objects remote y)

■

Loca perm ss ons

■

Loca pr v eges (except when access ng objects remote y)

■

Un versa group membersh p

Effective Permissions

CHAPTER 10 239

In W ndows SBS, t s much s mp er to contro ogon access through nd v dua user accounts (see the sect on “G v ng Users Access to Computers” n Chapter 9 for more nformat on) un ess your network s re at ve y arge and you are us ng W ndows Server 2008 bu t- n groups n add t on to W ndows SBS groups

Managing Default User Rights Assignments To see the user r ghts ass gnment on the W ndows SBS server, se ect Adm n strat ve Too s from the Start menu and then se ect Loca Secur ty Po cy Expand Loca Po c es and then c ck User R ghts Ass gnment To change one of the po c es, r ght-c ck the name and se ect Propert es If the Add Users Or Group button s ava ab e (as shown n F gure 10-10), you can c ck t to add add t ona users who w have the user r ght

Figure 10-10 Add t ona users or groups can be granted th s user r ght.

Managing Default User Rights Assignments

CHAPTER 10 241

If the Add Users Or Group button s unava ab e, th s user r ght can be granted on y by add ng the user or group to the groups a ready sted

Summary Th s chapter and the prev ous one have concerned themse ves w th users, groups, and the r ab t es and restr ct ons In the next chapter, we move to hardware and the management of hard dr ves, vo umes, and storage

242 CHAPTER 10


Chapter 11

Disk Management A

rguab y the s ng e most mportant funct on that a server prov des to the rest of the network s to be a centra , secure, managed fi e storage area By centra z ng fi e storage on a server, t becomes an order of magn tude eas er to ensure the safety, ntegr ty, recoverab ty, and ava ab ty of the core fi es of your bus ness Instead of havng fi es spread a across the network on nd v dua users’ computers, you have them n a s ng e p ace—eas er to share among co aborators, eas er to back up, eas er to recover n the event of a d saster, and eas er to secure so that on y those peop e who should have access to a fi e, do The downs de to hav ng a your mportant fi es n a s ng e ocat on s the potent a for a s ng e po nt of fa ure You need to make sure that your fi es are ser ous y protected and a ways ava ab e—your bus ness depends on them Th s makes t mperat ve that you carefu y manage the under y ng d sks that support your fi e storage and that those d sks be both redundant and thorough y backed up Stor ng, secur ng, back ng up, and mak ng ava ab e the core fi es of your bus ness s a b gger top c than we cou d fit n a s ng e chapter, so we’ve spread t out and organ zed t accord ng to the var ous funct ons nvo ved But we can’t stress th s enough All of the p eces are essent a to a safe, secure, and ava ab e network Don’t shortchange any of them In Chapter 4, “P ann ng Fau t To erance and Avo dance,” we covered some of the p ann ng and preparat on steps that w a ow you to buy and bu d a server that s des gned to be a safe and secure repos tory for your fi es In th s chapter, we’ cover the under y ng d sk management that makes t poss b e to store your fi es and protect aga nst oss, corrupt on, or d saster In Chapter 12, “Storage Management,” we’ cover the features of M crosoft W ndows Sma Bus ness Server 2011 that enab e you to manage storage, protect cr t ca fi es, and prov de vers on ng of shared fi es to protect aga nst corrupt on or m sadventure Add t ona backup and recovery deta s are covered n Chapter 16, “Configur ng Backup ” F na y, n Chapter 28, “D saster P ann ng,” we go over the steps to ensure that your data systems and network can be recovered n the event of a ser ous d saster

243

The Search for Disaster Protection Trad t ona y, arge bus nesses have used a var ety of techn ques to ensure that fi es stored on a server were both secure and safe These so ut ons tend to be expens ve, but when spread across a the supported workstat ons and bur ed n a arge MIS budget they are feas b e The same so ut ons wou d not be feas b e or acceptab e n most sma bus nesses, but that doesn’t change our very rea need to protect ourse ves from d saster Fortunate y, both hardware and software so ut ons can prov de a very h gh eve of secur ty and safety at a budget more n keep ng w th the rea t es of a sma bus ness However, before we ta k about those so ut ons, et’s make sure we a understand the term no ogy of d sk management Let’s rev ew some defin t ons ■

Physical drive The actua hard d sk tse f, nc ud ng the case, e ectron cs, p atters, and a that stuff It’s not terr b y mportant to the d sk adm n strator

■

Partition A port on of the hard d sk In many cases, th s s the ent re hard d sk space, but t needn’t be

■

Master Boot Record (MBR) A techn que for part t on ng a hard d sk Th s s the defau t method for W ndows Sma Bus ness Server 2011 MBR-part t oned d sks are m ted to a max mum of four part t ons per d sk, and a max mum s ze of 2 terabytes

■

GUID Partition Table (GPT) A techn que for part t on ng a hard d sk, GPT s rep ac ng MBR for arger hard d sks and arge storage arrays W ndows Sma Bus ness Server 2011 supports GPT-part t oned d sks for a d sks except the boot d sk GPT d sks support 128 part t ons and are requ red for d sks (or arrays) arger than 2 terabytes

■

Allocation unit The sma est un t of managed d sk space on a hard d sk or og ca vo ume—a so ca ed a c uster

■

Primary partition A port on of the hard d sk that’s been marked as a potent a y bootab e og ca dr ve by an operat ng system MS-DOS cou d support on y a s ng e pr mary part t on, but W ndows Server 2008 can support four pr mary part t ons on an MBR hard d sk and 128 pr mary part t ons on a GPT hard d sk

■

Extended partition A nonbootab e port on of the hard d sk that can be subd v ded nto og ca dr ves There can be on y a s ng e extended part t on per hard d sk, but th s part t on can be d v ded nto mu t p e og ca dr ves Extended part t ons are deprecated n W ndows Sma Bus ness Server 2011 and can’t be d rect y created from the GUI

■

Volume A un t of d sk space composed of one or more sect ons of one or more dynam c d sks

■

Simple volume The dynam c equ va ent of a part t on A port on of a s ng e dynam c d sk, a s mp e vo ume can be ass gned e ther a s ng e dr ve etter or no dr ve etter and can be attached (mounted) on zero or more mount po nts

244 Chapter 11

Disk Management

■

Extended volume S m ar to, and somet mes synonymous w th, a spanned vo ume, an extended vo ume s any dynam c vo ume that has been extended to make t arger than ts or g na s ze When an extended vo ume uses port ons of more than one phys ca d sk, t s more proper y referred to as a spanned vo ume

■

Logical drive A sect on or part t on of a hard d sk that acts as a s ng e un t An extended part t on can be d v ded, for examp e, nto mu t p e og ca dr ves

■

Logical volume Another name for a og ca dr ve

■

Basic disk A trad t ona d sk dr ve that s d v ded nto one or more part t ons, w th a og ca dr ve n each pr mary part t on Bas c d sks do not support the more advanced funct ons of d sk management, but they can be converted to dynam c d sks n many cases

■

Dynamic disk A managed hard d sk that can be used to create var ous vo umes

■

iSCSI (Internet Small Computer Systems Interface) A protoco for us ng remote, centra zed, storage as f t were oca Uses e ther shared or ded cated TCP/IP networks Trad t ona y, they were reserved for storage area networks (SANs) w th spec a zed (and very expens ve) hardware, but now they’re eas y ava ab e w th software mp ementat ons

■

iSCSI target The SCSI server or prov der

■

iSCSI initiator The c ent or requester for an SCSI storage dev ce

■

LUN (Logical Unit Number) The “d sk” that an SCSI target presents to an SCSI n t ator A LUN can be any port on of the ava ab e storage on the SCSI server

■

RAID (redundant array of independent [formerly “inexpensive”] disks) The use of mu t p e hard d sks n an array to prov de for arger vo ume s ze, fau t to erance, and ncreased performance RAID comes n d fferent eve s, such as RAID-0, RAID-1, and RAID-5 H gher numbers don’t necessar y nd cate greater performance or fau t to erance, just d fferent methods of do ng the job

■

Spanned volume A co ect on of port ons of hard d sks comb ned nto a s ng e addressab e un t A spanned vo ume s formatted ke a s ng e dr ve and can have a dr ve etter ass gned to t, but t w span mu t p e phys ca dr ves A spanned vo ume—occas ona y referred to as an extended volume—prov des no fau t to erance and ncreases your exposure to fa ure but does perm t you to make more effic ent use of the ava ab e hard d sk space

■

Striped volume L ke a spanned vo ume, a str ped vo ume comb nes mu t p e hard d sk port ons nto a s ng e ent ty A str ped vo ume uses spec a formatt ng to wr te to each of the port ons equa y n a str pe to ncrease performance A str ped vo ume prov des no fau t to erance and actua y ncreases your exposure to fa ure, but t s faster than e ther a spanned vo ume or a s ng e dr ve A str pe set s often referred to as RAID-0, a though th s s a m snomer because p a n str p ng nc udes no redundancy

The Search for Disaster Protection

Chapter 11

245

Integrated Device Electronics (IDE), later called Advanced Technology Attachment (ATA), became the standard on the personal computer. However, IDE never made serious inroads into the server market because, although it was fast for single tasks, it lacked the inherent multitasking support and bus mastering that a server disk interface technology required, and there were no real hardware RAID solutions that supported it. Largely supplanted by Serial ATA (SATA) even on personal computers, this technology has no place at all on your server. The introduction of SATA technology has made serious inroads into the lower end of the server marketplace. With SATA RAID controllers built into many motherboards, and stand-alone SATA RAID boards that support eight or more SATA drives and have substantial battery-backed RAM cache onboard, many low-range to midrange servers are finding SATA RAID solutions to provide a cost-effective alternative to SCSI. While most SATA RAID controllers lack the ability to hot-swap a failed drive, and generally don’t have the performance potential of SCSI or Serially Attached SCSI (SAS), they are still quite attractive alternatives where cost is a primary factor. SATA also makes sense as secondary or “near-line” storage for a server. The new kid on the block, however, is SAS. This is the most interesting addition to the server storage equation in quite a while. Using the same thin cables and connectors as SATA, with none of the configuration nuisance of traditional SCSI, SAS is definitely the way to go. When combined with new 2.5-inch drives, the ability to put a really large amount of very fast storage in a small space has taken a significant step forward. Many SAS controllers fully support SATA drives also, allowing you to combine the two technologies on the same controller. With the main bottleneck for servers continuing to be I/O in general, and especially disk I/O, there will continue to be pressure to find new and faster methods to access disk-based storage. Using wide arrays of fast, traditional disks—especially using low-power, high-density 2.5” SAS disks—enables fast and flexible storage arrays in remarkably smaller spaces, and with lower energy and cooling requirements. A new option that directly addresses the limitations of traditional spinning disk technologies is the solid state drive (SSD), a “disk” that is actually a collection of flash memory that connects to a SATA controller. SSDs are currently still quite expensive and not really ideal for large RAID arrays because of performance degradation over time, but the technology is rapidly improving and offers promise for the future.

The Search for Disaster Protection

Chapter 11

247

Storage Connection Technologies If you’re read ng th s chapter before you buy your server, congratu at ons on be ng a thorough person If not, some of these dec s ons have a ready been made, but you may we find that you w have to add storage If you do, you’ want to focus on storage so ut ons des gned and opt m zed for servers—a very d fferent set of needs from the typ ca workstat on Your cho ces are ■

Integrated Device Electronics (IDE) Str ct y a c ent so ut on It’s nexpens ve, but not appropr ate on a server It’s now be ng rep aced even at the c ent end by SATA

■

Serial Advanced Technology Attachment (SATA) A newer and faster vers on of IDE It’s st pr mar y a workstat on so ut on, but t’s acceptab e when comb ned w th hardware RAID for sma er servers

■

External Serial Advanced Technology Attachment (eSATA) A way to use SATA for externa , secondary, or backup storage

■

Small Computer System Interface (SCSI) Perfect for servers and h gh-end workstat ons, but s gn ficant y more expens ve than SATA It has the ab ty to have up to 13 dr ves per SCSI channe

■

Serially Attached SCSI (SAS) Perfect for servers Th s s a re at ve y new techno ogy that s rap d y becom ng the ma nstream server storage nterface Pr ces are st more than SATA

■

Internet SCSI (iSCSI) Important for SANs, and can even be used as a boot dev ce for SBS servers Hardware SANs are genera y we outs de the budgets of most SBS networks, but software SANs based on W ndows Storage Server or th rd-party SCSI software are a very v ab e opt on for add ng storage flex b ty to your SBS network

■

FireWire Hot-p uggab e Th s s a good cho ce to use as a backup storage dev ce

■

Universal Serial Bus (USB) On y appropr ate f you use USB 2 0 or ater It’s good for CD and DVD dr ves, and t’s hot-p uggab e It’s a so a good cho ce for use as a backup storage dev ce, espec a y USB 3 0

■

Fibre Channel A great opt on f you have rea y arge amounts of money to spend

■

Network Attached Storage (NAS) A good way to prov de arge amounts of storage that can be flex b e to meet your needs Spec fy W ndows Storage Server–based NAS for the greatest flex b ty and compat b ty

■

Storage Area Networks (SAN) Faster and more flex b e than the typ ca NAS, but a so much more expens ve and d fficu t to configure Hardware SANs are genera y not for sma bus ness networks, but software-based SANs are becom ng a v ab e opt on

■

Solid State Disks (SSD) In t a y used pr mar y for notebook computers, these are start ng to find the r way nto servers—espec a y h gh-dens ty servers n data centers, where the r power sav ngs are a p us They’re st too pr cy for most SBS networks

Choosing the Storage Solution for Your Network

Chapter 11

249

Managing Disks There are two k nds of d sks n W ndows Sma Bus ness Server 2011 bas c d sks and dynam c d sks Basic disks are the convent ona d sks we’re used to Dynamic disks were ntroduced n W ndows 2000 Server and support add t ona management and agg omerat on opt ons Bas c d sks support two k nds of part t ons pr mary and extended Extended part t ons are deprecated n W ndows Server 2008, though they can st be created from the command ne us ng D skpart exe And any ex st ng d sks you have w th extended part t ons w be recogn zed w thout a prob em If you need to create a d sk w th many d fferent vo umes on t (more than four), create the d sk as a GPT d sk rather than an MBR type Dynam c d sks use vo umes nstead of part t ons and support the add t ona management, redundancy, and agg omerat on features of SBS, nc ud ng Spanned Vo umes, Str ped Vo umes (RAID-0), M rrored Vo umes (RAID-1), and RAID-5 The pr mary method for manag ng d sks on an SBS server s the D sk Management conso e Th s can be used as a stand-a one conso e by runn ng D skmgmt msc from the command ne, or from Server Manager as shown n F gure 11-1

Figure 11-1 The D sk Management conso e from ns de Server Manager

The D sk Management conso e s d v ded nto two panes The top pane shows the dr ve etters (vo umes) assoc ated w th the oca d sks and g ves the r propert es and status; the bottom pane has a graph ca representat on organ zed by phys ca dr ve

250 Chapter 11

Disk Management

We briefly mentioned storage area networks (SANs) earlier. Although they are excellent, fast, flexible, and highly fault-tolerant, they have traditionally only been for those with really large IT budgets. Plus, they have been rather tricky to implement and configure. With the wide availability of affordable software iSCSI solutions— including third-party software iSCSI targets—and solutions based on Windows Storage Server, this is changing. If you’re implanting SBS in a virtualized environment, a SAN solution is a much better choice than a NAS solution.

Windows Storage Server 2008 R2 Essentials A new player in the stand-alone storage market is Windows Storage Server 2008 R2 Essentials (WSSE). Designed to provide a single storage location and backup solution for the home business and small business markets, WSSE is based on Windows Server 2008 R2 and provides many of the functions of a NAS server. WSSE uses the same code base and technology as Windows Home Server and Windows Small Business Server 2011 Essentials, but it’s designed to integrate into existing SBS networks to provide flexible storage and client backup. WSSE provides a flexible secondary storage solution that also does client backups really well. (See Chapter 16.) Now if it only included iSCSI target functionality, it would be perfect. While limited to backing up 25 client PCs or fewer, WSSE provides a simple interface and flexible storage for extending SBS networks, and it’s the clear choice for client backup of key workstations. For SBS networks with more than 25 client PCs, multiple WSSE servers can be used.

Partitions and Volumes In W ndows Server 2008 R2, the d st nct on between vo umes and part t ons s somewhat murky When us ng D sk Management, a regu ar part t on on a bas c d sk s ca ed a simple volume, even though techn ca y a s mp e vo ume requ res that the d sk be a dynam c d sk As ong as you use on y s mp e vo umes or part t ons, you can eas y convert between a bas c d sk (and part t on) and a dynam c d sk (and a vo ume) After you use a feature that s supported on y on dynam c d sks, however, chang ng back to a bas c d sk w resu t n data oss Best Practices Recovering or rebuilding a server that has a dynamic disk for the boot

disk can be tricky. We suggest keeping your boot disk (C) a basic disk, and that you use hardware mirroring (RAID-1) to safeguard its contents and use dynamic disks only for other disks on your server.

252 Chapter 11

Disk Management

Adding a New Disk Using the Initialize Disk Wizard When you nsta a new hard dr ve, the dr ve s automat ca y recogn zed, and the In t a ze And Convert D sk W zard starts when you open D sk Management To add a new d sk, comp ete the fo ow ng steps 1. Open D sk Management 2. If D sk Management recogn zes a new d sk, you see the first page of the In t a ze D sk

W zard, shown n F gure 11-2 Th s w zard n t a zes a d sk so that t can be recogn zed by W ndows Sma Bus ness Server 2011, and t ets you se ect whether the d sk shou d be an MBR or GPT d sk

Figure 11-2 The n t a ze D sk W zard

3. C ear the check box for any d sks you don’t want to n t a ze, and se ect the part t on

sty e for the d sks When the w zard fin shes, you’re at the ma n D sk Management conso e, shown n F gure 11-3 Not ce that the d sk s st not formatted or a ocated and s h gh ghted n b ack ( f you haven’t changed the defau t co or sett ngs for the D sk Management conso e)

254 Chapter 11

Disk Management

Figure 11-3 The ma n D sk Management conso e, show ng the new d sks

Creating a Simple Volume or Partition To create a new s mp e vo ume or part t on, comp ete the fo ow ng steps 1. In the D sk Management conso e, r ght-c ck the una ocated d sk and choose the type

of new vo ume you want to create To create a part t on, se ect New S mp e Vo ume, as shown n F gure 11-4

Partitions and Volumes

Chapter 11

255

Figure 11-4 Creat ng a new vo ume on an una ocated d sk

2. The New S mp e Vo ume W zard opens to gu de you through the process of creat ng

the new vo ume on the dynam c d sk 3. C ck Next to open the Spec fy Vo ume S ze page Spec fy the s ze of the vo ume you’

be creat ng, as shown n F gure 11-5

Figure 11-5 The Spec fy Vo ume S ze page of the New S mp e Vo ume W zard

256 Chapter 11

Disk Management

4. C ck Next to open the Ass gn Dr ve Letter Or Path page The next ava ab e dr ve etter

w be se ected by defau t For deta s on mounted vo umes, see “Mount ng a Vo ume” ater n th s chapter 5. C ck Next to open the Format Part t on page shown n F gure 11-6 Spec fy the format

opt ons for the vo ume, nc ud ng ■

File System The on y supported fi e system for W ndows Sma Bus ness Server 2011 s NTFS, except for removab e dev ces such as USB key dr ves

■

Allocation Unit Size The defau t va ue s 4 Kb sectors Th s s a reasonab e ba ance, but choose a arger s ze, such as 16 Kb or even 64 Kb f you know that th s vo ume w be used to ho d on y very arge fi es (such as vo ume ded cated to v rtua hard d sks, for examp e, or arge database fi es)

■

Volume Label Spec fy a mean ngfu abe that dent fies the vo ume

■

Perform A Quick Format Saves wa t ng for fu formatt ng, but t’s not recommended on new d sks because no ver ficat on pass s performed

■

Enable File And Folder Compression On y an opt on f the a ocat on un t s ze s ess than 16 Kb—and t’s never recommended

Figure 11-6 The Format Part t on page of the New S mp e Vo ume W zard

6. C ck F n sh to c ose the w zard and beg n prov s on ng the vo ume You return to the

D sk Management conso e, where you see the new vo ume, as shown n F gure 11-7


Chapter 11

257

REM to run this script and dump the results out to a log file. REM REM This script creates a simple volume of 28 Gb on disk #3, and then REM assigns a drive letter to it. Note that this does NOT format REM the volume -- that requires using the format command, not part REM of diskpart.exe REM First, list out our disks. Not required for scripting, but useful REM to show the overall environment if we need to troubleshoot problems list disk REM Next, select which disk will have the simple volume created on it. select disk 3 REM Now, create the volume... create volume simple size=28672 REM Assign without parameters will choose the next available HD letter. Assign

Creating a RAID-5 or RAID-1 (Mirror) Volume The process of creat ng a m rrored (RAID-1) or RAID-5 vo ume s s m ar to creat ng a s mp e vo ume, except that the d sks w be converted to dynam c d sks first, and you’ need to se ect the d sks to add to the vo ume Note Creating a mirror or RAID-5 volume will convert the disks used to dynamic disks.

This is usually not the best solution for providing redundancy on an SBS server, and we strongly recommend using hardware RAID wherever possible.

To create a new s mp e vo ume or part t on, comp ete the fo ow ng steps 1. In the D sk Management conso e, r ght-c ck an una ocated d sk and choose New

RAID-5 Vo ume or New M rrored Vo ume to open the New RAID-5 Vo ume W zard (or New M rrored Vo ume W zard) 2. C ck Next to open the Se ect D sks page, as shown n F gure 11-8


Chapter 11

259

Figure 11-8 The Se ect D sks page of the New RA D 5 Vo ume W zard

3. Se ect the d sks to add to the vo ume, and then spec fy the amount of space on each

d sk to use for the vo ume The max mum for a d sks s the amount of una ocated space on the d sk w th the east ava ab e space 4. C ck Next to open the Ass gn Dr ve Letter Or Path page shown n F gure 11-9 See

”Mount ng a Vo ume” ater n the chapter for more nformat on

Figure 11-9 The Ass gn Dr ve Letter Or Path page of the New RA D 5 Vo ume W zard

5. C ck Next to open the Format Vo ume page The formatt ng opt ons are the same as

for a s mp e vo ume or part t on ■

260 Chapter 11

File System The on y supported fi e system for W ndows Sma Bus ness Server 2011 s NTFS, except for removab e dev ces such as USB key dr ves

Disk Management

situations—modify them only with caution and with a clear understanding of the consequences for your environment. You can also choose to enable disk and folder compression on NTFS volumes and partitions. This causes all files and folders on the volume (as opposed to individual files or folders you select) to be compressed. Compression can minimize the amount of hard disk space used by files, but it has a negative impact on performance while making disaster recovery more problematic. Given the cost of hard drive space today, we think this is just a bad idea.

Deleting a Partition or Volume De et ng a part t on and de et ng a vo ume are essent a y the same task When you de ete a part t on or vo ume, the ent re vo ume or part t on s de eted However, f you’ve got an o der d sk w th an extended part t on on t that you use w th SBS, you won’t be ab e to de ete the extended part t on unt you de ete a of the og ca dr ves n the part t on You can d rect y de ete a pr mary part t on or a vo ume In a cases, when you de ete a vo ume, og ca dr ve, or part t on, you end up w th free or una ocated space and no data on the vo ume, dr ve, or part t on when you’re done, so make sure you have a good backup f there’s a chance you m ght ater need any of the data To de ete a part t on or vo ume, fo ow these steps 1. R ght-c ck the part t on or vo ume and se ect De ete Vo ume 2. At the De ete Vo ume warn ng, shown n F gure 11-11, c ck Yes to de ete the vo ume

Figure 11-11 The De ete RA D 5 Vo ume warn ng

When the vo ume or part t on s comp ete y de eted, the space t occup ed w be una ocated Space that s una ocated on dynam c d sks can be used to create m rrors, extend an ex st ng vo ume, create a RAID array, or otherw se manage the storage on your server Space that s una ocated on bas c d sks can be part t oned or used to extend a part t on

262 Chapter 11

Disk Management

Figure 11-12 The Act on menu for s mp e vo ume

3. Se ect Shr nk Vo ume from the menu to open the Shr nk d a og box shown n

F gure 11-13

Figure 11-13 The Shr nk d a og box for the s mp e vo ume D

4. Se ect the amount to shr nk the vo ume and then c ck Shr nk to change the s ze of the

vo ume

Extending a Volume You can add space to a vo ume w thout hav ng to back up, reboot, and restore your fi es f t s a s mp e vo ume or a spanned vo ume You do th s by convert ng the vo ume to a spanned or extended vo ume that ncorporates una ocated space on any d sk Unfortunate y, you can’t ncrease the s ze of a m rrored, str ped, or RAID-5 vo ume s mp y by add ng d sks to the array 264 Chapter 11

Disk Management

Note Some hardware RAID controllers support dynamically expanding RAID volumes.

When combined with hot-add disks, this gives you a far more flexible solution for managing your internal storage. But even after you’ve extended a hardware RAID volume, you’ll still need to extend it using Diskmanager or Diskpart.

To extend a vo ume, comp ete the fo ow ng steps 1. In the D sk Management conso e, r ght-c ck the vo ume you want to extend Choose

Extend Vo ume to open the Extend Vo ume W zard 2. C ck Next to open the Se ect D sks page, se ect one or more d sks from the st of d sks

that are ava ab e and have una ocated space C ck Add to add the se ected d sk or d sks, and nd cate the amount of space you want to add, as shown n F gure 11-14

Figure 11-14 The Se ect D sks page of the Extend Vo ume W zard

3. C ck Next and the Extend Vo ume W zard d sp ays a fina confirmat on page before ex-

tend ng the vo ume C ck F n sh to extend the vo ume The extended vo ume s shown n F gure 11-15


Chapter 11

265

All this makes SBS’s ability to create additional space on a volume without the need to back up the volume, reformat the disks, and re-create the volume a seductive feature. However, unless you’re running hardware RAID, you should think twice before jumping in. Only simple or spanned volumes allow you to add storage on the fly, and because neither is redundant, using them exposes your users to the risks of a failed drive. Yes, you have a backup, but even under the best of circumstances, you’ll lose some data if you need to restore a backup. Further, using spanned volumes actually increases your risk of a hard disk failure. If any disk used as part of the spanned volume fails, the entire volume is toast and will need to be restored from backup. Why, then, would anyone use spanning? Because they have hardware RAID to provide the redundancy. This combination offers the best of both worlds—redundancy provided by the hardware RAID controller and flexibility to expand volumes as needed, using Disk Management. Yet another compelling argument for hardware RAID, as if you needed any more.

Note Windows Small Business Server 2011 uses the terms extended and spanned nearly

interchangeably when describing volumes. Technically, however, a spanned volume must include more than one physical disk, whereas an extended volume can also refer to a volume that has had additional space added to the original simple volume on the same disk.

Adding a Mirror When your data s m ss on-cr t ca and you want to make sure that the data s protected and a ways ava ab e no matter what happens to one of your hard d sks, cons der m rror ng the data onto a second dr ve SBS can m rror a dynam c d sk onto a second dynam c d sk that s at east the same s ze as the or g na so that the fa ure of e ther d sk does not resu t n oss of data To m rror a vo ume, you can e ther se ect a m rrored vo ume when you create the vo ume or you can add a m rror to an ex st ng vo ume To add a m rror to an ex st ng vo ume, comp ete the fo ow ng steps 1. In the D sk Management conso e, r ght-c ck the vo ume you want to m rror If a poten-

t a m rror s ava ab e, the shortcut menu sts the Add M rror command 2. Choose Add M rror to d sp ay the Add M rror d a og box, shown n F gure 11-16


Chapter 11

267

Figure 11-16 The Add M rror d a og box

3. Se ect the d sk to use for the m rror, and c ck Add M rror If e ther or both of the d sks

are bas c d sks, you’ get a warn ng that the change w d sks C ck Yes to proceed

convert the d sks to dynam c

4. The m rror s created mmed ate y and starts dup cat ng the data from the or g na

d sk to the second ha f of the m rror Th s process s ca ed regeneration, or somet mes resynching (The process of regenerat on s a so used to d str bute data across the d sks when a RAID-5 vo ume s created ) Note Regeneration is both CPU-intensive and disk-intensive. When possible, create

mirrors during slack times or during normally scheduled downtime. Balance this goal, however, with the equally important goal of providing redundancy and failure protection as expeditiously as possible.

Best Practices To improve your overall data security and reliability, mirror your vol-

umes onto disks that use separate controllers whenever possible. This process is known as duplexing and eliminates the disk controller as a single point of failure. It can also speed up both reading and writing to the mirror, because the controller and bus are no longer potential bottlenecks.

Drive Failure in a Mirrored Volume If one of the d sks n a m rrored vo ume fa s, you can cont nue to have fu access to a your data w thout oss SBS marks the fa ed d sk as m ss ng and takes t offl ne It a so, however, takes the other ha f of the m rror and marks t as fa ed, as shown n F gure 11-17 Th s doesn’t mean your data s ost But t does mean you can’t access t unt you break the m rror The m ss ng d sk w then need to be rep aced and the m rror re-created to restore redundancy

268 Chapter 11

Disk Management

Figure 11-17 A m ss ng d sk causes a fa ure on both ha ves of a m rror

To recover access to the data that was on the fa ed m rror, you need to remove the m rror and react vate the good d sk by fo ow ng these steps 1. Open D sk Management f t sn’t a ready open 2. R ght-c ck the m rrored d sk that shows as on ne (D sk 2 n F gure 11-17) 3. Se ect Remove M rror from the shortcut menu to open the Remove M rror d a og box

shown n F gure 11-18

Figure 11-18 The Remove M rror d a og box


Chapter 11

269

4. Se ect the m ss ng or offl ne d sk, and c ck Remove M rror You’ be prompted to con-

firm the remova C ck Yes, and the m rror s removed, but the d sk s st because the dr ve etter mapp ng has to be reestab shed

not ava ab e

5. R ght-c ck the now hea thy vo ume, and se ect Change Dr ve Letter And Paths to open

the d a og box shown n F gure 11-19

Figure 11-19 The Change Dr ve Letter And Paths d a og box

6. C ck Add to open the Add Dr ve Letter Or Path d a og box, se ect a dr ve etter from

the drop-down st, and c ck OK If you attempt to use the same dr ve etter as the dr ve had n the past, you’ see the warn ng message shown n F gure 11-20

Figure 11-20 D sk Management warns when you try to map a dr ve etter that t has a remem bered connect on to

7. C ck Yes, and the dr ve etter s ass gned and the d sk s ava ab e

If you need to make add t ona d sk space ava ab e on your system and you have no add t ona d sks ava ab e, you can remove the m rror from a m rrored vo ume When you remove a m rror, the data on one of the d sks s untouched, but the other d sk becomes una ocated space Of course, you w have ost a redundancy and protect on for the data, so you need to take steps to restore the m rror as soon as poss b e Unt then, you m ght want to mod fy your backup schedu e for the rema n ng d sk To remove a m rror, comp ete the fo ow ng steps 1. In the D sk Management conso e, r ght-c ck e ther ha f of the m rror Choose Remove

M rror from the shortcut menu The Remove M rror d a og box opens

270 Chapter 11

Disk Management

2. Se ect the d sk you want to remove from the m rror C ck Remove M rror You get one

ast chance to change your m nd C ck OK, and the d sk you h gh ghted becomes una ocated space

Breaking a Mirror If a d sk fa s and you can’t rep ace t w th an dent ca one, break the m rror unt a rep acement becomes ava ab e Break ng a m rror severs the connect on between the two d sks, a ow ng the rema n ng d sk to cont nue to funct on norma y unt a rep acement d sk becomes ava ab e When the rep acement d sk s ava ab e, the m rror can be re-created You m ght a so find t usefu to break a m rror even when both d sks are st funct on ng, because you then end up w th two dent ca cop es of the same data One ha f of the broken m rror cont nues to have the same dr ve etter or mount po nt, wh e the second ha f of the broken m rror s ass gned the next ava ab e dr ve etter To break a m rror, comp ete the fo ow ng steps 1. In the D sk Management conso e, r ght-c ck e ther d sk of the m rrored vo ume 2. Choose Break M rrored Vo ume from the shortcut menu You’re asked to confirm that

you rea y want to break t 3. C ck Yes, and the m rror s broken You’ have two vo umes One reta ns the dr ve etter

or mount po nt of the or g na m rror, and the other s ass gned the next ava ab e dr ve etter They w both conta n exact dup cates of the data at the nstant of the break but w mmed ate y start to d verge as they are mod fied

RAID-5 Volumes W ndows Sma Bus ness Server 2011 supports a software mp ementat on of RAID-5 that a ows you to have a redundant fi e system w thout the 50-percent capac ty overhead of us ng m rrored vo umes The overhead on a RAID-5 vo ume decreases for each add t ona d sk you add to the vo ume, mak ng th s the most space-effic ent method of prov d ng redundancy n SBS Unfortunate y, th s effic ency doesn’t come w thout some costs RAID-5 arrays are nherent y s ower at wr te operat ons than even a p a n o d stand-a one dr ve You a so don’t have the flex b ty that you have w th m rrored vo umes n SBS You can’t s mp y remove a dr ve from a RAID-5 vo ume, nor can you break a fa ed dr ve out of the vo ume, a ow ng the rema n ng dr ves to regenerate Further, when a d sk fa s on a RAID-5 vo ume, not on y s the vo ume no onger redundant, but t a so gets a ot s ower because both read and wr te operat ons must ca cu ate the correct va ue for every byte read or wr tten


Chapter 11

271

Figure 11-21 SBS 2011 can use VHDs just ke regu ar hard d sks

3. Spec fy the ocat on and name of the VHD fi e, and c ck OK to attach the VHD If th s s

a new VHD, you’ need to n t a ze t just as you wou d a new phys ca hard d sk

Mounting a Volume SBS borrows a concept from the UNIX wor d by add ng the ab ty to mount a vo ume or part t on on a subfo der of an ex st ng dr ve etter A mounted vo ume can a so have a dr ve etter assoc ated w th t, a though t does not need to, and t can be mounted at more than one po nt, g v ng mu t p e entry po nts nto the same storage A vo ume must be mounted on an empty subfo der of an ex st ng NTFS vo ume or dr ve FAT and FAT32 dr ves do not support mounted vo umes You can mount on y a s ng e vo ume at a g ven mount po nt, but you can then mount further vo umes on top of an ex st ng mounted vo ume, w th the same ru es and restr ct ons as any other mount An mportant caut on, however the propert es of a dr ve do not show a the ava ab e d sk space for that dr ve, because they do not reflect any vo umes mounted on the dr ve Further, mounted vo umes are not supported w th W ndows Serv ces for UNIX on shared Network F e System (NFS) exports Mounted vo umes can be used to prov de a m x of redundant and nonredundant storage n a og ca structure that meets the bus ness needs of the bus ness wh e h d ng the comp ex t es of the phys ca structure from the users, but th s approach does pose potent a ssues dur ng d saster recovery and for some k nds of fi e access


Chapter 11

273

The vo ume be ng mounted appears to users as a s mp e d rectory Th s feature makes t poss b e to create arger fi e systems that use mu t p e hard d sks w thout the nherent r sks of us ng spanned vo umes, because the fa ure of any one of the mounted vo umes affects on y the d rector es that were part of that vo ume To mount a vo ume, comp ete the fo ow ng steps 1. From the D sk Management conso e, r ght-c ck a vo ume or part t on Choose Change

Dr ve Letter And Paths from the shortcut menu The Change Dr ve Letter And Paths d a og box opens 2. C ck Add to open the Add Dr ve Letter Or Path d a og box shown n F gure 11-22

Figure 11-22 The Add Dr ve Letter Or Path d a og box used to mount a vo ume

3. You can type the mount po nt or c ck Browse to se ect or create a mount po nt Any

empty d rectory that res des on a nonremovab e NTFS vo ume can be the mount po nt 4. After you se ect or type the mount po nt, c ck OK, and the vo ume or part t on s

mounted Important It’s actually easy to get yourself into trouble with this new feature. Disk

Management lets you make multiple levels of mounted volumes, including ones that are recursive. You’re well advised to mount volumes only at the root level of a drive. Trying to mount below that point can lead to confusion and make management and documentation difficult. Also, verify with your backup vendor that mount points are fully supported by their application.

Summary In th s chapter, we covered the deta s of how to manage the hard d sks on your W ndows Sma Bus ness Server 2011 computer, and how to configure them for data ntegr ty and redundancy In the next chapter, we’ cover the configurat on and management of fi e storage on your SBS server

274 Chapter 11

Disk Management

CHAPTER 12

Storage Management E

ven re at ve y sma networks need a ot of storage, and as t me passes and the network grows, the need for storage grows exponent a y, not mere y ar thmet ca y Fortunate y, hard dr ves have become cheaper even as the r storage capac ty ncreases Unfortunate y, that c rcumstance often eads to attempts to manage storage requ rements by s mp y buy ng more d sks L ke many qu ck fixes, th s can work for a wh e but eads to backup and arch va comp cat ons, and t can end up mak ng t even more d fficu t to manage the storage of your network W th a b t of p ann ng and a b t more mp ementat on, you can keep your storage manageable Note In this chapter, we cover file system storage management. However, another op-

tion for managed shared storage is Microsoft SharePoint Foundation Server 2010, which is the basis for the Companyweb in Microsoft Windows Small Business Server (SBS) 2011 Standard. For more information, see Chapter 23, “Customizing a SharePoint Site.”

Distributed File System D str buted F e System (DFS) a ows you to group shared fo ders ocated on d fferent servers and present them to users as a v rtua tree of fo ders known as a namespace A namespace has many benefits, nc ud ng ncreased ava ab ty of data, oad shar ng, and s mp fied data m grat on DFS Rep cat on a ows adm n strators to rep cate fo ders n a bandw dth-effic ent manner us ng the remote d fferent a compress on (RDC) a gor thm that rep cates on y the changed b ocks w th n a fi e DFS namespaces and DFS Rep cat on are usefu for the fo ow ng purposes ■

Organ z ng a arge number of fi e shares scattered across mu t p e servers nto a cont guous namespace so that users can find the fi es they need

■

Improv ng the ava ab ty and performance of fi e shares, espec a y n network env ronments w th mu t p e s tes, where DFS namespaces can red rect users to the c osest ava ab e server

275

■

“Cach ng” data at a branch office so that users can access fi es at a oca fi e server, wh ch then effic ent y rep cates w th a centra fi e server across a w de area network (WAN) connect on

■

Centra z ng backup from branch offices by rep cat ng a data from the branch office to a centra server that s backed up regu ar y

■

Keep ng two or more fi e shares n sync over oca area network (LAN) or WAN nks

Note You can use DFS to create a loosely coupled collaboration environment where DFS

Replication replicates data between multiple servers. However, DFS Replication does not include the ability to check out files (as you’d check out books from a library) or replicate files that are in use, such as multiuser databases. Therefore, use Windows SharePoint Services in environments where users regularly attempt to edit the same file at the same time from different locations.

DFS Terminology Much of the term no ogy n DFS s very spec fic to the DFS env ronment Acqua nt ng yourse f w th these terms w save a ot of confus on ater ■

Namespace A namespace s a v rtua v ew of shared fo ders The fo ders can be n a var ety of ocat ons but appear to the user as a s ng e tree

■

Namespace server A namespace server hosts a namespace The namespace server can be a member server or a doma n contro er

■

Namespace root The namespace root s the shared fo der that serves as the root for a part cu ar namespace Because DFS s a v rtua fi e system, the namespace root can be any shared fo der on an NTFS part t on

■

Folders Fo ders n a DFS namespace can prov de structura depth to a h erarchy or conta n fo der targets that map to shares

■

Folder target A fo der target s the Un versa Nam ng Convent on (UNC) path of a shared fo der or another namespace that s assoc ated w th a fo der n a namespace The fo der target s where data and content are stored

Note Folders can contain folder targets or other folders, but not both at the same level

in the hierarchy.

DFS c ents automat ca y choose a fo der target n the r s te, f ava ab e, reduc ng nters te network ut zat on If more than one target s ava ab e on the c ent’s s te, each c ent random y se ects a target, spread ng the oad even y across a ava ab e servers If a target goes

276 CHAPTER 12

Storage Management

down, the c ent automat ca y p cks a d fferent target (Th s process s ca ed client failover ) When the or g na target comes back on ne, the c ent automat ca y sw tches back to the preferred target f the namespace server and the c ent support c ent fa back In th s way, targets prov de fau t to erance, oad ba anc ng, and s te awareness You can use DFS Rep cat on to keep fo der targets synchron zed

Namespace Type There are two types of DFS Namespaces stand-a one and doma n-based A stand-a one namespace (for examp e, \\srv1\public) stores a namespace nformat on on the reg stry of the namespace server nstead of n Act ve D rectory Any server runn ng W ndows 2000 Server or ater can host a stand-a one namespace, regard ess of whether the server be ongs to a doma n (though servers runn ng W ndows Server 2003 and W ndows 2000 Server do not support a features of DFS Namespaces) Stand-a one namespaces can host more fo ders (up to 50,000 fo ders w th targets) than doma n-based namespaces (wh ch can ho d up to 5,000 fo ders w th targets), but the on y way to prov de redundancy for a stand-a one namespace root s to use a server c uster You cannot use mu t p e namespace servers to host a stand-a one namespace as you can w th a doma n-based namespace However, you can rep cate fo ders n a stand-a one namespace as ong as a rep cat on members be ong to the same Act ve D rectory forest as n a W ndows SBS doma n Doma n-based namespace roots (for examp e, \\example.local\public) d ffer from stand-a one namespace roots n two ways F rst, you must host doma n-based namespace roots on a member server or doma n contro er of an Act ve D rectory doma n Second, doma n-based namespace roots automat ca y pub sh the DFS topo ogy n Act ve D rectory Th s arrangement prov des fau t to erance and network performance opt m zat on by d rect ng c ents to the nearest target Choose a stand-a one namespace f the network does not use Act ve D rectory or f the namespace conta ns more than 5,000 fo ders w th targets Otherw se, choose a doma n-based namespace to use mu t p e namespace servers for redundancy and to take advantage of Act ve D rectory for s te-aware c ent referra s You can a so comb ne the two For examp e, you can create a doma n-based namespace that nc udes a stand-a one root as a fo der Before creat ng namespaces, des gn the namespace h erarchy n a s m ar manner to the way you des gned the doma n structure for the organ zat on Create a namespace structure that s og ca , easy to use (for end users!), and matches the organ zat on des gn, and then get the key stakeho ders n the project to s gn off on the des gn En st some representat ve users from the organ zat on to rev ew the namespace des gn and prov de feedback

Distributed File System

CHAPTER 12 277

Namespace Server Requirements The fo ow ng servers can host mu t p e namespaces ■

W ndows Server 2008 R2 Enterpr se

■

W ndows Server 2008 R2 Datacenter

■

W ndows Server 2008 Enterpr se

■

W ndows Server 2008 Datacenter

■

W ndows Server 2003 R2, Enterpr se Ed t on

■

W ndows Server 2003 R2, Datacenter Ed t on

■

W ndows Server 2003, Enterpr se Ed t on

■

W ndows Server 2003, Datacenter Ed t on

Servers runn ng the fo ow ng operat ng systems can host on y a s ng e namespace ■

W ndows Server 2008 R2 Standard

■

W ndows Server 2008, Standard

■

W ndows Server 2003 R2, Standard Ed t on w th Serv ce Pack 2 or ater

■

W ndows Server 2003, Standard Ed t on w th Serv ce Pack 2 or ater

Note Windows Server 2003, Web Edition cannot host any namespaces. It can act as a

folder target. Up to ten concurrent incoming Server Message Block (SMB) connections are permitted.

Namespace Client Requirements To access the DFS fo der structure, you need a DFS c ent Users can access fi e shares that are part of a DFS namespace w thout a DFS c ent; however, the user does not benefit from any of the DFS features, such as h erarch ca namespaces, mu t p e fo der targets, and s te-aware c ent referra s The fo ow ng operat ng systems nc ude fu support for DFS Namespaces, nc ud ng support for c ent fa back to the preferred fo der target ■

W ndows 7

■

W ndows Server 2008

■

W ndows Server 2008 R2

■

W ndows V sta Bus ness, W ndows V sta Enterpr se, W ndows V sta U t mate

■

W ndows Server 2003 R2

■

W ndows Storage Server 2003 R2

■

W ndows Server 2003 w th SP2, or SP1 and the W ndows Server 2003 c ent fa back hotfix

■

W ndows XP Profess ona w th SP3, or SP2 and the W ndows XP c ent fa back hotfix

278 CHAPTER 12

Storage Management

The c ent fa back hotfixes are descr bed n M crosoft Know edge Base art c e 898900 at http://support.microsoft.com/kb/898900 Users runn ng the fo ow ng operat ng systems can access namespaces, but f a fo der target becomes unava ab e and then ater comes back on ne, the computer w not fa back (return) to the preferred fo der target ■

W ndows Storage Server 2003

■

W ndows XP Profess ona

■

W ndows Pre nsta at on Env ronment (W ndows PE) W ndows PE can access stand-a one namespaces, but t can’t access doma n-based namespaces

■

W ndows 2000 Server

■

W ndows 2000 Profess ona

For opt ma use of DFS, c ents that can fa back are preferred

DFS Replication Before dep oy ng DFS Rep cat on, ver fy that a the fo ow ng tasks have been done ■

Extend (or update) the Act ve D rectory Doma n Serv ces (AD DS) schema to nc ude W ndows Server 2003 R2 or W ndows Server 2008 schema add t ons Note For information about extending the AD DS schema, see http://technet

.microsoft.com/en-us/magazine/cc462798.aspx?pr=blog.

■

Insta the F e Serv ces ro e w th the DFS Rep cat on ro e serv ce on a servers that w act as members of a rep cat on group

■

Ensure that a members of the rep cat on group are runn ng W ndows Server 2008 or W ndows Server 2003 R2

■

Insta DFS Management on a server to manage rep cat on

■

Store rep cated fo ders on NTFS vo umes

■

Ver fy that your ant v rus software s compat b e w th DFS Rep cat on

File Replication Service F e Rep cat on Serv ce (FRS), ntroduced n W ndows Server 2000, rep cates fi es and fo ders that are stored n DFS fo ders or n the SYSVOL fo der on doma n contro ers FRS n W ndows Server 2008 s an opt ona ro e serv ce of the F e Serv ces server ro e that a ows rep cat on of content w th other servers that use FRS nstead of DFS Rep cat on


CHAPTER 12 279

DFS Rep cat on rep aces FRS for rep cat on of DFS fo ders on servers runn ng W ndows Server 2003 R2 or W ndows Server 2008 In doma ns that use the W ndows Server 2008 doma n funct ona eve , DFS Rep cat on rep aces FRS for the SYSVOL fo der as we Ne ther DFS Rep cat on nor FRS supports fi e support checkout or merg ng If two or more users mod fy the same fi e s mu taneous y on d fferent servers, DFS Rep cat on uses a confl ct-reso ut on method of “ ast wr ter w ns” for fi es that are n confl ct (that s, a fi e that s updated at mu t p e servers s mu taneous y) and “ear est creator w ns” for name confl cts DFS Rep cat on moves the other cop es to a confl ct fo der on the os ng server but does not rep cate th s fo der by defau t, un ke FRS, so the fo der rema ns on the oca server To avo d confl cts, use W ndows SharePo nt Serv ces when users n mu t p e ocat ons need to co aborate on the same fi es at the same t me (W ndows SharePo nt Serv ces a ows users to check out fi es ) DFS Rep cat on, ke FRS, s a mu t master rep cat on eng ne that detects changes n a fi e by mon tor ng the update sequence number (USN) journa and rep cat ng the changed fi e after the fi e s c osed Un ke FRS, DFS Rep cat on uses a vers on vector exchange protoco to determ ne what parts of the fi e are d fferent, and then uses the RDC protoco to rep cate on y changed b ocks of fi es arger than 64 KB Th s makes DFS Rep cat on much more effic ent at rep cat on than FRS, wh ch s part cu ar y mportant when rep cat ng w th servers across a WAN nk DFS Rep cat on does not rep cate fi es that make use of Encrypt ng F e System (EFS) encrypt on

Replication Topologies DFS Rep cat on can make use of severa topo og es hub and spoke, fu mesh, and custom These topo og es are fam ar to most network adm n strators, but here s a qu ck rev ew ■

Hub and spoke Th s topo ogy s a so known as a star topo ogy Each server rep cates w th a centra server, m n m z ng the use of WAN nks Th s topo ogy s s m ar to an Ethernet network, wh ch uses a hub or sw tch as the center of the network Choose th s topo ogy to reduce network usage when the rep cat on group has more than 10 members, or when members of the rep cat on group are n a s te connected v a a WAN connect on

■

Full mesh A servers rep cate w th a other servers Choose th s topo ogy when the rep cat on group has fewer than 10 servers and a nks have ow enough costs (performance or monetary) to a ow each server to rep cate w th every other server The

280 CHAPTER 12

Storage Management

fu -mesh topo ogy m n m zes the t me t takes to propagate changes to a members of the rep cat on group and ncreases re ab ty by rep cat ng w th a members of the rep cat on group, but t a so ncreases network traffic from rep cat on ■

Custom Th s topo ogy a ows you to manua y spec fy rep cat on connect ons

Installing DFS Management To manage a DFS namespace and DFS Rep cat on, you must first nsta DFS Management Se ect Server Manager from the Adm n strat ve Too s menu, and nsta the F e Serv ces ro e on the server Then fo ow these steps 1. In Server Manager, expand the Ro es node; then r ght-c ck F e Serv ces and se ect Add

Ro e Serv ces (See F gure 12-1 )

Figure 12-1 Add ng ro e serv ces

2. Se ect D str buted F e System, as shown n F gure 12-2, and then c ck Next


CHAPTER 12 281

Figure 12-2 Se ect ng the f e serv ces to nsta

3. On the Create A DFS Namespace page, se ect Create A Namespace Now and prov de a

name A ternat ve y, you can choose to create the namespace ater C ck Next 4. On the Se ect Namespace Type page, se ect Doma n-Based Namespace and c ck Next 5. On the Configure Namespace page, c ck Add to add fo ders to the namespace In th s

process, shown n F gure 12-3, you can browse for fo der targets and p ace the targets n the fo ders you choose C ck OK

Figure 12-3 Add ng a fo der to the namespace

282 CHAPTER 12

Storage Management

6. When you fin sh add ng fo ders to the namespace, c ck Next 7. Rev ew the se ect ons and c ck Insta

Creating or Opening a Namespace Root The first step n work ng w th DFS Namespaces s to create a namespace or open an ex st ng namespace root If you created a namespace root when nsta ng DFS Management, you can use th s procedure to open t; otherw se, fo ow these steps to create one 1. Launch DFS Management from the Adm n strat ve Too s fo der Nav gate to DFS Man-

agement and then to the Namespaces node 2. To open an ex st ng namespace root, r ght-c ck Namespaces and choose Add

Namespace To D sp ay To create a new namespace root, r ght-c ck Namespaces and choose New Namespace The New Namespace W zard appears 3. On the Namespace Server page, type the name of the server that you want to host

the namespace root and then c ck Next If the DFS serv ce s d sab ed, c ck Yes n the Warn ng d a og box to start the DFS serv ce and set ts start-up sett ng to Automat c 4. On the Namespace Name And Sett ngs page, type the name to use for the namespace

root Th s name appears as the share name to users—for examp e, \\example.local\ public The New Namespace W zard creates the namespace root n the %SYSTEMDRIVE% \DFSRoots\name fo der and g ves a users read-on y perm ss ons To change these sett ngs, c ck Ed t Sett ngs C ck Next 5. On the Namespace Type page (shown n F gure 12-4), choose whether to create a

doma n-based namespace or a stand-a one namespace, and then c ck Next

■

Se ect Doma n-Based Namespace to store the namespace on mu t p e servers n Act ve D rectory An examp e of a doma n-based namespace s \\example.local\public

■

Se ect Stand-A one Namespace to create the namespace on a s ng e server or server c uster An examp e of a stand-a one namespace s \\srv1\public


CHAPTER 12 283

Figure 12-4 Choos ng the namespace type

6. On the Rev ew Sett ngs And Create Namespace page, c ck Create The New

Namespace W zard creates the namespace root Correct any errors us ng the Prev ous button and then c ck C ose

Creating a Namespace from a Command Prompt To create a namespace from a command prompt, use the Dfsut /Addftroot or Dfsut /Addstdroot commands For examp e, to create the same namespace shown n F gure 12-4, fo ow these steps 1. Open the Command Prompt w ndow Start the DFS serv ce, and set the start-up type

to Automat c f t s not a ready by typ ng the fo ow ng commands Sc Start Dfs Sc Config Dfs Start= Auto

2. Create a fo der and fi e share for the namespace root by typ ng the fo ow ng

commands Md E:\Public Net Share Public=E:\Public

284 CHAPTER 12

Storage Management

3. Create the doma n-based namespace root by typ ng the fo ow ng command Dfsutil /Addftroot /Server:Srv1 /Share:Public

Adding Namespace Servers The namespace root s the most mportant part of the namespace W thout t, c ents cannot access any DFS fo ders Because of th s, the first step n creat ng a more fau t-to erant namespace s to add namespace servers to the namespace root If poss b e, add at east one namespace server on each s te where users need access to the DFS namespace by fo ow ng these steps 1. In the DFS Management conso e, nav gate to Namespaces, r ght-c ck the doma n-

based namespace root you want to rep cate, and then choose Add Namespace Server 2. In the Add Namespace Server d a og box, type the path to the namespace server

and then c ck OK W ndows creates the namespace root on the target server n the %SYSTEMDRIVE% \DFSRoots\name fo der and g ves a users read-on y perm ss ons To change these sett ngs, c ck Ed t Sett ngs 3. If the DFS serv ce s d sab ed, c ck Yes n the Warn ng d a og box to start the DFS ser-

v ce and set ts start-up sett ng to Automat c 4. To add a namespace server to a namespace from a command prompt, create the

appropr ate shared fo der, ver fy that the DFS serv ce s started and the start-up type s set to Automat c, and then use the Dfsut /Addftroot command For examp e, open a command prompt w ndow and then type Dfsutil /Addftroot /Server:Srv2/ Share:Public

Adding DFS Folders DFS fo ders a ow users to nav gate from the namespace root to other fi e shares on the network w thout eav ng the DFS namespace structure To create a DFS fo der, fo ow these steps 1. R ght-c ck the namespace root to wh ch you want to add a fo der, and then choose

New Fo der Th s d sp ays the New Fo der d a og box, shown n F gure 12-5


CHAPTER 12 285

Figure 12-5 Creat ng a new fo der

2. Type a name for the fo der n the Name box To create a fo der that conta ns other DFS

fo ders, c ck OK w thout add ng any target fo ders Th s creates a ayer of structure to the namespace 3. To add target fo ders, c ck Add and then type the shared fo der’s UNC or DNS path, or

c ck Browse to browse to the shared fo der 4. Add any add t ona fo der targets, and then c ck OK

If you added mu t p e fo der targets, c ck Yes n the Rep cat on d a og box to create a repcat on group for the fo der targets or c ck No to set up a rep cat on group ater (or not at a ) If you c ck Yes, the Rep cate Fo der W zard appears w th some sett ngs a ready entered For more nformat on, see “Creat ng a Rep cat on Group” ater n th s chapter To create a DFS fo der from a command prompt, create the appropr ate fi e shares, and then use the Dfscmd /Map command (You cannot add DFS fo ders w thout fo der targets from a command prompt ) For examp e, open the Command Prompt w ndow and then type the fo ow ng commands Dfscmd /Map \\Example.local\Public\Software \\Dc1\Software Dfscmd /Add \\Example.local\Public\Software \\Srv2\Software

286 CHAPTER 12

Storage Management

Note To publish a DFS folder or namespace root in Active Directory so that users can

find the folder or namespace when searching Active Directory for shared folders, rightclick the appropriate container in the Active Directory Users And Computers console, choose New, choose Shared Folder, and then type the path of the namespace or DFS folder in the Network Path box.

Changing Advanced Settings The defau t sett ngs for DFS Management are appropr ate for most nsta at ons, but f you need to change advanced namespace sett ngs such as the referra order, change how namespace servers po doma n contro ers for DFS metadata, or de egate DFS Management perm ss ons, use the nformat on n the fo ow ng sect ons

Changing Namespace Referral Settings To change the cache durat on, the order n wh ch doma n contro ers or namespace servers refer c ents to namespace servers and fo der targets, or the fa back sett ngs for an ent re namespace, r ght-c ck a namespace root or fo der, choose Propert es, and c ck the Referra s tab (See F gure 12-6 )

Figure 12-6 The Referra s tab of a namespace Propert es d a og box


CHAPTER 12 287

Use the fo ow ng st to comp ete the process ■

In the Cache Durat on box, spec fy how ong c ents shou d cache referra s before po ng the doma n contro er or namespace server for a new referra

■

In the Order ng Method drop-down box, choose how doma n contro ers and namespace servers shou d refer c ents to fo der targets and namespace servers

■

Se ect the C ents Fa Back To Preferred Targets opt on to force a c ent to sw tch back to us ng ts preferred server when t comes back on ne

The preferred server s based on s te and any custom referra order ng sett ngs you spec fy on fo der targets Th s sett ng s supported by c ents runn ng W ndows XP w th Serv ce Pack 2 (SP2) and the post-SP2 W ndows XP c ent fa back hotfix, W ndows Server 2003 w th Serv ce Pack 1 and the W ndows Server 2003 c ent fa back hotfix, and W ndows Server 2003 R2 See Know edge Base art c e 898900 at http://support.microsoft.com/kb/898900 for nformat on on how to obta n th s hotfix

Overriding Referral Settings on Individual Folders DFS fo ders nher t referra sett ngs from the namespace root un ess you spec fica y overr de them To overr de the referra sett ngs for a fo der, r ght-c ck the appropr ate fo der, choose Propert es, c ck the Referra s tab, and then spec fy the sett ngs you want to overr de To exp c t y set a s ng e fo der target as the preferred target or set the fo der target as a target of ast resort, r ght-c ck the fo der target, choose Propert es, c ck the Advanced tab, se ect the Overr de Referra Order ng check box, and then spec fy the pr or ty for the target fo der

Delegating Management Permissions DFS Management sets the perm ss ons on the namespace object n Act ve D rectory or n the reg stry of the namespace server (when us ng a stand-a one namespace) To change the ab ty of users to perform common management tasks, use the fo ow ng st ■

Create and manage namespaces To v ew, add, or remove groups that can manage namespaces, r ght-c ck the Namespaces node, choose De egate Management Perm ss ons, and then use the De egate Management Perm ss ons d a og box

■

Manage individual namespaces and replication groups To v ew groups that can manage a namespace or rep cat on group, se ect the namespace or rep cat on group, and then c ck the De egat on tab To remove management perm ss ons for a group, r ght-c ck the group and choose Remove To g ve management perm ss ons for the namespace to a group, r ght-c ck the namespace, choose De egate Management Perm ss on, type the name of the group n the Se ect Users Or Groups d a og box, and then c ck OK

288 CHAPTER 12

Storage Management

■

Create and manage replication groups To v ew, add, or remove groups that can manage rep cat on, r ght-c ck the Rep cat on node, choose De egate Management Perm ss ons, and then use the De egate Management Perm ss ons d a og box

Changing Namespace Polling Settings To change how namespace servers po doma n contro ers for the atest namespace metadata n a doma n-based namespace, r ght-c ck the appropr ate namespace, choose Propert es, c ck the Advanced tab, and then choose one of the fo ow ng po ng methods ■

Optimize For Consistency Po s the pr mary doma n contro er (PDC) emu ator for new namespace po s data every hour and after each change to the namespace Use th s sett ng when the network conta ns 16 or fewer namespace servers to m n m ze the t me t takes to propagate namespace changes to a namespace servers Th s s the defau t sett ng

■

Optimize For Scalability Po s the nearest doma n contro er every hour for changes to the namespace Use th s sett ng when the network conta ns more than 16 namespace servers to reduce the oad on the PDC emu ator However, choos ng th s sett ng ncreases the amount of t me t takes to propagate namespace changes to a namespace servers Servers runn ng W ndows 2000 Server do not support th s sett ng and cont nue to use the Opt m ze For Cons stency po ng method

To enab e the Opt m ze For Sca ab ty po ng method from a command prompt, use the Dfsut /Rootsca ab ty command For examp e, open the Command Prompt w ndow, change to the d rectory n wh ch you p aced the Dfsut exe fi e, and then type Dfsutil /Root:Example.local\Public /Rootscalability /Enable

Backing Up and Restoring the DFS Folder Targets The DFS Namespaces database for doma n-based DFS s stored n Act ve D rectory, and you can back t up and restore t us ng Act ve D rectory–aware backup methods To back up the st ng of fo der targets for a stand-a one namespace root, type the fo ow ng text at a command prompt (rep ac ng ServerName and Namespace w th the name of the appropr ate server name and namespace root) DFScmd /V ew \\ServerName\Namespace /Batch >DFS backup bat To restore th s DFS structure, re-create the DFS namespace and then run the batch fi e you created Note In addition to backing up the DFS topology, back up the contents of the actual file

shares routinely. Always test the backup before relying on it. You can use the Dfsradmin Replicationgroup command to export DFS Replication settings such as replication group members and connections.


CHAPTER 12 289

Using DFS Replication An easy-to-use, fau t-to erant, and h gh-performance fi e system s not worth much f the data you want to access s unava ab e or out of date To ensure that fi es are ava ab e to users even f a server goes down, create add t ona fo der targets (as descr bed ear er n the “Addng DFS Fo ders” sect on) and use DFS Rep cat on to keep the fo der targets n sync You can a so use DFS Rep cat on to synchron ze fo ders that are not part of a DFS namespace—for examp e, to rep cate data from a branch office to a server n the ma n office that you back up regu ar y and re ab y

Creating a Replication Group A replication group s defined as two or more servers that part c pate n rep cat on Rep cat on groups define the rep cat on topo ogy used by members for rep cat on To create a rep cat on group, fo ow these steps 1. C ck Start, po nt to Adm n strat ve Too s, and then c ck DFS Management 2. In the conso e tree, r ght-c ck the Rep cat on node, and then c ck New Rep cat on

Group 3. Fo ow the nstruct ons n the New Rep cat on Group W zard

Conflict Resolution During the Initial Replication

I

f other members of the replication group have data in the replicated folders, Windows takes the following actions during the initial replication: ■

If an identical file already exists on the target server (any server other than the primary member), the primary member does not replicate the file.

■

If a file already exists on a target server but the file is not identical to the version on the primary member, Windows moves the file on the target server to the local conflict folder and then replicates the primary member’s version of the file, even if this file is older than the version on the target server.

■

If a file exists on a target server that is not present on the primary member, Windows does not replicate it during the initial replication but does replicate it during subsequent replications to other members, including the primary member.

After the initial replication, the primary member role goes away and replication is multiple-master-based. Do not delete, rename, or move files on the primary member or any member that has already replicated until the first replication is complete. (Look for Event 4104 in the DFS Replication log.) Deleting, renaming, or moving files before the first replication is complete can cause the files to reappear if they existed on a target that had not yet replicated.

290 CHAPTER 12

Storage Management

Replicating a DFS Folder To create a rep cated fo der n a new rep cat on group that rep cates a DFS fo der, use the fo ow ng steps 1. R ght-c ck the appropr ate fo der under the Namespaces node of DFS Management,

and choose Rep cate Fo der The Rep cate Fo der W zard appears 2. On the Rep cat on Group And Rep cated Fo der Name page, confirm the name for

the rep cat on group and for the rep cated fo der (The name for the rep cat on group must be un que on the doma n To add to an ex st ng rep cat on group, use the nstruct ons n the fo ow ng sect ons ) 3. On the Rep cat on E g b ty page, rev ew the target fo ders that w

be rep cated

C ck Next 4. On the Pr mary Member page, se ect the server that ho ds the data that you want to

use as the seed for the n t a rep cat on 5. On the Topo ogy Se ect on page, se ect one of the fo ow ng rep cat on topo og es ■

Hub And Spoke Spoke servers rep cate w th one or two centra hub servers Hub servers rep cate w th a other hub servers by us ng the fu -mesh topo ogy, as we as w th des gnated spoke servers Choose th s topo ogy n arge network env ronments and env ronments w th mu t p e branch offices Th s topo ogy requ res a m n mum of three members

■

Full Mesh A servers rep cate w th a other servers Choose th s topo ogy when there are fewer than 10 servers n the rep cat on group and a nks have ow enough costs (performance or monetary) to a ow each server to rep cate w th every other server nstead of a centra hub server

■

No Topology Th s opt on does not spec fy a topo ogy and postpones rep cat on unt you spec fy a rep cat on topo ogy manua y To spec fy a rep cat on topo ogy after creat ng the rep cat on group, r ght-c ck the rep cat on group n the DFS Management snap- n and then choose New Topo ogy

6. On the Hub Members page that appears f you chose the Hub And Spoke topo ogy,

spec fy the hub servers 7. On the Hub And Spoke Connect ons page that appears f you chose the Hub And

Spoke topo ogy, ver fy that the w zard sts the proper spoke servers To change the requ red hub server w th wh ch a spoke member rep cates preferent a y, or the opt ona hub member w th wh ch a spoke member rep cates f the requ red hub member s unava ab e, se ect the spoke server, c ck Ed t, and then spec fy the requ red hub and the opt ona hub 8. On the Rep cat on Group Schedu e And Bandw dth page, choose when to rep cate

and the max mum amount of bandw dth you want DFS Rep cat on to use


CHAPTER 12 291

9. To create a custom schedu e, choose Rep cate Dur ng The Spec fied Days And T mes

and then c ck Ed t Schedu e You can create a custom schedu e that uses Coord nated Un versa T me (UTC) or the oca t me of the rece v ng server 10. On the Rev ew Sett ngs And Create Rep cat on Group page, rev ew the sett ngs and

then c ck Create Rev ew any errors and then c ck C ose W ndows then rep cates topo ogy and rep cat on sett ngs to a doma n contro ers A rep cat on group member po s ts nearest doma n contro er regu ar y (By defau t, rep cat on group members perform a ghtwe ght po every five m nutes for Subscr pt on objects under the oca computer conta ner and a fu po every hour ) It rece ves the sett ngs after W ndows updates the doma n contro er To change the rep cat on po ng nterva , use the Dfsrd ag command

Creating a Branch Office Replication Group To create a rep cat on group that rep cates a s ng e branch server w th a s ng e hub server, use the fo ow ng steps 1. In the DFS Management snap- n, r ght-c ck Rep cat on and choose New Rep cat on

Group The New Rep cat on Group W zard appears Note Creating replicated folders within an existing replication group is faster than

creating a new replication group for each replicated folder because the replication group automatically applies its schedule, topology, and bandwidth-throttling settings to the new replicated folder.

2. On the Rep cat on Group Type page, choose Rep cat on Group For Data Co ect on 3. On the Name And Doma n page, type a name for the rep cat on group that s un que

on the doma n, spec fy n wh ch doma n to host the rep cat on group, and opt ona y type a descr pt on of the rep cat on group 4. On the Branch Server page, type the name of the branch server that ho ds the data

that you want to rep cate w th the hub server 5. On the Rep cated Fo ders page, c ck Add, and then use the Add Fo der To Rep cate

d a og box to spec fy the oca fo der on the branch server to rep cate w th the hub server C ck OK when you are fin shed 6. On the Hub Server page that appears f you chose Rep cat on Group For Data Co ec-

t on on the Rep cat on Group Type page, type the name of the hub server that serves as a rep cat on target for the rep cated fo ders 7. On the Target Fo der On Hub Server page, spec fy the oca fo der on the hub server n

wh ch you want to p ace rep cated data from the branch server Th s fo der s usua y ocated n a fo der or vo ume that you back up regu ar y

292 CHAPTER 12

Storage Management

8. On the Rep cat on Group Schedu e And Bandw dth page, choose when to rep cate

and the max mum amount of bandw dth you want to a ow DFS Rep cat on to use To create a custom schedu e, choose Rep cate Dur ng The Spec fied Days And T mes and then c ck Ed t Schedu e You can create a custom schedu e that uses Coord nated Un versa T me (UTC) or the oca t me of the rece v ng server 9. On the Rev ew Sett ngs And Create Rep cat on Group page, rev ew the sett ngs and

then c ck Create Rev ew for errors and then c ck C ose W ndows then rep cates the topo ogy and rep cat on sett ngs to a doma n contro ers A rep cat on group member po s ts nearest doma n contro er regu ar y (By defau t, rep cat on group members perform a ghtwe ght po every five m nutes for Subscr pt on objects under the oca computer conta ner and a fu po every hour ) It rece ves the sett ngs after W ndows updates the doma n contro er To change the rep cat on po ng nterva , use the Dfsrd ag command

Creating a Multipurpose Replication Group To create a rep cat on group that rep cates any number of servers w th any number of other servers, use the fo ow ng steps 1. In the DFS Management snap- n, r ght-c ck Rep cat on and choose New Rep cat on

Group The New Rep cat on Group W zard starts 2. On the Rep cat on Group Type page, choose Mu t purpose Rep cat on Group 3. On the Name And Doma n page, type a name for the rep cat on group that s un que

on the doma n, spec fy n wh ch doma n to host the rep cat on group, and opt ona y type a descr pt on of the rep cat on group 4. On the Rep cat on Group Members page, add the servers on wh ch you want to rep -

cate content 5. On the Topo ogy Se ect on page, choose a rep cat on techno ogy

6 On the Hub Members page that appears f you chose the Hub And Spoke topo ogy, spec fy the hub servers 7. On the Hub And Spoke Connect ons page that appears f you chose the Hub And

Spoke topo ogy, ver fy that the w zard sts the proper spoke servers To change the requ red hub server w th wh ch a spoke member rep cates preferent a y, or the opt ona hub member w th wh ch a spoke member rep cates f the requ red hub member s unava ab e, se ect the spoke server, c ck Ed t, and then spec fy the requ red hub and the opt ona hub 8. On the Rep cat on Group Schedu e And Bandw dth page, choose when to rep cate

and the max mum amount of bandw dth you want to a ow DFS Rep cat on to use To create a custom schedu e, choose Rep cate Dur ng The Spec fied Days And T mes and then c ck Ed t Schedu e You can create a custom schedu e that uses Coord nated Un versa T me (UTC) or the oca t me of the rece v ng server


CHAPTER 12 293

9. On the Pr mary Member page, se ect the server that ho ds the data that you want to

use as the seed for the n t a rep cat on 10. On the Fo ders To Rep cate page, c ck Add, and then use the Add Fo der To Rep cate

d a og box to spec fy the fo der to rep cate C ck OK when you are fin shed 11. On the Loca Path Of Folder On Other Members page, se ect a rep cat on member that

you want to part c pate n the rep cat on of the spec fied fo der, c ck Ed t, and then use the Ed t Loca Path d a og box to enab e rep cat on and spec fy the oca fo der on the target server n wh ch to p ace rep cated data from the hub server Repeat th s step for every rep cated fo der you spec fy n the Rep cated Fo ders page 12. On the Rev ew Sett ngs And Create Rep cat on Group page, rev ew the sett ngs and

then c ck Create Rev ew any errors and then c ck C ose W ndows then rep cates the topo ogy and rep cat on sett ngs to a doma n contro ers A rep cat on group member po s ts nearest doma n contro er regu ar y (By defau t, rep cat on group members perform a ghtwe ght po every five m nutes for Subscr pt on objects under the oca computer conta ner and a fu po every hour ) It rece ves the sett ngs after W ndows updates the doma n contro er To change the rep cat on po ng nterva , use the Dfsrd ag command

Managing Replication Groups Se ect a rep cat on group, and then use the Membersh ps, Connect ons, Rep cated Fo ders, and De egat on tabs of the DFS Management conso e to manage the rep cat on group, as d scussed n the fo ow ng st Note Click a column heading to change how Windows groups items in the view. To add

or remove columns, right-click the column heading and choose Add/Remove Columns.

Use the fo ow ng opt ons on the Membersh ps tab to v ew and manage the member servers for each rep cated fo der ■

To d sab e a member of the rep cat on group, r ght-c ck the member and then choose D sab e D sab e members that do not need to rep cate a spec fic rep cated fo der Do not d sab e members temporar y and then enab e them—do ng so causes rough y one k obyte of rep cat on traffic per fi e n the rep cated fo der and overwr tes a changes on the d sab ed member (See the “Confl ct Reso ut on Dur ng the In t a Rep cat on” s debar ear er n the chapter for more nformat on )

■

To de ete a member of the rep cat on group, r ght-c ck t and then choose De ete

■

To add a member server that part c pates n rep cat on, r ght-c ck the rep cat on group n the DFS Management conso e, choose New Member, and then use the New Member W zard to spec fy the oca path of the rep cated fo ders, connect ons, and schedu e

294 CHAPTER 12

Storage Management

■

To change the s ze of the confl ct or stag ng fo ders or to d sab e the retent on of deeted fi es, r ght-c ck the member, choose Propert es, c ck the Advanced tab, and then use the Quota boxes The confl ct fo der stores the “ os ng” fi es that W ndows de etes when t encounters two vers ons of the same fi e dur ng rep cat on as we as the most recent y de eted fi es n the rep cated fo der, and the stag ng fo der queues rep cat on data Note The default size of the staging folder is 4096 MB, but by increasing the size of

the staging folder, you can increase the performance of replication group members that replicate with a large number of replication partners or that contain large files that change often. Look for event ID 4208 in the DFS Replication event log; if this event appears multiple times in an hour, increase the staging folder size 20 percent until the event no longer appears frequently.

■

To create a report show ng the rep cat on hea th as we as RDC effic ency, r ght-c ck the rep cat on group, choose Create D agnost c Report, and then use the D agnost c Report W zard to create the report

■

To ver fy the rep cat on topo ogy, r ght-c ck the rep cat on group and then choose Ver fy Topo ogy

■

On the Connect ons tab, v ew and manage a rep cat on connect ons To add a new rep cat on connect on between two members of a rep cat on group, r ght-c ck the rep cat on group and choose New Connect on Then use the New Connect on d a og box to spec fy the send ng member, the rece v ng member, the schedu e, and whether to create a one-way rep cat on connect on or a two-way connect on

■

Use the fo ow ng opt ons on the Rep cated Fo ders tab to v ew and manage a rep cated fo ders ■

To add a new rep cated fo der to the rep cat on group, r ght-c ck the rep cat on group n the DFS Management conso e, choose New Rep cated Fo der, and then use the New Rep cated Fo der W zard to spec fy the pr mary member and the oca fo ders to rep cate

■

To om t certa n fi e types or subfo ders from rep cat on, c ck the Rep cated Fo ders tab, r ght-c ck the rep cated fo der, choose Propert es, and then use the F e F ter and Subfo der F ter boxes on the Genera tab

■

To share a rep cated fo der on the network and opt ona y add the fo der to a DFS namespace, r ght-c ck the rep cated fo der, choose Share And Pub sh In Namespace, and then use the Share Or Pub sh Rep cated Fo der W zard


CHAPTER 12 295

Note RDC increases processor utilization on the server, so you might want to dis-

able it on servers with slow processors or high-speed links, and in environments that replicate only new content or files smaller than 64 KB. To disable RDC on a connection, click the Connections tab, right-click the member, choose Properties, and then clear the Use Remote Differential Compression (RDC) check box. You can also change the minimum file size that RDC engages from the 64 KB default size by using the Dfsradmin ConnectionSet command. Monitor RDC statistics and CPU utilization before and after disabling RDC to verify that you reduce processor utilization enough to warrant the increased network traffic.

■

On the De egat on tab, v ew and manage adm n strat ve perm ss ons See “De egat ng Management Perm ss ons” n th s chapter for nformat on about the De egat on tab

Note To change the replication polling interval, which controls how often a server

checks for updated files, use the Dfsrdiag command.

Using File Server Resource Manager The F e Server Resource Manager (FSRM) s nsta ed as a ro e serv ce of the F e Serv ces Ro e and s made up of three too s ■

Storage Reports Management

■

Quota Management

■

F e Screen ng Management

These too s a ow adm n strators of W ndows Server 2008 fi e servers to keep track of storage growth and usage, as we as create hard or soft po c es m t ng the amount and type of fi es that users can save n spec fic fo ders Note In the SBS Console, you can set the size of individual users’ shared folders. Other

quotas you might want to set would be on public folders or central company resource folders.

Scheduling Storage Reports FSRM supports report ng n Dynam c Hypertext Markup Language (DHTML), HTML, Extended Markup Language (XML), Comma-Separated Va ues (CSV) text, or p a n text, mak ng t easy to v ew reports or process them us ng scr pts, M crosoft Office Exce , or other app cat ons

296 CHAPTER 12

Storage Management

FSRM can search and report on the fo ow ng fi es and events Add t ona reports can be defined and nc uded n the st ■

Dup cate fi es

■

F e-screen ng aud t

■

F es by fi e group

■

F es by owner

■

Large fi es

■

Least-recent y accessed fi es

■

Most-recent y accessed fi es

■

Quota usage

F e Server Resource Manager s automat ca y nsta ed when you nsta W ndows SBS 2011 To use t, you need on y open Server Manager from the Adm n strat ve Too s menu and then fo ow these steps 1. In the eft pane, expand Ro es, then F e Serv ces, then Share And Storage Manage-

ment, and then F e Server Resource Manager 2. R ght-c ck Storage Reports Management and se ect Schedu e A New Report Task

(shown n F gure 12-7)

Figure 12-7 Start ng a new report

3. The Storage Reports Task Propert es d a og box opens (shown n F gure 12-8)

Using File Server Resource Manager

CHAPTER 12 297

Figure 12-8 Conf gur ng a storage report

4. In the Scope sect on of the d a og box, c ck Add to se ect the oca fo ders that you

want to mon tor 5. In the Report Data sect on of the d a og box, se ect the reports that you want to gen-

erate To v ew the sett ngs for a se ected reports, c ck Rev ew Se ected Reports To adjust the sett ngs for a report, se ect the report and then c ck Ed t Parameters 6. In the Report Formats sect on of the d a og box, se ect the formats n wh ch you want

to generate the reports 7. C ck the De very tab, se ect the Send Reports To The Fo ow ng Adm n strators check

box, and type the ema addresses of the adm n strators who shou d rece ve the storage reports, us ng a sem co on to separate addresses 8. C ck the Schedu e tab and then c ck Create Schedu e In the Schedu e d a og box

(shown n F gure 12-9), set the date and t me for the report to be generated

298 CHAPTER 12

Storage Management

Schedule your storage reports during slack times to minimize the impact on users, and combine reports whenever possible. Because all storage reports in a storage report task use the same snapshot, you can minimize the performance impact on a server by consolidating your reports to minimize the number of snapshots required.

Using Directory Quotas One way to s ow the growth of storage on a network s to m t the amount of d sk space each user can use on a server SBS 2011 prov des two ways of do ng th s d sk quotas and d rectory quotas D rectory quotas a ow you to manage storage at a fo der eve You can create quota temp ates and auto quotas that W ndows automat ca y app es to subfo ders and new y created fo ders D rectory quotas, un ke d sk quotas, ook at the actua amount of d sk space used by a fi e and prov de powerfu not ficat on capab t es D rectory quotas app y to a users as a group; d sk quotas app y to nd v dua users Both d rectory quotas and d sk quotas app y to a s ng e server Quotas can use e ther hard m ts, wh ch prevent users from exceed ng the r quotas, or soft m ts, wh ch prov de on y a warn ng and not ficat on Note Directory quotas are preferred in Windows SBS 2011. If you choose to use disk quo-

tas, you can set them by opening a disk’s Properties dialog box and clicking the Quota tab.

Directory Quota Types D rectory quotas come n three var et es ■

Quotas Sets the tota amount of d sk space that a fo der and all subfolders can consume For examp e, f you create a quota that m ts the \Users fo der to 10 GB, the tota contents of th s fo der and a subfo ders cannot exceed 10 GB n s ze If one user uses 9 GB of fi e space, a the other users comb ned are m ted to 1 GB

■

Auto Quotas Sets the amount of d sk space that the first- eve subfo ders (ch d fo ders) of a fo der can consume For examp e, f you create an auto quota for the \Users fo der and set the m t at 2 GB, each first eve of subfo der (for examp e, \Users\ Char e; \Users\Wa y) s m ted to 2 GB n s ze An auto quota does not set a m t on the contents of the parent fo der, on y the subfo ders (ch d fo ders)

■

Quota Templates Standard zes and centra zes quota and auto quota sett ngs When you change the sett ngs of a quota temp ate, you can automat ca y app y the changes to a quotas that use the quota temp ate you change

300 CHAPTER 12

Storage Management

Note Directory quotas work only on fixed NTFS volumes; you cannot use directory quo-

tas on removable drives or FAT volumes.

Creating Quotas and Auto Quotas To create a quota or auto quotas, fo ow these steps To create a quota temp ate, see the “Creat ng and Ed t ng Quota Temp ates” sect on ater n th s chapter 1. In the F e Server Resource Manager, expand Quota Management 2. R ght-c ck Quotas n the conso e tree and choose Create Quota 3. The Create Quota d a og box opens, as shown n F gure 12-10

Figure 12-10 Creat ng a quota


CHAPTER 12 301

4. C ck Browse, se ect the fo der to wh ch you want to app y a quota, and then c ck OK 5. To create a quota that m ts the s ze of a fo der, nc ud ng a subfo ders, se ect the

Create Quota On Path opt on To create an auto quota, wh ch m ts the s ze of subfo ders nd v dua y (usefu for sett ng quotas on the \Users fo der), se ect the Auto App y Temp ate And Create Quotas On Ex st ng And New Subfo ders opt on 6. Se ect the quota temp ate you want to app y, or choose Define Custom Quota Proper-

t es and c ck Custom Propert es to create a custom quota (You cannot create custom quotas for auto quotas ) C ck Create when you are fin shed 7. If you chose to create a custom quota, the Save Custom Propert es As A Temp ate

d a og box appears Use th s d a og box to save the custom quota as a quota temp ate, or choose Save The Custom Quota W thout Creat ng A Temp ate 8. To create a d rectory auto quota from a command prompt, use the D rquota Quota

Add command For examp e, open a command prompt w ndow and then type the fo ow ng command Dirquota AutoQuota Add /Path:E:\Users /SourceTemplate:”200 MB Limit Reports To User” /Remote:Srv1

Note Use quota templates instead of custom quotas whenever possible. A quota tem-

plate allows you to make changes to the template that apply to all quotas derived from the template. For example, to change the administrator email address for all quotas on a server, edit the appropriate quota templates and then apply these changes to all quotas. This eliminates the need to manually update each quota.

Viewing and Managing Quotas To v ew the part cu ars of a quota, h gh ght t n the F e Server Resource Manager and v ew the deta s n the ower pane as shown n F gure 12-11

302 CHAPTER 12

Storage Management

Figure 12-11 V ew ng the deta s of an nd v dua quota

Use the fo ow ng sect ons for add t ona quota management ■

To fi ter the d sp ay by quota type or path, c ck the F ter hyper nk and then use the Quota F ter d a og box

■

To d sab e a quota, r ght-c ck the quota and se ect D sab e Quotas To enab e a quota, r ght-c ck the quota and se ect Enab e Quotas

■

To reset the peak-usage data, se ect the quota, r ght-c ck, and se ect Reset Peak Usage

Creating and Editing Quota Templates Quota temp ates enab e you to qu ck y app y standard zed quota sett ngs, as we as s mu taneous y update a quotas that make use of a temp ate—when you ed t a quota temp ate, W ndows g ves you the opt on to update a quotas based on the temp ate To create or ed t a quota temp ate, fo ow these steps 1. In the F e Server Resource Manager conso e, r ght-c ck Quota Temp ates and choose

Create Quota Temp ate, or r ght-c ck an ex st ng quota temp ate and choose Ed t Temp ate Propert es To create a quota temp ate based on an ex st ng quota, r ght-c ck the quota and choose Create Quota From Temp ate


CHAPTER 12 303

2. To base the temp ate on an ex st ng temp ate, n the Create Quota Temp ate d a og box

choose a temp ate from the Copy Propert es From Quota Temp ate box and then c ck Copy, as shown n F gure 12-12

Figure 12-12 Creat ng a quota temp ate

3. Type a name and abe for the temp ate n the Temp ate Name and Labe boxes 4. In the L m t box, type the max mum amount of d sk space each user can ut ze n the

spec fied fo der 5. Choose Hard Quota to prevent users from exceed ng the m t you spec fy, or Soft

Quota to use the quota on y for mon tor ng

304 CHAPTER 12

Storage Management

6. In the Not ficat on Thresho ds sect on of the d a og box, c ck Add to create a new not -

ficat on, or se ect an ex st ng not ficat on, and then c ck Ed t to open the propert es for the thresho d, as shown n F gure 12-13

Figure 12-13 Not f cat on opt ons for a quota temp ate

7. In the Generate Not ficat ons When Usage Reaches box, spec fy when to not fy users

A typ ca configurat on s to use three not ficat on thresho ds, wh ch are often set at 85 percent, 95 percent, and 100 percent


CHAPTER 12 305

8. Spec fy what act ons to take when a user exceeds the thresho d you spec fy, and c ck

OK when you are fin shed ■

Use the E-Ma Message tab to send an ema not ficat on to users who exceed the thresho d (You can a so choose to send the not ficat on to an adm n strator ) Use the E-Ma Message sect on of the tab to custom ze the message that W ndows generates

■

Use the Event Log tab to record a og entry on the server when a user exceeds the thresho d

■

Use the Command tab to run a command or scr pt when a user exceeds the thresho d

■

Use the Report tab to generate a storage report when a user exceeds the thresho d

More Info See the “Scheduling Storage Reports” section earlier in this chapter for

more information about storage reports.

9. C ck OK when you’re fin shed If you’re ed t ng an ex st ng temp ate, the Update Quo-

tas Der ved From Temp ate d a og box opens Choose one of the fo ow ng opt ons and then c ck OK ■

Apply Template Only To Derived Quotas That Match The Original Template Updates quotas based on the quota temp ate on y f you have not custom zed them

■

Apply Template To All Derived Quotas Updates a quotas based on the quota temp ate

■

Do Not Apply Template To Derived Quotas Does not update any quotas based on the temp ate

Screening Files Adm n strators who use storage reports for the first t me are often surpr sed, and occas ona y d smayed, at how many aud o and v deo fi es they find on fi e servers In add t on to the mass ve amounts of d sk space that aud o and v deo fi es consume, organ zat ons can be exposed to ega ab ty f these fi es are obta ned or shared ega y

306 CHAPTER 12

Storage Management

Figure 12-14 Creat ng a f e screen

3. C ck Browse, se ect the fo der to wh ch you want to app y the fi e screen, and then c ck

OK 4. Se ect the fi e screen temp ate you want to app y, or choose Define Custom F e Screen

Propert es and then c ck Custom Propert es to create a custom fi e screen C ck OK when you are fin shed 5. If you chose to create a custom fi e screen, the Save Custom Propert es As A Temp ate

d a og box appears Use th s d a og box to save the custom fi e screen as a fi e screen temp ate, or choose Save The Custom F e Screen W thout Creat ng A Temp ate

Creating Exceptions To create an except on to a fi e screen, fo ow these steps 1. C ck the F e Screens conta ner, r ght-c ck F e Screens n the conso e tree, and choose

Create F e Screen Except on The Create F e Screen Except on d a og box appears, as shown n F gure 12-15

308 CHAPTER 12

Storage Management

Figure 12-15 Creat ng f e except ons

2. C ck Browse, se ect the fo der to wh ch you want to app y the fi e screen except on,

and then c ck OK The fo der you se ect cannot a ready conta n a fi e screen, but t can be a subfo der of a fo der that conta ns a fi e screen 3. Se ect the groups that you want to a ow, exc ud ng them from any fi e screens app ed

to parent fo ders C ck OK when you are fin shed to return to the F e Server Resource Manager conso e

Creating and Editing File Screen Templates To create or ed t a fi e screen temp ate, fo ow these steps 1. In the F e Server Resource Manager conso e, r ght-c ck F e Screen Temp ates and

choose Create F e Screen Temp ate, or r ght-c ck an ex st ng temp ate and choose Ed t Temp ate Propert es To create a fi e screen temp ate based on an ex st ng fi e screen, r ght-c ck the fi e screen and choose Create A Temp ate From F e Screen


CHAPTER 12 309

2. To base the temp ate on an ex st ng temp ate, n the Create F e Screen Temp ate d a og

box, choose a temp ate from the Copy Propert es From Temp ate box, as shown n F gure 12-16 C ck Copy

Figure 12-16 Work ng w th a f e screen temp ate

3. Type a name and abe for the temp ate n the Temp ate Name box 4. Choose Act ve Screen ng to prevent users from sav ng fi es of the type you spec fy, or

choose Pass ve Screen ng to use the fi e screen on y for mon tor ng 5. Se ect the fi e group or groups that you want to b ock To create a new fi e group, c ck

Create; to ed t an ex st ng fi e group, se ect the group and then c ck Ed t

310 CHAPTER 12

Storage Management

6. Spec fy what act ons to take when a user saves a screened fi e type, and then c ck OK ■

Use the E-Ma Message tab to send an ema not ficat on to the user who saved a screened fi e type (You can a so choose to send the not ficat on to an adm n strator ) Use the E-Ma Message sect on of the tab to custom ze the message that W ndows generates

■

Use the Event Log tab to record a og entry on the server when a user saves a screened fi e type

■

Use the Command tab to run a command or scr pt when a user saves a screened fi e type

■

Use the Report tab to generate a storage report when a user saves a screened fi e type See the “Schedu ng Storage Reports” sect on of th s chapter for more nformat on about storage reports

7. If you are ed t ng an ex st ng temp ate, the Update F e Screens Der ved From Temp ate

d a og box appears Choose one of the fo ow ng opt ons and then c ck OK ■

Apply Template Only To Derived File Screens That Match The Original Template Updates fi e screens based on the quota temp ate on y f you have not custom zed them

■

Apply Template To All Derived File Screens Updates a fi e screens based on the quota temp ate

■

Do Not Apply Template to Derived File Screens Does not update any fi e screens based on the temp ate

Working with File Groups A fi e group s a group of fi es w th a common set of character st cs n the r fi e names For examp e, the Aud o and V deo fi e group nc udes aud o fi es (w th mp3, wma, and aac fi e extens ons), and v deo fi es (w th wmv, mpeg, and mov fi e extens ons) Storage reports use fi e groups when report ng on the types of fi es present on a fi e share, wh e fi e screen ng uses fi e groups to contro wh ch fi es to b ock To create or ed t a fi e group, fo ow these steps 1. In the F e Server Resource Manager conso e, se ect F e Screen ng Management 2. R ght-c ck the F e Groups conta ner and choose Create F e Group The Create F e

Group Propert es d a og box opens, as shown n F gure 12-17


CHAPTER 12 311

Figure 12-17 Creat ng a f e group

3. Type a name for the fi e group n the F e Group Name box 4. In the F es To Inc ude box, type the fi e-name cr ter a to nc ude n the group Use

aster sks (*) as w dcards and then c ck Add 5. To exc ude fi es from the fi e group, type the fi e-name cr ter a to exc ude from the fi e

group n the F es To Exc ude box C ck OK

312 CHAPTER 12

Storage Management

CHAPTER 13

Installing and Managing Printers A

s much as everyone wou d ke to have a paper ess office, t appears we’ a be much grayer (or ba der, or both) before that comp ete y comes to pass Office paper consumpt on peaked n 1999, and s nce then the quant t es of waste n the office paperrecyc ng b n have eve ed off and n some p aces they have actua y begun to shr nk— s ght y However, even f few are pr nt ng out the r ema s before read ng them, paper rema ns at the center of many bus ness operat ons The cost of bas c pr nters has dec ned dramat ca y, and compan es are nvest ng n soph st cated h gh-speed pr nters that a ow users to hand e jobs that once requ red an outs de pr nt shop These pr nters are expens ve both to buy and to use Therefore, pr nter shar ng rema ns an mportant funct on of enterpr se networks Sett ng up mu t p e users to share pr nters reduces cost and can mprove pr nt ng output You can d rect rout ne work to ow-cost-per-page pr nters, schedu e ong pr nt jobs for off-hours, and m t access to h gh-end pr nters In other words, there’s not much you can do to keep peop e from pr nt ng out the occas ona grocery st or soccer schedu e, but you can prevent them from do ng t on the fu -co or aser pr nter w th toner cartr dges that cost as much as a new pr nter

Understanding Print Servers Print servers are computers (or somet mes network app ances) that manage the commun cat ons between pr nters and the c ent computers generat ng the pr nt jobs Genera y, there are two approaches to pr nt servers The M crosoft approach s to use a W ndows computer as an “ nte gent” pr nt server that hand es commun cat on between the pr nters and the c ent computers (reduc ng stra n on the c ents), and ma nta ns a common pr nt queue for a c ents M crosoft pr nt servers a so make t easy to find pr nters on the network by name (NetBIOS, DNS, or Act ve D rectory) and nsta the appropr ate pr nter dr vers In contrast, other operat ng systems, such as L nux, and pr nters w th bu t- n network nterfaces use a re at ve y “dumb” pr nt server ca ed the L ne Pr nter Daemon (LPD),

315

Naming Printers An effect ve pr nter-nam ng convent on s mportant to ensure that users can eas y dent fy pr nters on the network When creat ng a pr nter-nam ng convent on, cons der the fo ow ng ■

The printer name can be any ength up to 220 characters, wh ch s p enty of room for any scheme you dev se Of course, the name shou d a so be as short as poss b e w thout sacr fic ng c ar ty

■

The share name s the name that a c ents see when they browse for a pr nter, use the Add Pr nter W zard, or use the Net Use command The share name can be up to 80 characters ong, but aga n t shou d be shorter for readab ty Some o der app cat ons cannot pr nt to pr nters w th fu y qua fied pr nter share names (the computer name and pr nter share name comb ned) that exceed 31 characters, or to pr nt servers where the defau t pr nter’s share name exceeds 31 characters C ents us ng other operatng systems m ght a so have troub e w th names onger than 31 characters or names conta n ng spaces or other spec a characters But whether you have to dea w th such app cat ons or not, shorter s genera y better

Naming Printer Locations In sma organ zat ons, find ng pr nters s easy—just stand up and ook around or ask the person s tt ng next to you Th s doesn’t work as we n arger organ zat ons where pr nters have vary ng capab t es and m ght be w de y scattered Under these c rcumstances, users need to be ab e to browse or search for pr nters based on the cr ter a they want, nc ud ng pr nter features and pr nter ocat on Locat on names are s m ar n form to doma n names and use the name/name/name… syntax They start w th the most genera ocat on name and become progress ve y more spec fic Each part name can have a max mum of 32 characters and can conta n any characters except the forward s ash (/), wh ch W ndows reserves as a de m ter Keep the nam ng convent on s mp e and easy to understand End users are usua y nterested n the answer to on y one quest on “Where’s my pr ntout?” Des gn/ArtStud o/HPOfficeJetE809 s one examp e of a c ear ocat on name, as s Market ng/D rectMa /R cohProofing

318 CHAPTER 13


Adding and Sharing a Network Printer To add a network pr nter to your W ndows SBS 2011 network, fo ow the nstruct ons prov ded by the manufacturer of the pr nter If the spec fic nstruct ons are ong gone, make sure you have the dr vers you need (you can down oad them from the manufacturer’s webs te, f necessary) and fo ow these steps 1. Make the phys ca connect on between the pr nter and a network jack us ng a network

cab e 2. Turn the pr nter on (If the pr nter s a ready on, turn t off and then on aga n ) 3. From the computer runn ng W ndows SBS 2011, se ect DHCP from the Adm n strat ve

Too s menu 4. In the DHCP task pane, expand IPv4, expand Scope, and then expand Address Leases

under your doma n name Locate the DHCP address ass gned to the new pr nter (shown n F gure 13-1), and make a note of t

Figure 13-1 Locat ng the ass gned TCP/ P address for a network pr nter

5. Se ect Contro Pane from the Start menu Under the Hardware head ng, c ck V ew

Dev ces And Pr nters 6. In the Pr nters w ndow, se ect Add A Pr nter 7. In the Add Pr nter d a og box, se ect Add A Loca Or Network Pr nter As An Adm n stra-

tor (shown n F gure 13-2)

320 CHAPTER 13


Figure 13-2 Choos ng the Add Pr nter opt on

8. In the next d a og box, under What K nd Of Pr nter Do You Want To Insta , se ect Add

A Loca Pr nter 9. In the Choose A Pr nter Port d a og box, se ect Create A New Port and se ect Standard

TCP/IP Port from the drop-down st C ck Next 10. In the Type A Pr nter Hostname Or IP Address d a og box, type n the IP address you

noted n step 4 The Port Name s automat ca y fi ed n (See F gure 13-3 ) C ck Next

Figure 13-3 Enter ng the pr nter P address

Note To query the printer and automatically select the driver to use, leave the check

box selected. If Windows SBS 2011 already has built-in drivers for the printer, you won’t need to provide additional ones.

Installing Printers

CHAPTER 13 321

11. W ndows SBS 2011 contacts the pr nter and d sp ays the Insta The Pr nter Dr ver d a-

og box Choose the manufacturer name from the st on the eft and the pr nter mode from the st on the r ght C ck Next Note A designation (MS) next to the printer name indicates that the driver is part of

Windows SBS 2011. If your printer needs multiple drivers (such as Postscript in addition to PCL), click Have Disk and point to the location of the drivers.

12. In the Type A Pr nter Name d a og box, accept or rev se the pr nter name The pr nter

w

be set as the defau t pr nter un ess you c ear the check box C ck Next

13. In the Pr nter Shar ng d a og box, accept or rev se the share name Add a ocat on and

comments f wanted C ck Next 14. The successfu nsta at on s announced (as shown n F gure 13-4) Pr nt a test page to

confirm that a

s we C ck F n sh

Figure 13-4 The successfu nsta at on s dec ared

Showing a Shared Printer in Windows SBS Console Even after a network pr nter s successfu y nsta ed and shared, t st m ght not appear n the Dev ces st under the Network tab of W ndows SBS Conso e If that’s the case, fo ow these steps

322 CHAPTER 13


1. Open W ndows SBS Conso e, c ck Network and then c ck Dev ces 2. In the Tasks Pane, c ck Refresh Th s V ew If the pr nter s st

not sted, c ck L st A

Shared Pr nter In Th s Conso e 3. In the Show Shared Pr nter In The Conso e d a og box, prov de the network path for

the shared pr nter or c ck Browse to ocate the pr nter 4. When the \\computer\share path s d sp ayed as shown n F gure 13-5, c ck OK

Figure 13-5 Enter ng a shared pr nter s network address

5. In the W ndows SBS Conso e, c ck Refresh Th s V ew n the Tasks st The pr nter ap-

pears n the st of pr nters Now you can manage th s pr nter from the W ndows SBS Conso e R ght-c ck the pr nter name to v ew pr nter jobs Or se ect Pr nter Propert es to v ew and mod fy pr nter sett ngs

Installing Printers

CHAPTER 13 323

Sharing Locally Connected Printers If you’re us ng a USB or IEEE 1394 (F reW re) connect on to the pr nter, as soon as you p ug the pr nter nto the server, W ndows automat ca y detects, nsta s, and shares the pr nter on the network, and a so pub shes t n Act ve D rectory (a though you m ght be prompted for dr vers)

Sharing a Printer Connected to a Windows Vista Computer From the computer runn ng W ndows V sta, c ck Start and then fo ow these steps 1. Se ect Contro Pane and then c ck Pr nters or Hardware And Sound\Pr nters 2. R ght-c ck the pr nter you want to share and se ect Propert es 3. On the Shar ng tab, c ck Change Shar ng Opt ons 4. C ck Share Th s Pr nter as shown n F gure 13-6, and se ect the check boxes for Render

Pr nt Jobs On C ent Computers and L st In The D rectory

Figure 13-6 Shar ng a oca pr nter w th other users

5. C ck the Genera tab In the Locat on text box, enter a descr pt on of the pr nter’s oca-

t on Add any notes n the Comment sect on C ck App y 6. C ck Pr nt Test Page to ver fy that the pr nter s correct y attached

On the W ndows SBS Conso e, c ck Network and then Dev ces The pr nter appears n the Pr nters st

324 CHAPTER 13


Sharing a Printer Connected to a Windows XP Computer From the computer runn ng W ndows XP, c ck Start and then fo ow these steps 1. Se ect Contro Pane and then c ck Pr nters And Faxes 2. In the task pane, c ck Add A Pr nter to start the Add A Pr nter W zard Fo ow the n-

struct ons to comp ete the w zard 3. In the deta s pane, r ght-c ck the pr nter and se ect Propert es 4. On the Shar ng tab, c ck Share Th s Pr nter, and then c ck L st In The D rectory Ver fy

that Render Pr nt Jobs On C ent Computers s se ected 5. C ck the Genera tab In the Locat on area, type the phys ca ocat on of the pr nter 6. C ck App y

On the server, open the SBS Conso e C ck Network and then c ck Dev ces Confirm that the pr nter s nc uded n the Pr nters st

Sharing a Printer Connected to a Windows 7 Computer From the computer runn ng W ndows 7, c ck Start and then fo ow these steps 1. C ck Contro Pane and then c ck Dev ces And Pr nters 2. R ght-c ck the pr nter you want to share and se ect Propert es 3. On the Shar ng tab, c ck Change Shar ng Opt ons 4. C ck Share Th s Pr nter, and se ect the check boxes for Render Pr nt Jobs On C ent

Computers 5. C ck the Genera tab In the Locat on text box, enter a descr pt on of the pr nter’s oca-

t on Add any notes n the Comment sect on C ck App y 6. On the W ndows SBS Conso e nav gat on bar, c ck Network and then c ck Dev ces The

pr nter w

appear n the Pr nters st

Adding Client Drivers for Shared Printers Before a shared pr nter can be used by c ents of a d fferent arch tecture, such as x64 ed t ons of W ndows, you need to add the dr vers for the pr nter to SBS Th s sn’t automat c when n t a y shar ng a pr nter, so you’ need to add the necessary c ent dr vers after the shared pr nter s created To nsta dr vers for c ents of d fferent arch tectures, fo ow these steps 1. Open the W ndows SBS Conso e, c ck Network and then c ck Dev ces R ght-c ck the

pr nter and se ect Pr nter Propert es 2. C ck the Shar ng tab and then c ck the Add t ona Dr vers button 3. In the Add t ona Dr vers d a og box, shown n F gure 13-7, se ect the check box next to

any c ent dr vers to be nsta ed and then c ck OK To nsta add t ona c ent dr vers,

Adding Client Drivers for Shared Printers

CHAPTER 13 325

you need access to the nsta at on fi es for the appropr ate dr ver vers on e ther oca y or across the network

Figure 13-7 Se ect ng add t ona pr nter dr vers to nsta

4. SBS w

prompt you for the ocat on of the appropr ate dr vers for the pr nter

5. C ck OK through the next d a og boxes to nsta the dr vers

Managing Printers from Windows SBS To manage pr nt jobs, open W ndows SBS Conso e C ck Network and then c ck Dev ces R ght-c ck the pr nter you want to manage and se ect Pr nter Jobs from the shortcut menu From there, you can choose to do any of the fo ow ng tasks ■

To temporar y stop a single document from pr nt ng, r ght-c ck the se ected document and choose Pause from the shortcut menu To resume pr nt ng, r ght-c ck the document and choose Resume

■

To temporar y stop all documents from pr nt ng, choose Pause Pr nt ng from the Pr nter menu To resume pr nt ng a documents, se ect Pause Pr nt ng a second t me from the Pr nter menu

■

To cance one or more pr nt jobs, se ect the documents, r ght-c ck, and choose Cance from the shortcut menu (You can a so cance pr nt jobs by se ect ng them and press ng the De ete key )

326 CHAPTER 13


■

To cance all pr nt jobs n the pr nt queue, choose Cance A Documents from the Pr nter menu

■

To restart a pr nt job (force the document to pr nt from the beg nn ng aga n), r ghtc ck the document and choose Restart from the shortcut menu

■

To change the pr or ty of a pr nt job, r ght-c ck the pr nt job, choose Propert es from the shortcut menu, and then use the Pr or ty s der to adjust the pr or ty of the document, w th 1 be ng the owest pr or ty and 99 be ng the h ghest pr or ty

■

To spec fy that a pr nt job shou d be pr nted on y dur ng a certa n per od, r ght-c ck the pr nt job, choose Propert es from the shortcut menu, se ect the On y From opt on, and choose the t me range to a ow the document to pr nt Th s feature s usefu when you want to set a arge document to pr nt on y dur ng a t me when you ant c pate the pr nter to be free

Managing Printers from the Command Line W ndows SBS 2011 makes commandne adm n strat on a most pract ca for those who are so nc ned You can perform a most a adm n strat on tasks from a command ne—pr nter tasks nc uded Use the fo ow ng st of commands and scr pts to get started ■

Print Pr nts the spec fied text fi e to the spec fied pr nter

■

Lpr Pr nts the spec fied text fi e to the spec fied LPD pr nt queue

■

Net print D sp ays nformat on about the spec fied pr nt queue or pr nt job It can a so ho d, re ease, or de ete pr nt jobs

■

Lpq D sp ays nformat on about the spec fied LPD pr nt queue

■

Net start Starts the spec fied serv ce You can use the Net start spoo er and Net stop spoo er commands to start or stop the spoo er serv ce

■

Cscript %Windir%\System32\Printing Admin Scripts\en-US\Prrnmngr.vbs Adds, de etes, or sts pr nters on a W ndows pr nt server

■

Cscript %Windir%\System32\ Printing Admin Scripts\en-US\Prrnjobs.vbs Lets you v ew and manage the pr nt jobs of pr nter shares on a W ndows pr nt server

■

Cscript %Windir%\System32\ Printing Admin Scripts\en-US\Prrncfg.vbs A ows you to v ew and change the sett ngs of pr nters on a W ndows pr nt server

■

Cscript %Windir%\System32\ Printing Admin Scripts\en-US\Prrnqctl.vbs Pauses or resumes pr nt ng, c ears the pr nt queue, or pr nts test pages

■

Cscript %Windir%\System32\ Printing Admin Scripts\en-US\Prrnport.vbs Adm n sters a th ngs re ated to pr nter ports

■

Cscript %Windir%\System32\ Printing Admin Scripts\en-US\Prrndrvr.vbs Adds, de etes, or sts pr nter dr vers on a W ndows pr nt server

Adding Client Drivers for Shared Printers

CHAPTER 13 327

Note To view a list of parameters, type the command followed by /? at a command

prompt.

Setting Security Options Secur ty opt ons come nto p ay when you have a range of pr nters that are separate but not at a equa For examp e, you m ght not want everyone to pr nt to the five-do ar-per-page, dye-sub mat on pr nter purchased for the art staff At a more down-to-earth eve , secur ty sett ngs can preserve pr nter propert es or pr nt ng pr or t es from unauthor zed changes To set perm ss ons on a pr nter, r ght-c ck the pr nter, choose Pr nter Propert es, and then use the Secur ty tab to ass gn perm ss ons to groups of users C ck Advanced to exert finer contro over perm ss ons or to enab e aud t ng You can v ew the resu ts of the aud t sett ngs n the secur ty og A pr nter has three eve s of perm ss ons Pr nt, Manage Documents, and Manage Pr nters These are defined as fo ows ■

Print Users or groups w th Pr nt perm ss on can connect to the pr nter; pr nt documents; and pause, restart, or de ete the r own documents from the pr nt queue W ndows, by defau t, grants members of the Everyone group the Pr nt perm ss on

■

Manage Documents Users or groups w th Manage Documents perm ss on have the Pr nt perm ss on a ong w th the ab ty to change the sett ngs for a documents n the pr nt queue and to pause, restart, and de ete any user’s documents from the pr nt queue W ndows grants the Creator/Owner group the Manage Documents perm ss on eve by defau t

■

Manage Printers Users or groups w th Manage Pr nters perm ss on have the Manage Documents and Pr nt perm ss ons a ong w th the ab ty to mod fy pr nter propert es, de ete pr nters, change pr nter perm ss ons, and take ownersh p of pr nters

Determining Printer Availability To set up a pr nter to be ava ab e on y dur ng certa n t mes—perhaps to d scourage afterhours pr nt ng—comp ete the fo ow ng steps 1. In the SBS Conso e, r ght-c ck the pr nter you want to mod fy and se ect Pr nter Prop-

ert es from the shortcut menu 2. C ck the Advanced tab, and then c ck Ava ab e From 3. Se ect the ear est and atest t mes the pr nter s to be ava ab e to users, and then

c ck OK

328 CHAPTER 13


Group Priorities and Printer Availability Chang ng pr nter ava ab ty as just descr bed changes the pr nter use t mes for everyone and makes no further restr ct ons W th a few add t ona steps, you can set up a pr nter so that pr nt jobs subm tted by some users pr nt before jobs subm tted by other users; for examp e, you can g ve pr or ty to managers or groups w th t ght dead nes You can a so reserve a pr nter for exc us ve use by certa n groups dur ng certa n t mes; for examp e, you can reserve a pr nter outs de of norma bus ness hours so that the groups you spec fy can pr nt arge, h gh-pr or ty pr nt jobs To contro ava ab ty or group pr or ty, create two or more og ca pr nters for a s ng e phys ca pr nter, g ve each og ca pr nter a d fferent pr or ty and/or make t ava ab e at d fferent t mes, and g ve d fferent sets of users or groups perm ss on to pr nt to each og ca pr nter

Creating a Logical Printer To create a og ca pr nter, fo ow these steps 1. Se ect Contro Pane from the Start menu Under Hardware, c ck V ew Dev ces And

Pr nters 2. From the F e menu, se ect Add A Pr nter Note If the menu bar isn’t visible in the Printers window, press Alt to display it.

3. In the Add Pr nter d a og box, se ect Add A Loca Or Network Pr nter As An

Adm n strator 4. In the next Add Pr nter d a og box, se ect Add A Loca Pr nter 5. In the Choose A Pr nter Port d a og box, c ck Use An Ex st ng Port, se ect the port that

the phys ca pr nter s on, and then c ck Next 6. In the Insta The Pr nter Dr ver d a og box, choose the manufacturer name from the st

on the eft and the pr nter mode from the st on the r ght C ck Next 7. Choose the vers on of the dr ver you want to use and c ck Next 8. G ve the pr nter a name that descr bes ts funct on or who uses t C ck Next 9. In the Pr nter Shar ng d a og box, prov de the ocat on and add t ona comments f

wanted C ck Next

Configuring Usage of the Logical Printer When the og ca pr nter ex sts, you next configure how t s used and by whom Open Contro Pane and fo ow these steps 1. Under Hardware, se ect V ew Pr nters And Dev ces 2. R ght-c ck the og ca pr nter and se ect Pr nter Propert es

Setting Security Options

CHAPTER 13 329

3. C ck the Secur ty tab, and ass gn perm ss ons to the users or groups that w

have

spec a access to th s pr nter 4. C ck the Advanced tab (shown n F gure 13-8) If the og ca pr nter s to be ava ab e

on y at certa n t mes, se ect Ava ab e From and set the t mes 5. To change the pr or ty of the users and groups that use th s og ca pr nter, type a num-

ber n the Pr or ty st box The pr or ty range goes from 1, wh ch s the owest pr or ty, to 99, wh ch s the h ghest pr or ty

Figure 13-8 Advanced pr nter sett ngs

6. C ck OK, and repeat the process for a other og ca pr nters you created for the

pr nter

Viewing the Logical Printer in the SBS Console As when nsta ng a new pr nter, the og ca pr nter m ght not automat ca y appear n the st of network dev ces n the W ndows SBS Conso e If th s s the case when you v ew the Pr nters st, first c ck Refresh Th s V ew n the Tasks pane If the pr nter st doesn’t appear, fo ow these steps

330 CHAPTER 13


1. C ck L st A Shared Pr nter In Th s Conso e, and browse to the pr nter as shown n F gure

13-9

Figure 13-9 Se ect ng a pr nter to show n the Conso e

2. C ck Se ect and then c ck OK 3. In the W ndows SBS Conso e, c ck Refresh Th s V ew n the Tasks st The pr nter ap-

pears n the st of pr nters

Setting Up a Printer Pool A pr nter poo cons sts of mu t p e pr nters shar ng a s ng e dr ver and appears as a s ng e pr nter to users The advantage of us ng a pr nter poo s that c ents don’t need to ook for an ava ab e pr nter; they s mp y pr nt to the s ng e og ca pr nter on the pr nt server, wh ch then sends the pr nt job to the first ava ab e pr nter Adm n strat on of the pr nters s a so s mp fied because a pr nters n the pr nter poo are conso dated under one dr ver If you mod fy the propert es for the s ng e og ca pr nter, a phys ca pr nters n the pr nter poo use the same sett ngs

Setting Up a Printer Pool

CHAPTER 13 331

To set up a pr nter poo , comp ete the fo ow ng steps 1. Se ect Contro Pane from the Start menu Under Hardware, se ect V ew Pr nters And

Dev ces 2. R ght-c ck the first pr nter to be part of the poo and se ect Pr nter Propert es 3. C ck the Ports tab 4. Se ect the Enab e Pr nter Poo ng check box 5. To add pr nters to the pr nter poo , se ect the ports to wh ch the add t ona pr nters are

connected Important All printers in a printer pool must be able to use the same printer driver. If

they are not identical printer models, you can sometimes achieve this by careful selection of a printer driver that will support an acceptable level of functionality for several different but related printers.

Configuring Print Spooling Print spooling, or stor ng a pr nt job on d sk before pr nt ng, affects the actua pr nt ng speed as we as how c ents perce ve pr nt ng performance You can change the way pr nt spoo ng works to correct pr nt ng prob ems or to ho d pr nted documents n the pr nter queue for repeated pr nt ng To change the spoo sett ngs for a pr nter, r ght-c ck the pr nter you want to mod fy and se ect Pr nter Propert es C ck the Advanced tab to mod fy the spoo sett ngs The fo ow ng st descr bes the pr nt spoo sett ngs on the Advanced tab ■

Spool Print Documents So Program Finishes Printing Faster Spoo s the pr nt documents to the pr nt server, free ng the c ent to perform other tasks more qu ck y

■

Start Printing After Last Page Is Spooled Ensures that the ent re document s ava ab e to the pr nter when pr nt ng beg ns Th s step m ght correct some pr ntng prob ems, and t a so he ps h gh-pr or ty documents pr nt before ow-pr or ty documents

■

Start Printing Immediately Se ect th s opt on to reduce the t me t takes to pr nt a document

■

Print Directly To The Printer Turns off spoo ng, caus ng a performance h t on the server (though t m ght fix some pr nt ng prob ems)

■

Hold Mismatched Documents Ho ds documents n the queue that don’t match the current pr nter sett ngs (for examp e, documents that requ re ega -s ze paper when etter paper s current y n the pr nter) Other documents n the pr nt queue are unaffected by he d documents

332 CHAPTER 13


■

Print Spooled Documents First Pr nts the h ghest-pr or ty document that s a ready spoo ed first, ahead of h gher-pr or ty documents that are st spoo ng Th s step speeds overa pr nter throughput by keep ng the pr nter from wa t ng for documents

■ Keep

Printed Documents Keeps a copy of pr nt jobs n the pr nter queue n case users need to pr nt the document aga n In th s c rcumstance, the user can resubm t the document d rect y from the queue rather than pr nt ng from her app cat on a second t me

■

Enable Advanced Printing Features Enab es metafi e spoo ng and pr nter opt ons such as page order, book et pr nt ng, and pages per sheet ( f ava ab e on the pr nter) D sab e th s when you’re exper enc ng pr nter prob ems

Using the Fax Service As ong as you have an ema address and a scanner, you have no need for a fax mach ne or a fax modem N nety percent of faxes are documents generated by your computer and can therefore be sent by ema Other types of documents can be eas y scanned, saved as a fi e and…sent by ema If you must send faxes to rec p ents w th fax numbers but no ema , you can use an Internet-based fax serv ce for a few do ars per month If you do need to send and rece ve faxes, W ndows 2011 offers a way to send, rece ve, and manage them Th s sect on descr bes how to use the fax too s

Adding a Fax Modem To start and configure the fax serv ce, you must first nsta a fax modem Attach the fax modem to the computer and to the phone ne and then fo ow these steps 1. Open Contro Pane , and se ect Phone And Modem Opt ons Note If Phone And Modem Options is not visible, click View By and select Large Icons.

2. In the Phone And Modem Opt ons d a og box, c ck the Modems tab and then c ck

Add to start the Add Hardware W zard 3. Fo ow the nstruct ons on the Insta New Modem page W ndows w

automat ca y detect the modem you have attached un ess you se ect the Don’t Detect My Modem check box C ck Next

4. If W ndows does not detect your modem, se ect the type of modem from the Insta

New Modem d a og box (shown n F gure 13-10) C ck Next

Using the Fax Service

CHAPTER 13 333

Figure 13-10 Des gnat ng the type of modem to nsta

5. Se ect the port(s) for the modem C ck Next 6. W ndows nsta s the modem and not fies you of the successfu nsta at on C ck F n sh

Starting and Configuring the Fax Service When a fax modem has been nsta ed, you can start and configure the fax serv ce Open the W ndows SBS Conso e, c ck Network, c ck Dev ces, and then fo ow these steps 1. In the Tasks pane, c ck Start The Fax Serv ce 2. In the next d a og box (shown n F gure 13-11), you’re adv sed that the fax serv ce s

started but not configured C ck Yes to start the configurat on process

Figure 13-11 C ck Yes to run the Conf gure Fax Serv ce W zard

334 CHAPTER 13


3. Enter your Organ zat on’s Name, Phone Number, Fax Number, and Address for the fax

cover page C ck Next 4. Enter the Fax Header Text that w

pr nt on faxes you send (See F gure 13-12 ) C ck

Next

Figure 13-12 Enter ng a fax header

5. Se ect the modem to use for send ng faxes (If you nsta mu t p e modems, you can

ded cate some to send ng and others to rece v ng, f needed ) C ck Next 6. Se ect the modem to use for rece v ng faxes In the case of mu t p e modems, you can

configure d fferent de very opt ons for d fferent modems C ck Next 7. The fo ow ng four opt ons are ava ab e for rout ng ncom ng faxes (See F gure 13-13 )

You can use any or a of them ■

Route Through E-mail De ver faxes to the ema address or addresses spec fied

■

Store In A Document Library De ver faxes to a document storage area of your nterna webs te

■

Print Route a faxes to a spec fied pr nter

■

Store In A Folder De ver a faxes to a spec fied fo der

Using the Fax Service

CHAPTER 13 335

Figure 13-13 Choos ng the dest nat ons for ncom ng faxes

8. C ck Configure Fax when you’ve made your se ect ons

Managing Fax Users and Administrators By defau t, a users are added to the W ndows SBS Fax users group To change membersh p n th s group, open the W ndows SBS Conso e, se ect Network, and then se ect Dev ces In the Tasks pane, se ect Configure The W ndows SBS Fax Users Group Se ect Add Or Remove to change the membersh p C ck E-ma to add an ema address spec fica y for th s group S m ar y, you can c ck Configure The W ndows SBS Fax Adm n strator Group By defau t, a adm n strators are members of th s group C ck Add or Remove to change the membersh p of th s group C ck E-ma to add an ema address spec fica y for th s group

Summary Pr nt ng s an essent a serv ce on any network As de from actua network fa ure, few th ngs w generate as much unrest as the nab ty to pr nt documents In th s chapter, we’ve covered the fundamenta s of pr nter and fax adm n strat on, a ong w th suffic ent nformat on on p ann ng to keep your pr nt ng operat ons v ab e nto the future Next we move on to the equa y cr t ca subject of manag ng computers—and the r users—on the network

336 CHAPTER 13


With SBS 2011, this requirement becomes even clearer because the Premium Addon of SBS 2011 includes a second copy of Windows Server 2008 R2 and the right to install it on the SBS network. You can use this second server to support Microsoft SQL Server (the default behavior) or to support Remote Desktop Services, including RemoteApps—or you can use it as a secondary domain controller. Having a secondary domain controller sounds like a really good idea, but it can lead to complications when trying to recover from a catastrophic event. The primary reasons for having more than one domain controller (load balancing and geographic redundancy) make a lot of sense for a large organization, but really don’t make much sense for most small businesses. However, if you’re supporting a remote site, such as a branch office, using a secondary domain controller is a very good idea. We like to take advantage of the new Read-Only Domain Controller (RODC), introduced in Windows Server 2008, for that branch office.

Creating Computer Accounts Un ke prev ous vers ons of SBS, w th SBS 2011 you don’t need to create a computer account ahead of t me Instead, you (or the user of the computer) p ug the computer nto the SBS network, you’re ass gned an IP address from the DHCP server, and you’re then jo ned to the SBS doma n when you use the http://connect page to connect the c ent Or you can manua y run the Launcher exe app cat on from a USB key Before you try to connect a new computer to the network, first create the user account(s) that w have access to the computer Th s s mp fies the setup process for the computer account, and ensures that the correct user accounts are g ven perm ss on to og on to the new computer

Establishing Basic Network Connectivity The first step n connect ng a computer to an SBS network s to connect to the network and obta n a va d IP address Th s process s pretty s mp e p ug the computer nto an Ethernet sw tch on the network, and configure the system for Dynam c Host Contro Protoco (DHCP) W re ess c ents must first assoc ate w th an access po nt and prov de a WPA key

338 CHAPTER 14


Configuring Windows 7, Windows Vista, and Windows Server 2008 to Use DHCP By defau t, W ndows 7, W ndows V sta, and W ndows Server 2008 w use DHCP to configure TCP/IP, and you shou dn’t have to change anyth ng However, f the c ent has been set to use a fixed IP address, you can change t back to us ng DHCP by comp et ng the fo ow ng steps 1. Open the Network Connect ons fo der shown n F gure 14-1 The eas est way to get to

th s n W ndows 7 and W ndows V sta s to type ncpa cp n a command w ndow or n the Search fie d on the Start menu

Figure 14-1 The Network Connect ons fo der n W ndows 7

2. Se ect the network card, and r ght-c ck to open the Act on menu shown n F gure 14-2

Figure 14-2 The Act on menu for a network card

3. Se ect Propert es to open the propert es of the Loca Area Connect on, as shown n

F gure 14-3

Connecting Computers to the Network

CHAPTER 14 339

Figure 14-3 The Propert es d a og box of the Loca Area Connect on

4. Se ect Internet Protoco Vers on 4 (TCP/IPv4), and c ck Propert es to open the Internet

Protoco Vers on 4 (TCP/IPv4) Propert es page Se ect Obta n An IP Address Automat ca y and Obta n DNS Server Address Automat ca y, as shown n F gure 14-4

Figure 14-4 nternet Protoco Vers on 4 (TCP/ Pv4) Propert es page

5. C ck OK and then c ck C ose to configure the network connect on to use DHCP

340 CHAPTER 14


For W ndows Server 2008, the steps are much the same If your server needs to have a fixed IP address, e ther prov de a reservat on n DHCP (preferred) or ass gn a stat c IP address that s w th n the same subnet range as your SBS server and that s exc uded from the DHCP address range offered by SBS

Configuring Windows XP and Windows Server 2003 to Use DHCP By defau t, W ndows XP ( nc ud ng x64 Ed t on) and W ndows Server 2003 use DHCP to configure TCP/IP, and you shou dn’t have to change anyth ng However, f the computer has been set to use a fixed IP address, you can change t back to us ng DHCP by comp et ng the fo ow ng steps 1. In the Network Connect ons fo der (ava ab e n Contro Pane ), r ght-c ck the appropr -

ate network adapter (usua y Loca Area Connect on) and choose Propert es 2. In the Loca Area Connect on Propert es d a og box, se ect the Internet Protoco (TCP/

IP) component, and c ck Propert es to open the Internet Protoco (TCP/IP) Propert es d a og box, shown n F gure 14-5

Figure 14-5 The nternet Protoco (TCP/ P) Propert es d a og box n W ndows XP

3. Ver fy that the Obta n An IP Address Automat ca y and Obta n DNS Server Address

Automat ca y opt ons are se ected, and then c ck OK Note If your SBS environment includes more than one server, the secondary servers are

good candidates for static IP addresses. If you use a static IP address, configure the server with an IP address in the excluded IP address range of 192.168.yyy.3 through 192.168.yyy.9 (where yyy is the subnet used by your SBS network), or add an appropriate exclusion in DHCP.


CHAPTER 14 341

Using the Small Business Server Connect Computer Wizard After you estab sh network connect v ty and you’ve created the appropr ate user accounts, the next steps n connect ng a computer to an SBS network are to og on to the computer, open Internet Exp orer or F refox, and aunch the Sma Bus ness Server Connect Computer W zard by connect ng to http://connect Th s w zard configures the computer to run on the network by perform ng the fo ow ng act ons ■

Ver fies that the computer meets m n mum requ rements to run on an SBS 2011 network

■

Changes the computer’s workgroup or doma n membersh p to be a member of the SBS doma n

■

Configures the computer to automat ca y get updates from the SBS server

■

Ass gns users to the computer

■

Opt ona y m grates ex st ng oca user profi es stored on the computer to new doma n user profi es, preserv ng the data and sett ngs of oca user accounts

■

Sets the browser home page to http://companyweb

■

Enab es Remote Web Access connect ons

■

Configures the W ndows F rewa

■

Insta s (but doesn’t enab e) the SBS Gadget f t’s a W ndows V sta or W ndows 7 c ent

■

Configures Group Po c es on the c ent computer to a gn w th SBS 2011

To use the Connect Computer W zard from Internet Exp orer or F refox, fo ow these steps 1. Log on to the computer you want to connect to the SBS network, and open your

browser Internet Exp orer and F refox are supported 2. Browse to http://connect to open the We come To W ndows Sma Bus ness Server 2011

Standard home page, as shown n F gure 14-6 Note If the computer you’re trying to join to the SBS network doesn’t meet the

minimum requirements for joining, you’ll see a different screen than that in Figure 14-6, with a description of the problem and possibly a link to correct it. One example is a Windows XP computer that doesn’t have the Microsoft .NET Framework 2.0 installed. After you’ve corrected the deficiency, you can restart your browser and connect to the http://connect site to continue.

342 CHAPTER 14


Figure 14-6 The We come To W ndows Sma Bus ness Server 2011 Standard home page

3. C ck Start Connect Computer Program to open the Launcher exe app cat on You’ see

a secur ty warn ng as shown n F gure 14-7

Figure 14-7 The F e Down oad Secur ty Warn ng for Launcher.exe


CHAPTER 14 343

4. C ck Run (and c ck Cont nue f you get a User Account Contro prompt) to start the

Connect Computer W zard at the Choose How To Set Up Th s Computer page shown n F gure 14-8

Figure 14-8 The Choose How To Set Up Th s Computer page of the Connect Computer W zard

5. Se ect Set Up Th s Computer For Myse f f you’ be the on y user us ng th s computer

Se ect Set Up Th s Computer For Other Users f th s w you’re sett ng up another user’s computer

be a shared computer, or f

6. The Connect Computer W zard ver fies that the computer be ng connected meets

m n mum requ rements and reports the success, as shown n F gure 14-9

344 CHAPTER 14


Figure 14-9 The Computer Requ rements Are Ver f ed page of the Connect Computer W zard

7. C ck Next to open the Type Your Network Adm n strator User Name And Password

page of the Connect Computer W zard Enter the credent a s for a Network Adm n strator account Note This page will be slightly different if you’ve selected to set the computer up

only for yourself. You’ll need to type in your user name and your password.

8. C ck Next to open the Ver fy The Name And Descr pt on Of Th s Computer page of

the Connect Computer W zard Mod fy the name f requ red, and enter an opt ona descr pt on for the computer, as shown n F gure 14-10


CHAPTER 14 345

Figure 14-10 The Ver fy The Name And Descr pt on Of Th s Computer page of the Connect Computer W zard

9. C ck Next to open the Ass gn Users To Th s Computer page, as shown n F gure 14-11

Any Network Adm n strator accounts w a ready be ass gned to the computer, automat ca y Se ect add t ona users n the eft pane, and c ck Add to ass gn them to the computer

Figure 14-11 The Ass gn Users To Th s Computer page of the Connect Computer W zard

346 CHAPTER 14


10. C ck Next to open the Move Ex st ng User Data And Sett ngs page, shown n F gure 14-

12 Here you’ see a st of SBS user accounts that are ass gned to the computer, w th match ng drop-down sts of accounts that can have the r user data m grated to the new SBS account

Figure 14-12 The Move Ex st ng User Data And Sett ngs page of the Connect Computer W zard

11. Se ect the accounts to m grate, as shown n F gure 14-12, and c ck Next to open the

Ass gn Leve Of Computer Access For Users Of W ndows SBS page shown n F gure 14-13 Here you ass gn the perm ss on eve on the local computer for the SBS doma n account By defau t, SBS Standard Users are ass gned Standard User on the r oca computers as we , though n some scenar os you m ght choose to ass gn them Loca Adm n strator pr v ege


CHAPTER 14 347

We think a better solution is to create one or more (depending on departmental needs and concerns) Standard User SBS domain accounts that can be assigned to individual PCs as local administrator. These SBS Standard User accounts should be assigned only to PCs that have an actual need to occasionally elevate, and they should also be allowed to log on only during normal business hours, and only locally—no RWA access for these accounts. Passwords should be changed regularly. Now when a user needs to elevate privilege to do something, you don’t need to give the user access to an account that has domain administrator privileges. The user can elevate to this special account that is a local administrator, but only a domain user.

Connecting Alternate Clients W ndows V sta and W ndows 7 bus ness-c ass c ents prov de the best exper ence when runn ng on a W ndows Sma Bus ness Server 2011 network, espec a y W ndows 7 W ndows XP Profess ona can a so be jo ned to the SBS network automat ca y us ng the http://connect w zard, but you shou d be aware that W ndows XP s now on extended support and th s w m t the ava ab ty of updates to on y cr t ca updates Computers runn ng W ndows 2000 Profess ona , Mac OS/X, or even L nux can a so connect to your SBS network They won’t have a the funct ona ty of W ndows 7 or W ndows V sta, but they can be managed and used Connect ng computers that don’t meet the m n mum requ rements for us ng the Connect Computer W zard s poss b e, but do ng so requ res you to manua y configure and add the computers to the SBS doma n and then manua y ass gn users to the computer

Manually Connecting Clients To connect W ndows 2000 or non-W ndows c ents to an SBS network, you need to manua y jo n the doma n and set the perm ss ons and propert es of the c ent In the case of W ndows 2000, we strong y recommend that you upgrade the computer to a newer vers on of W ndows, at east W ndows XP Profess ona SP3, or rep ace t ent re y W ndows 2000 s no onger supported or ava ab e and w not rece ve even cr t ca updates The process of connect ng a nonsupported c ent to an SBS network var es depend ng on the operat ng system nvo ved, but for W ndows 2000 Profess ona , you need to manua y jo n the doma n and then configure accounts on the computer by fo ow ng these steps 1. Log on to the W ndows 2000 c ent w th a oca adm n strat ve account 2. Open System Propert es by r ght-c ck ng My Computer and se ect ng Propert es


CHAPTER 14 349

3. C ck the Network Ident ficat on tab, and then c ck Propert es to open the Ident fica-

t on Changes page shown n F gure 14-14

Figure 14-14 The dent f cat on Changes page of the System Propert es d a og box

4. Type the SBS doma n name nto the Doma n fie d, and c ck OK 5. In the Doma n Username And Password d a og box, prov de the user name and pass-

word of an SBS Network Adm n strator account and c ck OK 6. C ck OK three more t mes to acknow edge the we come message and the reboot

warn ng, and to c ose the System Propert es d a og box C ck Yes to reboot the W ndows 2000 computer 7. When the computer restarts, og on to the computer w th an SBS account to ensure

that everyth ng went as expected O der and non-W ndows c ents, w th the except on of W ndows 2000 Server, are not access b e from Remote Web Access because they don’t support Remote Desktop

Connecting Mac OS X Clients Mac OS/X c ents can funct on reasonab y we on an SBS network Mac OS/X 10 4 and ater vers ons can connect correct y to an SBS 2011 network, and vers ons 10 2 and 10 3 can be made to connect, though you shou d upgrade your vers on of OS/X to 10 4 or ater f at a poss b e

350 CHAPTER 14


M crosoft Office 2004 and newer vers ons work we w th M crosoft Office documents from W ndows c ents, and the Ma c ent component of Office for Mac a so works we w th M crosoft Exchange P us the Out ook Web App that s part of W ndows Sma Bus ness Server 2011 works we w th Safar or F refox on a Mac To connect to a W ndows fi e share, fo ow these steps 1. Configure the computer to obta n ts IP address us ng DHCP, f t doesn’t a ready do so 2. Se ect Connect To Server from the Go menu of F nder 3. In the Connect To Server w ndow, browse to the computer or type the address of the

W ndows fi e share, us ng one of the fo ow ng formats smb://fu yqua fieddoma nname/sharename smb://doma n name;servername/sharename For examp e, to connect to the Data share on the hp160-sbs-srv computer, type n smb://hp160-sbs-srv.example.local/Data 4. In the SMB/CIFS F esystemAuthent cat on d a og box, ver fy the doma n name, type n

a W ndows user name and password, and c ck OK

Using Remote Desktop The current vers on of the Remote Desktop Connect on C ent for Mac s 2 1, wh ch s ava ab e as a free down oad from the M crosoft webs te at http://www.microsoft.com/mac/remotedesktop-client Th s vers on supports mu t p e connect ons to W ndows computers, nc ud ng W ndows 7 and W ndows Server 2008 R2 Network Leve Authent cat on and pr nt ng from W ndows app cat ons to Mac-connected pr nters are supported But RemoteApps and RD Gateway are not, unfortunate y

Using Remote Web Access W ndows Sma Bus ness Server 2011 nc udes an updated vers on of Remote Web Access (RWA) Th s webs te g ves the remote user access to ema , her desktop at work, the nterna webs te, and any RemoteApps–enab ed remote app cat ons that have been configured for RWA

Using Remote Web Access

CHAPTER 14 351

aren’t tempted to write it down on the back of their keyboards. The four kinds of authentication methods or factors are ■

Something you know (password)

■

Something you have (token, or physical key)

■

Something you are (biometric)

■

Somewhere you are (location)

Of these, only the first three are realistic and usable in a small business environment, though the fourth—location—is starting to be used by banks as one factor to be sure that the person trying to access your bank account is actually you. Passwords alone are a single-factor authentication method—in this case, something you know. Two-factor authentication requires two of the main three factors, and provides a definite improvement in the surety that the person authenticating to your network is really who he claims to be. For a second authentication factor, we like the simplicity, moderate cost, and effectiveness of a one-time password (OTP). Generated automatically by a token you carry around with you, the combination of the token, a personal identification number (PIN), and your SBS password provides an additional level of security. Requiring at least users with administrative privilege (and we think all remote users) to use two-factor authentication is a good way to improve the overall security of the sensitive data on your network. Third-party providers of OTP tokens include AuthAnvil (http://www.authanvil.com), CRYPTOCard (http://www.cryptocard.com), and RSA SecurID (http://www.rsa.com). Of these, only AuthAnvil is focused on the small business market, with a suite of products that are fully integrated into SBS, including RWWGuard, which replaces the logon page shown in Figure 14-15 with a new page that includes an additional field to directly enter your OTP. We use RWWGuard and AuthAnvil on our SBS network.

After you’ve ogged on to RWA, you’ see the ma n RWA page shown n F gure 14-16 From here, you can connect to a computer on your SBS network, access shared fo ders on the network, og on to Out ook Web Access (by c ck ng Check Ema ), go to your nterna home page, change your password, or, f you’re ogged on as an adm n strator, connect to a server to perform system ma ntenance

Using Remote Web Access

CHAPTER 14 353

Figure 14-16 The ma n RWA and ng page

You can custom ze th s RWA and ng page, even add ng nks to app cat ons on your network us ng RemoteApps We’ cover custom zat on of th s s te n Chapter 20, “Manag ng Remote Access,” and RemoteApps s covered n Chapter 26, “Add ng a Term na Server ”

Managing Computers You can manage the c ents that are ava ab e on your network, a ong w th many of the sett ngs that contro the r ava ab ty and behav or, from the W ndows SBS Conso e To see a st of computers jo ned to your SBS doma n, open the W ndows SBS Conso e and c ck the Network button to open the Computers page, as shown n F gure 14-17

354 CHAPTER 14


Figure 14-17 The W ndows SBS Conso e Computers page

From the Computers page, you can see a qu ck status for the computers on your network wh ch are on ne, wh ch need updates, and wh ch have other prob ems or warn ngs When you c ck a computer n the st, a new sect on of the Tasks pane opens show ng you tasks you can perform that are spec fic to the computer se ected, as shown n F gure 14-18 where we’ve se ected computer HP160-WIN7-01

Figure 14-18 The W ndows SBS Conso e Computers page w th computer HP160 W N7 01 se ected

Managing Computers

CHAPTER 14 355

From here, you can offer remote ass stance, connect d rect y to the computer us ng Remote Desktop ( f the computer supports Remote Desktop), v ew the propert es of the computer, check on update and other secur ty-re ated status, and even remove the computer from the doma n If there are prob ems w th a c ent computer, you can se ect the computer and then c ck the Go To Secur ty or Go To Updates nks n the Tasks pane to nav gate to the appropr ate page of the W ndows SBS Conso e

Viewing and Modifying Client Computer Settings To v ew or mod fy the propert es and sett ngs of a c ent computer n SBS, se ect the computer n the W ndows SBS Conso e Computers page, as shown n F gure 14-18, and c ck V ew Computer Propert es n the Tasks pane to open the Propert es d a og box for the computer From here, you can v ew the name of the computer, set the descr pt on of t, v ew the status of updates ass gned to the computer, and contro who has remote access to the computer To set the remote access to the computer, fo ow these steps 1. Open the W ndows SBS Conso e Computers page, and c ck the computer you want to

change the remote access for n the eft pane 2. C ck V ew Computer Propert es n the Tasks pane 3. C ck User Access n the eft pane of the Propert es page, as shown n F gure 14-19

Figure 14-19 The Ass gn User Access page of the Computer Propert es d a og box

356 CHAPTER 14


$searcher.filter = “(&(objectClass=User)(sAMAccountName=$UserName))” $userResult = $searcher.FindOne() $user = $userResult.GetDirectoryEntry() $user.userWorkstations = $comp “Restricting user account: $UserName to clients: $comp” $user.SetInfo() “Computer access for $user has been updated.”

You’ll need to run this script, which is on the companion CD, from an elevated PowerShell console. Another solution is to use the native Active Directory Users And Computer console. For more on using the native tools, including when you should and should not use them, see Chapter 17, “Windows SBS Console vs. Server Manager.” But the short answer is always use the Windows SBS Console if at all possible. Only use the native Server Manager consoles when you’re really sure there’s no other way to achieve the desired end result.

Remotely Managing Computers Network Adm n strators can remote y manage a computer from the W ndows SBS Conso e, e ther offer ng remote ass stance to the current y ogged-on user or d rect y connect ng to the computer over Remote Desktop

Offering Remote Assistance One way of manag ng computers remote y s by d rect y he p ng users to perform the r tasks Remote Ass stance g ves the Network Adm n strator a way to share the sess on of a user on a W ndows XP or W ndows V sta computer It s not ava ab e on down- eve W ndows computers such as W ndows 2000 Profess ona , or on non-W ndows computers When you share a sess on us ng Remote Ass stance, both the user and the Network Adm n strator see the same th ng and both can nteract w th the sess on us ng both keyboard and mouse To offer Remote Ass stance, fo ow these steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck the Network button, and then se ect the computer you want to offer Remote As-

s stance to

358 CHAPTER 14


3. C ck Offer Remote Ass stance from the Tasks pane If you haven’t d sab ed the warn-

ng, you’ see a rem nder that you need to make sure the user you want to he p s ogged on, as shown n F gure 14-20

Figure 14-20 Warn ng before remote ass stance s offered

4. C ck Yes The user ogged on to the computer you’re offer ng ass stance to s prompt-

ed to et you share her sess on, as shown n F gure 14-21

Figure 14-21 W ndows Remote Ass stance offer

5. If the user accepts the offer by c ck ng Yes, her desktop w

server conso e, and both screens w shown n F gure 14-22

be shared back to the SBS have the Remote Ass stance too bar d sp ayed, as

Figure 14-22 The Remote Ass stance too bar s d sp ayed on both screens on top of the user s

desktop

6. When the Remote Ass stance sess on has accomp shed ts task, e ther user can c ck

the D sconnect button n the Remote Ass stance too bar to end the sess on

Managing Computers

CHAPTER 14 359

Connect Remotely Remote management tasks that can’t be eas y accomp shed n a Remote Ass stance sess on, or that need to be performed when no user s ogged on to the remote computer, often needed to be performed by phys ca y go ng to the computer and ogg ng on w th the adm n strator’s account A major nu sance, certa n y W th the nc us on of Remote Desktop n bus ness-focused ed t ons of W ndows, adm n strators have an a ternat ve—a Remote Desktop sess on When you jo n a computer to the SBS doma n us ng http://connect, one of the sett ngs that s propagated to the new c ent s to enab e Remote Desktop on the computer A though t’s easy enough to d rect y connect to a remote computer us ng e ther the Remote Desktop nk n the A programs, Accessor es fo der of the Start Menu or from the command ne us ng mstsc exe, the W ndows SBS Conso e g ves you d rect access from the conso e Just h gh ght the computer n the Computers page of the W ndows SBS Conso e and c ck Connect To A Computer Us ng Term na Serv ces n the Tasks pane You’ see a prompt for the connect on credent a s to use, as shown n F gure 14-23, and then a fu -screen Remote Desktop sess on opens

Figure 14-23 Remote Desktop credent a s prompt

If there s an act ve sess on on the remote computer, you’ get a warn ng that the other user w be d sconnected from the sess on Un ke w th Remote Ass stance, you can’t share a Remote Desktop sess on to a c ent computer (The except on to th s s that Remote Desktop connect ons to Term na Server sess ons can be shared, f necessary ) The on y rea prob em w th us ng the W ndows SBS Conso e to n t ate a Remote Desktop sess on s that t w a ways be a fu -screen sess on That’s fine for some th ngs, but t can be a nu sance f you’re try ng to do the same task on mu t p e c ent computers In that event, we ke to use the command ne mstsc

360 CHAPTER 14

/v: /h: /w:<width>


So, to open three Remote Desktop sess ons, each w th a reso ut on of 1024x768, to the computers hp160-w n7-01, xmp -v sta64-01, and hp160-v32-03, a s mp e PowerShe command ne w get the job done PSH> $RDP_Array = “hp160-win7-01”, “xmpl-vista64-01”, “hp160-v32-03” PSH> foreach ($computer in $RDP_Array) {mstsc /v:$computer /h:768 /w:1024}

Note You can easily use a combination of hard file links and the PowerShell code just

shown to create a smart script that lets you log in to a machine simply by entering its name from the PowerShell command line. My current version has two dozen hard links to the same PowerShell script.

Removing Computers from the Network You shou d remove computers from the network on y f the computers are be ng decomm ss oned When you remove a computer from the network, you make any SBS user accounts on the computer unava ab e, and even f you ater rejo n the computer to your SBS doma n, new user profi es w be created and the o d ones w be unava ab e If you do have to temporary have a user use a computer w thout be ng part of the doma n, you can usua y just create a oca user account on the computer and have the user og on to that account If c rcumstances requ re you to remove a computer from the doma n and you want to save some of the sett ngs for an ex st ng account, use the W ndows Easy Transfer (WET) W zard, or w th W ndows XP, the F es And Sett ngs Transfer W zard Th s won’t save everyth ng, but t w save many of the current user’s sett ngs To remove a computer from the SBS doma n, fo ow these steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck the Network button, and then se ect the computer you want to remove from the

SBS doma n 3. C ck Remove Computername n the Tasks pane 4. When prompted, as shown n F gure 14-24, c ck Yes to remove the computer

Figure 14-24 The Remove Computer warn ng message

Managing Computers

CHAPTER 14 361

Summary In th s chapter, we covered the bas c management tasks ava ab e for nd v dua computers on the network W ndows Sma Bus ness Server 2011 s mp fies many of them by automat ng tasks and ensur ng that computers meet the necessary requ rements before they jo n the SBS network In add t on, by mak ng both Remote Ass stance and Remote Desktop d rect y ava ab e from the W ndows SBS Conso e, the Network Adm n strator has d rect access to computers for management and ass stance In the next chapter, we’ cover the deta s of sett ng up and manag ng software updates to your W ndows computers on your SBS network

362 CHAPTER 14


■

Service pack A generally available collection of fixes and feature enhancements. Service packs are cumulative and contain all currently available updates, update rollups, security updates, critical updates, and hotfixes, and they might contain fixes for problems that were found internally and have not been otherwise released. Service packs also sometimes add new features (Microsoft Windows XP SP2, for example).

■

Hotfix A narrowly available fix for a specific issue. Hotfixes are generally available only through Microsoft Product Support Services and cannot be redistributed. Hotfixes are not tested as thoroughly as updates, update rollups, or service packs.

■

Update A generally available fix for a specific, non-security-related, noncritical problem. An update has an accompanying Knowledge Base article.

■

Update rollup A generally available and tested collection of hotfixes, security updates, critical updates, and updates that are packaged together. An update rollup has an accompanying Knowledge Base article.

See? All sorts of terms and terminology and not one of them includes the word “patch.” For complete, up-to-date details on Microsoft update terminology, see http://support.microsoft.com/kb/824684.

Why Patching Is Important In the o d days, when your network wasn’t connected to the Internet, system adm n strators were the on y peop e who nsta ed software, and users had on y a green screen term na , dec d ng when to app y a patch was a fa r y stra ghtforward dec s on If you were hav ng a spec fic prob em and you wanted a b t of overt me on the weekend, you came n and app ed a patch If no one was comp a n ng and you d dn’t want to work on the weekend, you threw the tape (patches a ways came on tapes n those days) n the drawer and wa ted unt you had to come n on the weekend for some other ma ntenance, or users started comp a n ng about a prob em that seemed re ated Or you s mp y never got around to t at a Even n the more recent past t was poss b e to have a more cons dered and gradua approach to app y ng patches When a vu nerab ty was dent fied, t often took months before there was any rea r sk to your network Today that approach s mp y won’t work, as Code Red, N mda, S ammer, and others have a too c ear y demonstrated W th n hours or (at most) days of the re ease of a cr t ca secur ty update, there w a most certa n y be samp e exp o t code posted on the Internet, te ng anyone and everyone how to exp o t the vu nerab ty If you gnore cr t ca secur ty updates, you p ace your ent re SBS network—and the data stored on t—at r sk App y ng software updates s on y one part of a defense- n-depth strategy to protect your network, but t’s a cr t ca part Don’t neg ect t

364 CHAPTER 15


Assess The assess phase of patch management s a about understand ng what your env ronment s, where and how t s vu nerab e and can be attacked, and what resources and procedures are n p ace to reduce those vu nerab t es When a patch s re eased, you can’t make an nformed dec s on about whether you need to nsta that patch un ess you first know what software s present n your env ronment and what your cr t ca bus ness assets are that abso ute y, pos t ve y must be protected So the first step to an overa patch management process s to figure out what software you’re runn ng n your env ronment A of t, we hope Whether you bu d a spreadsheet, have a M crosoft Office Access database, or just a keep t a n a chart n M crosoft Office Word, you need to get your software env ronment aud ted and documented Ident fy your cr t ca bus ness assets Is there confident a data that you cou dn’t funct on w thout? Are there cr t ca systems that must be ava ab e at a t mes? Are there nd v dua s whose product v ty s m ss on-cr t ca ? A of these are bus ness assets that you shou d factor nto your overa patch management strategy The next part of the assessment phase s to understand what secur ty threats and vu nerab t es you current y have Do you have egacy W ndows systems that are no onger supported? Are there non-W ndows systems that aren’t be ng fu y mon tored and updated automat ca y? Are you runn ng o d vers ons of software programs that can’t be eas y updated or rep aced? Do you have pub c-fac ng web servers that are not beh nd your firewa ? What are your secur ty po c es and how are they enforced? These and many, many more quest ons need to be asked—and answered F na y, you need to assess your patch ng nfrastructure and resources How do you dep oy software and patches now? Who s respons b e for dent fy ng, test ng, and dep oyng patches? What resources are ava ab e to he p w th that? How rap d y can you respond to a cr t ca vu nerab ty that affects your systems? What steps can you take to mprove your response t me?

SBS Version If a that seems a b t much, t’s rea y just a ot of somewhat forma words to say that you need to know what software s runn ng on your network and how t s updated It’s a so good to have a record of what k nds of patches have caused troub e for you n the past—when you see new patches that affect these areas, you’ probab y want to do some add t ona test ng before you send the patch out

366 CHAPTER 15


Identify The identify phase s about find ng out what software updates or patches are ava ab e, and how cr t ca t s that they be dep oyed n your env ronment You need to take the fo ow ng act ons ■

D scover the patch

■

Dec de whether t’s re evant to your env ronment

■

Down oad the patch

■

Ident fy the patch’s cr t ca ty

There are many ways to d scover patches, but for M crosoft products one of the best ways s to s gn up for ema a erts If you do th s, M crosoft w send you not ficat ons of secur ty updates before they are actua y re eased The s gnup page s at http://www.microsoft.com/ technet/security/bulletin/notify.mspx You can ta or the not ficat on method and deta eve to su t your env ronment Note This link provides alerts only for security-related patches.

Whatever method you use to d scover patches, t’s mportant that you have a way to trust the source of the patch nformat on A M crosoft secur ty update a erts are s gned w th a pub c y ava ab e PGP key, for examp e And t shou dn’t be necessary to say th s, but just n case M crosoft w never send a secur ty update as an attachment to an ema ! Never Important Wait, maybe you missed that. Again, for emphasis: Microsoft will never send

a security update as an attachment to an email! Never.

Once you know about a patch, you need to dec de whether t’s re evant to your env ronment If a your c ent computers are runn ng W ndows 7 (and they shou d be!), a patch that app es on y to W ndows XP sn’t rea y re evant to your env ronment However, f the patch s a cr t ca secur ty update for M crosoft Office 2010 and you run that n your env ronment, you’ need to app y t When you determ ne that a patch s re evant to your env ronment, you need to obta n the patch from a known and trusted source For a M crosoft patch, th s genera y means downoad ng t d rect y from M crosoft W th SBS, th s means ett ng WSUS down oad the patch by synchron z ng, but we’ get to the gory deta s of WSUS ater F nd the re evant Know edge Base art c e for the patch, and then cut and paste the nk to the down oad page d rect y nto your browser Do not c ck the nk n an ema to get your patch Even when you have ver fied that the ema s rea y from M crosoft and s a eg t mate ema , you shou dn’t c ck the nks Get nto the hab t of a ways us ng cut and paste When you use cut and paste to put a nk nto your browser, you great y reduce the ke hood of a ph sh ng attack—be ng unknow ng y red rected to a s te that ooks exact y ke the s te you expected to go to, but s actua y a s te des gned to stea nformat on from you or down oad unwanted spyware onto your computer

The Patching Cycle

CHAPTER 15 367

Note Most email clients today have the ability to force all email to display as plain text.

This is a good thing, because it prevents unscrupulous people from hiding the real destination of a link. The giveaway for detecting a bogus link will usually be that it’s a link to an IP address, not the actual DNS domain name, or if it is a DNS name, it’s not exactly the one you think it is. If you make the change and read your email only in plain text, your email won’t be as pretty, but you’ll be a lot safer. To enable plain-text email handling in Outlook 2003, select Options from the Tools menu. Click the Preferences tab, and then click E-Mail Options. Select the Read All Standard Mail In Plain Text and Read All Digitally Signed Mail In Plain Text check boxes. Click OK and restart Outlook. To enable plain-text email handling in Outlook 2010, click on the File tab in the Ribbon and then select Options. Click Trust Center, and then click Trust Center Settings to open the Trust Center dialog box. Click E-mail Security, and then select the Read All Standard Mail In Plain Text and Read All Digitally Signed Mail In Plain Text check boxes. Click OK and then OK again. You might need to restart Outlook for the changes to take effect.

After you’ve down oaded the patch and read the assoc ated Know edge Base art c e, you are n a pos t on to determ ne just how cr t ca the patch s n your env ronment Is th s a patch that needs to be dep oyed mmed ate y, w th m ted test ng—or even w th no test ng? Or are there ame orat ng factors that a ow the patch to be dep oyed as part of a regu ar patch ng schedu e after fu test ng?

SBS Version Aga n, f that seemed a b t much, you’re probab y r ght But t’s actua y what we had to go through before the R2 vers on of SBS 2003 f we d dn’t have some method—usua y th rdparty—to automat ca y down oad and dent fy patches for our env ronment W th the R2 re ease of SBS 2003, we were ab e to et WSUS take care of the down oads and the n t a ana ys s SBS 2011 extends that to fu y support WSUS vers on 3, but you’ st want to do some th nk ng before you et t fire off an automat c update to every c ent n the network

Evaluate and Plan The evaluate and plan phase of patch management flows natura y out of the dent fy phase, and n many ways s an extens on of t In th s phase, you determ ne how to respond to the software update you’ve down oaded Is t cr t ca , or even necessary? How shou d t be dep oyed? And to whom? Shou d nter m countermeasures be emp oyed that w m n m ze your exposure to the vu nerab ty? What pr or ty does the patch have? The n t a determ nat on of need, su tab ty, and pr or ty s made dur ng the dent fy phase, but n the eva uate and p an phase, you shou d take a c oser ook at the patch What pr or ty s the patch? If t affects a cr t ca bus ness asset and there’s no easy or appropr ate

368 CHAPTER 15


countermeasure except the patch, t w have a h gher pr or ty for test ng and dep oyment than f there’s a s mp e countermeasure that you can mp ement unt the patch can be dep oyed If t targets cr t ca bus ness assets, t’s go ng to have a h gher pr or ty than f the on y computers that are affected are severa o d W ndows 2000 computers that aren’t runn ng any cr t ca bus ness app cat ons (But you got r d of those o d W ndows 2000 computers, r ght?) After you’ve dent fied the pr or ty of the patch, you need to p an the actua dep oyment Wh ch computers need to have the patch dep oyed to them? Are there any constra nts or ssues that nterfere w th the dep oyment? Who needs to be not fied, and what steps need to be taken so that the dep oyment m n m zes the d srupt on to the env ronment? If th s s an emergency re ease, w t go through a staged dep oyment, or s every affected computer go ng to have the patch dep oyed as soon as poss b e?

SBS Version In any SBS network arger than a few c ents, you shou d have a coup e of c ents that are des gnated canar es In a but emergency-patch s tuat ons, these computers w have the new patches dep oyed to them first If they surv ve the patch w thout major ssues, you can OK the dep oyment onto the rest of your c ents Unfortunate y, WSUS—as nc uded w th SBS 2011—doesn’t support hav ng a spec a group of c ent computers that are treated d fferent y from other c ents The workaround we’ve found s to have one (or two) users who go d rect y to M crosoft Update every Patch Tuesday and update the r computers Th s gets the update onto the r computers qu cker than any other method and a ows some test ng t me before any automat c dep oyment can happen If you go th s route, choose a user who has a fa r y typ ca computer and, most mportant, who s w ng to take on th s ro e A so, make sure that you carefu y rev ew the “Caveats” sect on of the Secur ty Bu et n Th s sect on deta s known ssues and nteract ons that you shou d be aware of

Deploy The deployment phase of patch management s n many ways the eas est phase You’ve done a your preparatory work; now a you need to do s the actua dep oyment F rst and foremost, commun cate Let everyone who w be affected know that you w be dep oy ng a patch, and what app cat on or area of the operat ng system t affects If you know that the dep oyment w cause changes n behav or, te your users before the dep oyment You’ have far fewer support ca s f you’ve warned peop e that a certa n behav or s expected than f you surpr se them

SBS Version W th SBS, we have WSUS to do the dep oyment and track ts progress If your canary user has surv ved, you shou d proceed w th the dep oyment But the same ru e app es as for a rea y arge enterpr se—commun cate If users have open fi es and SBS automat ca y dep oys an

The Patching Cycle

CHAPTER 15 369

update that requ res a reboot, they cou d potent a y ose work Send ng a rem nder ema to your users on Patch Tuesday s a good dea

Repeat After you’ve dep oyed a patch, the process starts over aga n It rea y s a cont nuous process—or t shou d be At a m n mum, ver fy that the patch has been successfu y dep oyed to the affected computers Update your software map and database so that you know wh ch computers have had the patch app ed Because our assumpt on s that every patch s on every computer, we on y keep track of the except ons When a patch cyc e s comp ete, we make a note of any ssues, confirm that dep oyment has been successfu , and get ready for the next round

Using SBS Software Updates SBS nc udes a custom zed and configured vers on of W ndows Server Update Serv ces (WSUS) The SBS team has a ready done the heavy ft ng to get WSUS configured and workng opt ma y for SBS networks When the SBS nsta s fin shed, updates are a ready be ng managed and dep oyed, but you can do add t ona custom zat on from the Updates page of the W ndows SBS Conso e

Configuring Software Update Settings The defau t software update sett ngs for SBS 2011 are adequate for most sma bus nesses, but there are add t ona sett ngs you can use to custom ze how updates are hand ed on your network You can ■

Change the update eve for servers and c ents

■

Change the update schedu e

■

Change wh ch computers are managed by WSUS

Note For those familiar with SBS 2003 R2, these settings are very similar, though the

interface is different.

Changing the Update Level SBS uses the fo ow ng four update levels to contro wh ch updates for SBS and your SBS c ent and server computers are automat ca y dep oyed ■

High Automat ca y approves a secur ty, cr t ca , and defin t on updates, and a so approves a serv ce packs Th s s the defau t for c ent computers

370 CHAPTER 15


Important This setting will automatically approve service packs. This is a change

in behavior from SBS 2003 R2, and you should allow this only if you understand the repercussions in the event of issues with a service pack, such as those experienced with Windows 7 SP1.

■

Medium Automat ca y approves a secur ty, cr t ca , and defin t on updates Th s s the defau t for server computers

■

Low Automat ca y approves a secur ty and defin t on updates Cr t ca updates that are not secur ty-re ated w not be automat ca y approved

■

None No updates are automat ca y approved Each update must be manua y approved or rejected—not a good dea

To change the eve for a c ass of computers, fo ow these steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck Secur ty on the nav gat on bar 3. C ck on the Updates tab, f t sn’t on top, to d sp ay the Updates page, as shown n

F gure 15-1

Figure 15-1 The Updates page of the W ndows SBS Conso e

4. C ck Change The Software Update Sett ngs n the Tasks pane to open the Software

Update Sett ngs d a og box shown F gure 15-2

Using SBS Software Updates

CHAPTER 15 371

Figure 15-2 The Software Update Sett ngs d a og box

5. In the eft pane, c ck Server Updates to change the sett ngs for servers, or c ck C ent

Updates to change sett ngs for c ent PCs 6. Se ect the eve to use for th s c ass of computers, and then c ck OK to c ose the d a og

box and change the eve

Changing the Update Schedule You can change the day of the week and the t me of day that automat c updates happen, and a so configure updates to down oad automat ca y to computers but wa t for the user to n t ate the nsta at on, by chang ng the update schedu e To change the update schedu e, use the fo ow ng steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck Secur ty on the nav gat on bar 3. C ck on the Updates tab, f t sn’t on top, to d sp ay the Updates page 4. C ck Change The Software Update Sett ngs n the Tasks pane to open the Software

Update Sett ngs d a og box 5. C ck Schedu e n the eft pane to open the Schedu e page of the Software Update Set-

t ngs d a og box as shown n F gure 15-3

372 CHAPTER 15


Figure 15-3 The Schedu e page of the Software Update Sett ngs d a og box

6. To configure automat c down oads to c ent computers, se ect that opt on n the C ents

sect on Note Configuring client computers for automatic downloads requires that an admin-

istrator initiate the install on the client.

7. To configure servers to automat ca y update, nc ud ng automat ca y reboot ng,

change that opt on n the Servers sect on Note Configuring servers to automatically install updates is a really bad idea. This will

cause the server to automatically reboot if the update requires a reboot, and you run a significant risk of lost work or unexpected downtime. This option should be chosen only if you’ve carefully considered all the alternatives and have a clear understanding of the need for automatic update installation. And even then we think that server updates should be a manual process.

8. To change the day of the week or the t me of day that an automat c update s nsta ed,

se ect the day of the week from the drop-down st You can have updates a ways be nsta ed on a spec fic day, or on any day that they’re ava ab e The defau t s Every Day


CHAPTER 15 373

Figure 15-4 The nc uded Computers page of the Software Update Sett ngs d a og box

6. Se ect the computer you want to exc ude from the st of nc uded computers, and c ck

Remove to move t to the Exc uded st 7. After you’ve comp eted your changes to the Inc uded Computers page, c ck OK to

c ose the d a og box and app y the changes

Modifying the Update Group Genera y, SBS correct y dent fies whether a computer s a server or a c ent and nc udes t n the appropr ate group for update purposes You wou dn’t norma y change that sett ng But f you want to force a part cu ar computer that s a server to automat ca y be updated, for examp e, or to ensure that a part cu ar y cr t ca workstat on sn’t automat ca y rebooted at 3 00 A M the Wednesday morn ng after Patch Tuesday, you can mod fy the group the computer s n to match the behav or you need To mod fy the update group of a computer, fo ow these steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck Secur ty on the nav gat on bar 3. C ck on the Updates tab, f t sn’t on top, to d sp ay the Updates page 4. C ck Change The Software Update Sett ngs n the Tasks pane to open the Software

Update Sett ngs d a og box


CHAPTER 15 375

5. C ck Inc uded Computers n the eft pane to open the Inc uded Computers page of the

Software Update Sett ngs d a og box 6. Se ect the computer you want to change, and c ck Mod fy to open the Change The

Members Of An Update Group d a og box, as shown n F gure 15-5

Figure 15-5 The Change The Members Of An Update Group d a og box

7. Se ect the group to move the computer to, and c ck OK 8. After you’ve comp eted your changes to the Inc uded Computers page, c ck OK to

c ose the d a og box and app y the changes

Deploying Updates Most updates are automat ca y accepted and dep oyed by the bu t- n ru es of SBS Software Updates, but some updates are cons dered opt ona or requ re exp c t acceptance of a separate End User L cense Agreement (EULA), and these w requ re ntervent on by an SBS adm n strator to e ther dep oy or dec ne the update The ma n Updates page, shown n F gure 15-6, nc udes the overa status of updates on your SBS network and a so the spec fic deta s of any se ected update In the deta s pane of the Updates page, you can find more nformat on on the spec fics of the update, what app cat ons or vers ons of W ndows t app es to, and whether t w requ re a reboot The deta s a so nc ude a nk to the appropr ate Know edge Base art c e or down oad page for the update

376 CHAPTER 15


Figure 15-6 The Updates page, show ng deta s for an opt ona update

To dep oy or dec ne an update, fo ow these steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck Secur ty on the nav gat on bar 3. C ck on the Updates tab, f t sn’t on top, to d sp ay the Updates page 4. Se ect the update you want to dep oy or dec ne n the ma n pane of the Updates page,

and read the descr pt on of the update n the deta s pane 5. C ck Dep oy (or Dec ne) n the Tasks pane to open the Software Updates d a og box

shown n F gure 15-7 (The Dec ne d a og box s essent a y the same, except that t says Dec n ng nstead of Dep oy ng )

Figure 15-7 The Software Updates Dep oy ng Updates d a og box


CHAPTER 15 377

4. In the Approve Updates dialog box, select the groups of computers to approve the update for and select Approved from the drop-down list of options.

5. Click OK to approve the update, and click Close to close the progress dialog box.

6. Close the Update Services console. Using the native Update Services console is not something you should ordinarily do because it can interfere with the normal operation of the SBS Software Updates. But sometimes it’s just the only way to do something, as in this case.

Viewing Update Deployment Reports When updates are show ng n the Updates In Progress sect on of the Updates page, t often means that some computers have had the update dep oyed but others are st pend ng for one reason or another (usua y because the affected computer has been offl ne) To see what the status s for a the computers affected, fo ow these steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck Secur ty on the nav gat on bar 3. C ck on the Updates tab, f t sn’t on top, to d sp ay the Updates page 4. Se ect the update you want to see the dep oyment report for, and c ck V ew The Up-

date Dep oyment Report on the Tasks menu to open the Dep oyment Report for the update, as shown n F gure 15-9

Figure 15-9 The Dep oyment Report for a secur ty update

5. After you’ve dent fied wh ch computers are caus ng the update to not comp ete, you

can take the appropr ate steps to correct the s tuat on


CHAPTER 15 379

Synchronization SBS synchron zes w th the M crosoft servers once a day, at 10 00 P M oca t me Norma y, th s s a suffic ent y frequent and t me y synchron zat on that you shou dn’t need to do anyth ng spec a to synchron ze In the event of an act ve outbreak of a cr t ca exp o t that affects your network, however, or for any other reason you need to manua y synchron ze the SBS Software Updates, you can manua y tr gger an update at any po nt n t me To n t ate an update, fo ow these steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck Secur ty on the nav gat on bar 3. C ck on the Updates tab, f t sn’t on top, to d sp ay the Updates page 4. C ck Synchron ze Now on the Tasks pane to open the Software Updates Synchron ze

Now confirmat on d a og box, shown n F gure 15-10

Figure 15-10 The Synchron ze Now conf rmat on d a og box

5. C ck OK and the synchron zat on w

beg n, and the Software Updates d a og box w change to a progress d a og box When the synchron zat on comp etes, you’ see the d a og box shown n F gure 15-11

Figure 15-11 The Software Updates synchron zat on has comp eted

6. C ck C ose to return to the W ndows SBS Conso e

380 CHAPTER 15


Third-Party Solutions SBS Software Updates does a good job of manag ng the var ous patches for M crosoft products on your SBS network It has a s ng e, ntegrated, and cons stent method for patch management that w meet the bas c needs of the major ty of SBS env ronments And t’s certa n y eas er to get set up and work ng correct y than us ng the regu ar W ndows Server Update Serv ces down oad from M crosoft com But hav ng sa d a that, there are m tat ons The WSUS on wh ch SBS Software Updates depends w on y manage updates of M crosoft products, and t doesn’t g ve you the fine-gra ned contro that some SBS networks m ght need If your needs go beyond the bas cs of SBS Software Updates, you need to go e ther to a product such as M crosoft’s W ndows Intune or to a th rd-party product W ndows Intune s a good product and we -su ted to arger SBS networks, but t does move your update management and dep oyment from your own network to a managed, fee-based, c oud subscr pt on serv ce W ndows Intune nc udes software cens ng for updat ng your c ent computers to W ndows 7 Enterpr se An a ternat ve to the M crosoft patch-management so ut ons that we’ve used and ke a ot s Shav k’s NetChk Protect (http://www.shavlik.com/netchk-protect.aspx) Th s s a fu featured, powerfu product that g ves you the ab ty to create mu t p e patch groups, contro the down oad and dep oyment act ons and schedu es for each group d fferent y, and even patch computers that aren’t part of your SBS doma n but are connected to your network It supports patch ng of popu ar non-M crosoft products that you’re ke y to have on your SBS network, such as W nZ p, F refox, App e Qu ckT me, and Adobe Acrobat Other a ternat ves that we’ve not used but that have come recommended by fe ow SBS adm n strators nc ude Lumens on Endpo nt Management and Secur ty Su te (http://www.lumension.com) and B gF x (http://www.bigfix.com) For a comprehens ve so ut on that nc udes far more than s mp e patch management, Kaseya (http://www.kaseya.com) s gett ng good rev ews from SBS adm n strators and consu tants a ke One part of Kaseya that appea s to us s ts ntegrat on w th AuthAnv , our preferred authent cat on so ut on

Summary In th s chapter, we covered both the process of patch management and the mechan cs of us ng W ndows Sma Bus ness Server 2011 Software Updates In the next chapter, we’ cover another cr t ca secur ty process—back ng up and restor ng your SBS network

Summary

CHAPTER 15 381

CHAPTER 16

Configuring Backup B

ackup s one of those chores that everyone knows s necessary but everyone hates to dea w th In M crosoft W ndows Sma Bus ness Server (SBS) 2011 Standard, the so ut on can be s mp e f you on y need to do d saster recovery backups of the server Sett ng up a more robust backup of your ent re network, nc ud ng the c ents on the network, requ res more than just SBS 2011 by tse f You’ need e ther a th rd-party product or our preferred so ut on—W ndows Storage Server 2008 R2 Essent a s After you’ve done the n t a setup and configurat on of backups, they shou d happen automat ca y and w thout ntervent on Wh ch does not mean you can gnore them As we’ d scuss n th s chapter, backups aren’t very mportant It’s restores that are mportant If you can’t restore from a backup, the backup s use ess The backup funct on n the W ndows Sma Bus ness Server 2011 Standard Conso e (SBS Conso e) prov des a s mp e nterface for schedu ng and configur ng your backups It’s st W ndows Server Backup underneath, however, and some funct ons are ava ab e on y through the nat ve W ndows Server Backup app cat on ( ocated on the Adm n strat ve Too s menu), nc ud ng a of the advanced funct ona ty ntroduced n W ndows Server 2008 R2 In th s chapter, we’ ook at both the SBS w zards and the nat ve W ndows Server w zards for do ng backups, a ong w th show ng you how to ntegrate W ndows Storage Server 2008 R2 Essent a s nto your network to protect your c ent computers And, of course, we’ a so cover how to recover fi es or your ent re server when necessary

Configuring the Backup Service SBS 2011 uses the W ndows Server Backup that s nc uded n W ndows Server 2008 R2, but before you can use the backup, you need to configure t You can use the SBS Configure Server Backup W zard to do th s, and f you ntend to back up to an externa USB, F reW re, or eSATA dr ve, that’s exact y what we’d recommend But f you need to use some of the add t ona capab t es nc uded n the R2 re ease of W ndows Server 2008, you’ need to use the nat ve too s to configure your backups In th s sect on, we’ wa k you through both scenar os—first the SBS Configure Server Backup W zard, and then the nat ve Backup Schedu e W zard The SBS Configure Server Backup W zard has the fo ow ng requ rements

383

Windows Server Backup Using SBS Wizards To start the configurat on, open W ndows SBS Conso e, c ck Backup And Server Storage, and then fo ow these steps 1. In the Tasks pane, c ck Configure Server Backup to start the Configure Server Backup

W zard, as shown n F gure 16-1

Figure 16-1 Start ng the Conf gure Server Backup W zard

2. C ck Next to open the Spec fy The Backup Dest nat on page, and se ect one or more

dr ves as dest nat ons for your backup If your dr ve sn’t sted, se ect the Show A Va d Interna And Externa Backup Dest nat ons check box, as shown n F gure 16-2

Configuring the Backup Service

CHAPTER 16 385

3. C ck Next to open the Labe The Dest nat on Dr ves page Type n abe nformat on for

each backup d sk 4. C ck Next to open the Se ect Dr ves To Back Up page Se ect the nd v dua dr ves, or

c ck Back Up A to nc ude a dr ves If there are cr t ca system or app cat on fi es on a vo ume, you cannot dese ect that vo ume 5. C ck Next to spec fy the backup schedu e, as shown n F gure 16-3 Se ect the frequen-

cy and the t mes of day By defau t, Configure Server Backup schedu es a backup to run da y at Noon and 11 00 P M To adjust the backup schedu e, se ect Custom and you can schedu e mu t p e backups at t mes you choose

Figure 16-3 Sett ng backup t mes

6. C ck Next to confirm the se ect ons you’ve made and then c ck Configure You’ be

warned that the d sks be ng used for backup w

be formatted

7. C ck Yes to confirm the formatt ng, and the backup configurat on w

comp ete

8. C ck F n sh when the configurat on s comp ete


CHAPTER 16 387

Changing the Backup Configuration You can change your backup sett ngs n the SBS Conso e C ck Backup And Server Storage and then c ck the Backup tab When you se ect the current y configured backup, the Tasks pane updates to show the changes you can make as we as prov d ng deta s about the current backup configurat on, as shown n F gure 16-4 You can ■

Add or remove backup dest nat ons

■

Add or remove backup tems (ent re vo umes on y)

■

Change the backup schedu e

■

Temporar y pause backups (w thout chang ng other sett ngs)

■

D sab e the backups (de etes the current configurat on ent re y)

Figure 16-4 The server backup s conf gured

Modifying Backup Destinations

In the SBS Conso e, c ck Backup And Server Storage, h gh ght the server, and c ck Add Or Remove Backup Dest nat ons to open the Server Backup Propert es d a og box, as shown n F gure 16-5

388 CHAPTER 16

Configuring Backup

Figure 16-5 The Server Backup Propert es d a og box

From the Server Backup Propert es box, you can change the configurat on of your ex stng backup w thout destroy ng a ready created backups To change the backup dest nat ons, fo ow these steps 1. C ck Backup Dest nat on n the eft pane 2. C ck Add Or Remove Dr ves to open the Add Or Remove Backup Dest nat on Dr ves

page 3. The current y configured backup dr ves w

be shown, a ong w th any other ava ab e removab e dr ves Se ect the dr ves you want to add, and c ear the dr ves you want to no onger use as backup dest nat ons If your dr ve sn’t sted, se ect the Show A Va d Interna And Externa Backup Dest nat ons check box

4. C ck Next If you’ve added a dr ve, you are asked to prov de a abe for t as shown n

F gure 16-6


CHAPTER 16 389

Figure 16-6 Labe ng a new backup dest nat on dr ve

5. On the confirmat on page, rev ew your se ect ons and c ck Configure Changing Items To Be Backed Up

You can change what s backed up n the SBS Server Backup from that same Server Backup Propert es d a og box shown n F gure 16-5 To change what s backed up, se ect Backup Items n the eft pane of the Server Backup Propert es d a og box Se ect the dr ves to nc ude, or c ear the check box for any dr ves you want to exc ude from the backup A though SBS shou d not a ow you to c ear dr ves where cr t ca app cat on fi es, such as Exchange databases, are stored, th s sn’t re ab y detected from th s d a og box, so use caut on In genera , you shou d back up a ava ab e dr ves (vo umes) w th SBS Server Backup un ess you know that the dr ve conta ns on y trans ent or eas y rep aceab e fi es Modifying the Backup Schedule

You can change when backups beg n from the Server Backup Propert es d a og box shown ear er n F gure 16-5 To change the backup t mes and frequency, se ect Backup Schedu e n the eft pane, and then se ect one of the opt ons for the backup schedu e The opt ons are ■

Choose Once A Day and a backup w

be performed every day at 11 00 P M oca t me

■

Choose Tw ce A Day and backups w t me

be performed da y at noon and 11 00 P M oca

■

Choose Custom and you can se ect a backup schedu e of your own dev s ng, so ong as t’s at east once a day

390 CHAPTER 16

Configuring Backup

Important Store your external storage drives offsite and regularly rotate them to pro-

tect your data against disaster.

View Backup History

You can v ew your backup h story from the Server Backup Propert es d a og box shown ear er n F gure 16-5 Just h gh ght the server to v ew n the SBS Conso e and choose V ew Backup H story to open the Server Backup Propert es d a og box

Windows Server Backup Using Native Tools The a ternat ve to us ng the Configure Server Backup W zard n the W ndows SBS Conso e s to run the nat ve W ndows Server Backup conso e, shown n F gure 16-7 By configur ng your SBS server’s backup us ng the W ndows Server Backup conso e, you have add t ona configurat on cho ces wh e st fu y protect ng your SBS server

Figure 16-7 The nat ve W ndows Server Backup conso e


CHAPTER 16 391

Create a Backup Schedule The nat ve too s equ va ent of the Configure Server Backup W zard s the Backup Schedu e W zard, wh ch s aunched by se ect ng the Backup Schedu e task on the Act ons menu Th s w zard configures the backup type, fi e se ect on, backup dest nat on, and the backup frequency To create a new backup schedu e that backs up the ent re server, open the W ndows Server Backup app cat on and then use the fo ow ng steps 1. Se ect Backup Schedu e from the Act ons menu to open the Backup Schedu e W zard,

shown n F gure 16-8

Figure 16-8 The Gett ng Started page of the Backup Schedu e W zard

2. C ck Next to open the Se ect Backup Configurat on page of the Backup Schedu e W z-

ard as shown n F gure 16-9 Se ect Fu Server (Recommended)

392 CHAPTER 16

Configuring Backup

Figure 16-9 The Se ect Backup Conf gurat on page of the Backup Schedu e W zard

3. C ck Next to open the Spec fy Backup T me page The defau t s once a day, but you

can choose to have backups happen more frequent y 4. C ck Next to open the Spec fy Dest nat on Type page, shown n F gure 16-10 The

cho ces are ■

Back Up To A Hard Disk That Is Dedicated For Backups (Recommended) Th s opt on behaves essent a y the same as runn ng the SBS Configure Server Backup You must have a separate, ded cated hard d sk, preferab y externa , that w be used on y for W ndows Server Backup The d sk s formatted before n t a use and does not get ass gned a dr ve etter

■

Back Up To A Volume Th s opt on a ows the backup fi es to share an ex st ng vo ume on the SBS server Th s s gn ficant y mpacts the performance of the vo ume and shou d be se ected on y f there s no other v ab e opt on

■

Back Up To A Shared Network Folder Th s opt on a ows you to back up to another computer on the network that has shared d sk space, such as a W ndows Storage Server 2008 R2 Essent a s (WSSE) server However, th s opt on on y keeps a s ng e backup fi e, so you won’t have mu t p e generat ons of backups If you choose th s, you shou d do a secondary backup of the backup fi e to another ocat on to prov de a way to recover o der generat ons of backups


CHAPTER 16 393

Figure 16-10 The Spec fy Dest nat on Type page of the Backup Schedu e W zard

5. Spec fy the dest nat on type and then c ck Next to open the Se ect Dest nat on D sk,

Se ect Dest nat on Vo ume, or Spec fy Remote Shared Fo der page The opt ons on th s page w vary s ght y depend ng on wh ch type you choose For th s step, we’ choose a shared fo der on the WSSE server, as shown n F gure 16-11

Figure 16-11 The Spec fy Remote Shared Fo der page of the Backup Schedu e W zard

394 CHAPTER 16

Configuring Backup

6. C ck Next and you’ be prompted for credent a s to connect to the remote shared

fo der Prov de the credent a s, c ck OK, and then c ck F n sh to comp ete the Backup Schedu e W zard Note If the computer hosting the shared volume is in a workgroup and is not a mem-

ber of the SBS domain, you’ll need to provide credentials for the remote computer that won’t cause issues. The trick is to have a local user on the remote computer that has the same user name (and password) as an administrator for the SBS network. When asked to specify the credentials for the share, use the user name alone, not the DOMAIN\ Username format. So, for example, I used Charlie as the user name, not EXAMPLE\ Charlie or WSS-200\Charlie.

7. C ck C ose to c ose the w zard and return to the W ndows Server Backup conso e

Changing the Backup Configuration Even when you use the nat ve W ndows Server Backup conso e to configure backups, you can st use the W ndows SBS Conso e to mod fy some of the sett ngs C ck Backup And Server Storage and then c ck on the Backup tab When you se ect the current y configured backup, the Tasks pane updates to show the changes you can make as we as prov d ng deta s about the current backup configurat on You can ■

Add or remove backup tems (ent re vo umes on y)

■

Change the backup schedu e

■

Temporar y pause backups (w thout chang ng other sett ngs)

■

D sab e the backups (de etes the current configurat on ent re y)

What you can’t do from the W ndows SBS Conso e s change the backup dest nat on, or change what tems on a part cu ar vo ume are backed up To make these changes, you need to open the W ndows Server Backup conso e and se ect Configure Backup Schedu e

Using the Backup Once Wizard The Backup Once W zard s ntended as a supp ement to regu ar y schedu ed backups, not as a subst tut on for them For examp e, you can use the Backup Once W zard for the fo ow ng s tuat ons

■

Vo umes or fo ders that are not nc uded n regu ar backups

■

Vo umes or fo ders that are part of the regu ar backup but that conta n mportant tems that shou d be backed up mmed ate y before mak ng changes that w affect them

■

Backups of regu ar y schedu ed tems to a ocat on other than where schedu ed backups are stored

Using the Backup Once Wizard

CHAPTER 16 395

If you are us ng a oca d sk, be sure the d sk supports e ther USB 2 0 or IEEE 1394 ( f externa ) or s attached to the server If us ng DVDs, make sure that a DVD wr ter s connected to the server and on ne, and that you have enough b ank DVDs to store the contents of a the vo umes you want to back up Backups to DVDs can span mu t p e DVDs f the backup s too arge for a s ng e DVD Note Using Backup Once is not the same as the Backup Now link in Windows SBS Con-

sole. Backup Now performs a full backup using the settings you’ve already configured. Backup Once allows configuring as you go.

To create a manua backup on a oca d sk, DVD, or removab e med a, open the W ndows Server Backup app cat on and then fo ow these steps 1. In the Act ons pane, under W ndows Server Backup, c ck Backup Once to start the

Backup Once W zard 2. On the Backup Opt ons page, se ect e ther Schedu ed Backup Opt ons to use the same

sett ngs as your regu ar backups or D fferent Opt ons to change what s be ng backed up or where t s be ng backed up to 3. If you se ect Schedu ed Backup Opt ons, the next page w

C ck Backup and the backup w

be a Confirmat on page

proceed

4. If you se ected D fferent Opt ons, on the Se ect Backup Configurat on page, se ect Fu

Server to back up everyth ng, or se ect Custom to spec fy the vo umes and fo ders to back up 5. If you se ected Fu Server, the backup w

proceed, but f you se ected Custom, the Se ect Items For Backup page, shown n F gure 16-12, opens

396 CHAPTER 16

Configuring Backup

Figure 16-12 The Se ect tems For Backup page of the Backup Once W zard

6. C ck Add Items to open the Se ect Items d a og box, shown n F gure 16-13 You can

spec fy who e vo umes or nd v dua fi es and fo ders When you fin sh se ect ng tems, c ck OK to return to the Se ect Items For Backup page

Figure 16-13 The Se ect tems d a og box a ows you to spec fy nd v dua f es and fo ders

Using the Backup Once Wizard

CHAPTER 16 397

7. C ck Advanced Sett ngs to open the Advanced Sett ngs d a og box On the Exc us ons

tab, you can exc ude fi es and fo ders from the backup On the VSS Sett ngs tab, shown n F gure 16-14, you can spec fy e ther VSS Fu Backup or VSS Copy Backup In genera , on an SBS server, you shou d spec fy VSS Fu Backup un ess you are us ng a th rd-party backup program as your pr mary backup

Figure 16-14 The Advanced Sett ngs d a og box a ows you to set the VSS backup type

8. C ck Next to open the Spec fy Dest nat on Type page Se ect Loca Dr ves to back up to

a dr ve connected to the server, nc ud ng a DVD dr ve, or se ect Remote Shared Fo der to save to a network share C ck Next 9. On the Confirmat on page, rev ew the deta s and then c ck Backup 10. On the Backup Progress page, shown n F gure 16-15, you can v ew the status of the

backup If you are back ng up to a DVD, you are not fied to nsert the first DVD n the dr ve and then, f the backup s too arge for a s ng e DVD, you w be prompted for subsequent DVDs as the backup progresses

398 CHAPTER 16

Configuring Backup

Figure 16-15 The Backup Progress page of the Backup Once W zard

11. C ck C ose to c ose the Backup Once W zard The backup w

cont nue

The Backup Once W zard a ows you to perform a custom backup w thout d sturb ng your ex st ng backup schedu e, or de et ng any ex st ng backups It’s a usefu too , and one you shou d use before mak ng any major change to your SBS server

Recovering Backups There’s not much po nt to do ng regu ar backups un ess you can recover what you need when you need t After your first fu backup and per od ca y thereafter, you shou d test that your backups can be restored We’ve sa d t before, n a w de var ety of p aces, but t bears repeatng If you haven’t tested your backup by restoring from it, you should assume you don’t have a backup at all.

Recovering Backups

CHAPTER 16 399

Recovering Your Server The backups you’ve created w th W ndows Server Backup can be used to recover your operatng system, system state, vo umes, app cat on data, backup cata og, and oca fi es and fo ders D fferent too s are used to recover d fferent objects For examp e ■

The Recovery W zard n W ndows Server Backup can recover the system state, fi es and fo ders, app cat ons, and vo umes

■

W ndows Setup d sc or a separate nsta at on of the W ndows Recovery Env ronment can recover the operat ng system and the fu server (a vo umes)

■

The Cata og Recovery W zard can recover the backup cata og Th s w zard s ava ab e on y when the backup cata og s corrupted

Note You can perform all of these recovery procedures using the Wbadmin command

described in the section “Using the Wbadmin Command” later in the chapter.

Recovering Volumes When you restore a fu vo ume us ng the Recovery W zard, a contents of the vo ume are restored—you can’t se ect nd v dua fi es or fo ders to recover To recover just certa n fi es or fo ders and not a fu vo ume, see “Recover ng F es and Fo ders from the Loca Server” and “Recover ng F es and Fo ders from Another Server” ater n th s chapter To recover se ected vo umes, fo ow these steps 1. Open the Adm n strat ve Too s menu, and c ck W ndows Server Backup 2. In the Act ons pane, under W ndows Server Backup, c ck Recover to start the Recovery

W zard ■

On the Gett ng Started page, spec fy whether the vo umes w be recovered from backups stored on th s computer or another computer If you’re recover ng fi es from the oca backup, se ect Th s Server (SERVERNAME)

■

If you are recover ng vo umes from backups of another computer, spec fy where the fi es are ocated The cho ces are a oca dr ve or a remote shared fo der The oca dr ve opt on supports on y DVD fu vo ume backups or backups stored on dr ves that are recogn zed as removab e Many eSATA dr ves w not be recogn zed as removab e

3. If you are recover ng from th s computer, on the Se ect Backup Locat on page, se ect

the ocat on of the backup from the drop-down st If you are recover ng from DVD or removab e med a, you are prompted to nsert the dev ce or first DVD n the ser es C ck Next

400 CHAPTER 16

Configuring Backup

4. For a recovery e ther from the oca computer or another computer, on the Se ect

Backup Date page, se ect the date from the ca endar and the t me from the drop-down st of backups you want to restore from C ck Next 5. On the Se ect Recovery Type page, c ck Vo umes and then c ck Next 6. On the Se ect Vo umes page, se ect the check boxes assoc ated w th the vo umes n the

Source Vo ume co umn that you want to recover Then, from the assoc ated drop-down st n the Dest nat on Vo ume co umn, se ect the ocat on that you want to recover the vo ume to C ck Next Important A message informs you that any data on the destination volume will be

lost when you perform the recovery. Be sure the destination volume is either empty or doesn’t contain information that could be needed later.

7. On the Confirmat on page, rev ew the deta s and then c ck Recover to restore the

spec fied vo umes 8. On the Recovery Progress page, you can v ew the status of the recovery operat on and

determ ne whether t was comp eted successfu y

Recovering Files and Folders from the Local Server Occas ona y, fi es w be corrupted or overwr tten and t’s necessary to recover them from a recent backup To recover nd v dua fi es and fo ders, fo ow these steps 1. Open the Adm n strat ve Too s menu, and c ck W ndows Server Backup 2. In the Act ons pane, under W ndows Server Backup, c ck Recover to start the Recovery

W zard 3. On the Gett ng Started page, se ect Th s Server and c ck Next 4. On the Se ect Backup Date page, se ect the date and t me of the backup you want to

recover from C ck Next 5. On the Se ect Recovery Type page, se ect F es And Fo ders as the type of recovery

C ck Next 6. On the Se ect Items To Recover page, under Ava ab e Items, expand the st unt the

fo der you want s v s b e as shown n F gure 16-16 C ck a dr ve to see a st of fo ders n t, or se ect a fo der to see a st of fi es and subfo ders n t Se ect the fi es and fo ders you want to restore n the Items To Recover pane

Recovering Backups

CHAPTER 16 401

Figure 16-16 Se ect ng the tems to be recovered

7. On the Spec fy Recovery Opt ons page, under Recovery Dest nat on, se ect one of the

fo ow ng ■

Or g na Locat on

■

Another Locat on (Type the path to the ocat on or c ck Browse to se ect t )

Important We strongly recommend that you always recover to a different location

whenever possible. This allows the greatest flexibility and safety in recovery and can protect you from inadvertently overwriting files.

8. On the same page, n the When Th s W zard F nds Items In The Backup That Are

A ready In The Recovery Dest nat on sect on, choose one of the fo ow ng opt ons and then c ck Next ■

Create Cop es So I Have Both Vers ons Of The F e Or Fo der

■

Overwr te Ex st ng F es W th Recovered F es

■

Don’t Recover Those F es And Fo ders

9. On the same page, se ect whether to restore access perm ss ons or not and then c ck

Next

402 CHAPTER 16

Configuring Backup

10. On the Confirmat on page, rev ew the deta s and then c ck Recover to restore the

spec fied tems 11. The Recovery Progress page d sp ays the status of the recovery operat on C ck C ose

when the process s fin shed

Recovering Files and Folders from Another Server To recover fi es and fo ders from a backup on another server, fo ow these steps 1. Open the Adm n strat ve Too s menu, and c ck W ndows Server Backup 2. In the Act ons pane, under W ndows Server Backup, c ck Recover to start the Recovery

W zard 3. On the Gett ng Started page, se ect Another Server and c ck Next 4. On the Spec fy Locat on Type page, se ect one of the fo ow ng and then c ck Next ■

Loca Dr ves

■

Remote Shared Fo der

5. If you are recover ng from a oca dr ve, on the Se ect Backup Locat on page, se ect the

ocat on of the backup from the drop-down st 6. If you are recover ng from a remote shared fo der, spec fy the path to the remote

shared fo der C ck Next 7. On the Se ect Backup Date page, se ect the date from the ca endar and the t me from

the drop-down st of backups you want to restore from C ck Next 8. On the Se ect Recovery Type page, se ect F es And Fo ders and then c ck Next 9. On the Se ect Items To Recover page, expand the st under Ava ab e Items unt the

fo der you want s v s b e C ck a fo der to d sp ay the contents n the adjacent pane, se ect each tem that you want to restore, and then c ck Next 10. On the Spec fy Recovery Opt ons page, under Recovery Dest nat on, c ck one of the

fo ow ng and then c ck Next ■

Or g na ocat on (For some scenar os, th s opt on may be unava ab e )

■

Another ocat on (Type the path to the ocat on or c ck Browse to se ect t )

Important We strongly recommend that you always recover to a different location

whenever possible. This allows the greatest flexibility and safety in recovery and can protect you from inadvertently overwriting files.

Recovering Backups

CHAPTER 16 403

11. On the same page, n the When Th s W zard F nds Items In The Backup That Are

A ready In The Recovery Dest nat on sect on, choose one of the fo ow ng opt ons and then c ck Next ■

Create Cop es So I Have Both Vers ons Of The F e Or Fo der

■

Overwr te Ex st ng F es W th Recovered F es

■

Don’t Recover Those F es And Fo ders

12. On the same page, se ect whether to restore access perm ss ons or not and then c ck

Next 13. On the Confirmat on page, rev ew the deta s and then c ck Recover to restore the fi es

and fo ders 14. On the Recovery Progress page, v ew the status of the recovery operat on to determ ne

whether t was comp eted successfu y C ck C ose when the recovery s comp eted

Recovering Applications and Data The Recovery W zard n W ndows Server Backup can be used to recover app cat ons and data from a backup, prov ded that the app cat on n quest on uses Vo ume Shadow Copy Serv ce (VSS) techno ogy so that t s compat b e w th W ndows Server Backup A so, the VSS wr ter for the app cat on must have been enab ed before you created the backup be ng used for recovery Most app cat ons do not enab e the VSS wr ter by defau t You w have to exp c t y enab e t If the VSS wr ter was not enab ed for the backup, you w not be ab e to recover app cat ons from t To recover an app cat on, fo ow these steps 1. Open the Adm n strat ve Too s menu, and c ck W ndows Server Backup 2. In the Act ons pane, under W ndows Server Backup, c ck Recover to start the Recovery

W zard 3. On the Gett ng Started page, spec fy whether the app cat on w

be recovered from backups run on th s computer or another computer and then c ck Next

4. If you’re recover ng oca app cat ons, the ocat on of the backup s a ready known If

you’re recover ng an app cat on for a d fferent server, you’ be prompted for the ocat on of the backup fi es C ck Next 5. On the Se ect Backup Date page, se ect the date and t me of the backup to restore

from and c ck Next 6. On the Se ect Recovery Type page, choose App cat ons and then c ck Next 7. On the Se ect App cat on page, under App cat ons, se ect the app cat on to recover,

as shown n F gure 16-17

404 CHAPTER 16

Configuring Backup

Figure 16-17 The Se ect App cat on page of the Recovery W zard

If the backup that you are us ng s the most recent and the app cat on you are recover ng supports a ro -forward of the app cat on database, you w see a check box abe ed Do Not Perform A Ro -Forward Recovery Of The App cat on Databases Se ect th s check box f you want to prevent W ndows Server Backup from ro ng forward the app cat on database that s current y on your server C ck Next

Important Roll-forward recovery uses information stored in transaction log files

to return a database to the state it was in at an exact point in time. To perform a rollforward recovery, archival logging must be enabled and a full backup image of the database must be available, as well as access to all archived log files created since the last successful backup image. If a roll-forward recovery isn’t possible, a version recovery will be performed. Version recovery is the process used to return a database to the state it was in at the time a particular backup image was made.

8. On the Spec fy Recovery Opt ons page, se ect How Do You Want To Recover The App -

cat on Data and then se ect one of the fo ow ng opt ons

■

Recover To Or g na Locat on

■

Recover To Another Locat on (Type the path to the ocat on or c ck Browse to se ect t )

Recovering Backups

CHAPTER 16 405

Note If you recover to a different location, only the application data will be recov-

ered. The application itself will not be recovered.

9. C ck Next to open the Confirmat on page, rev ew the deta s, and then c ck Recover to

restore the sted tems 10. On the Recovery progress page, v ew the status of the recovery operat on to deter-

m ne whether t was comp eted successfu y

Recovering the Operating System You can recover your server operat ng system or fu server by us ng a W ndows SBS Insta at on DVD and a backup created w th W ndows Server Backup The W ndows Insta at on d sc a ows access to the System Recovery Opt ons page n the W ndows Recovery Env ronment Before you start, you need to determ ne the fo ow ng ■

Where you w

recover to

■

What backup you w

■

Whether you w

perform an operat ng system–on y or fu -server recovery

■

Whether you w

reformat and repart t on your d sks

use

Important When recovering to a new hard disk, the new disk must be at least as large

as the disk that contained the volumes that were backed up—no matter what size those volumes were. For example, if you backed up only one 50 GB volume on a 1-terabyte disk, you have to use a 1-terabyte or larger disk when restoring.

To recover the operat ng system or the fu server to a new server or hard d sk, us ng the W ndows SBS Insta at on d sk, fo ow these steps 1. Insert the W ndows SBS Setup d sc nto the DVD dr ve, and turn on the computer The

Insta W ndows W zard appears 2. Se ect the anguage opt ons and then c ck Next 3. On Insta Now page, shown n F gure 16-18, se ect Repa r Your Computer

406 CHAPTER 16

Configuring Backup

Figure 16-18 The nsta Now Page of the nsta W ndows W zard

4. Setup searches the hard d sk dr ves for an ex st ng W ndows nsta at on and then d s-

p ays the resu ts n System Recovery Opt ons, as shown n F gure 16-19

Figure 16-19 The System Recovery Opt ons d a og box

Recovering Backups

CHAPTER 16 407

5. C ck Next and W ndows w

attempt to ocate an mage to recover If you are recoverng from a removab e hard d sk or DVD mage, t shou d ocate t But f you are recover ng from an nterna d sk or from a network share, t w fa and you’ see the error message shown n F gure 16-20

Figure 16-20 The recovery can t f nd a W ndows mage backup

6. C ck Cance to open the Se ect A System Image Backup page, shown n F gure 16-21

Figure 16-21 The Se ect A System mage Backup page of the Re mage Your Computer W zard

7. C ck Next to open the Se ect The Locat on Of The Backup For The Computer You Want

To Restore page shown n F gure 16-22

408 CHAPTER 16

Configuring Backup

Figure 16-22 The Se ect The Locat on Of The Backup For The Computer You Want To Restore

page

8. Attach a hard d sk w th the mage on t and c ck Refresh, or c ck Advanced to open

the d a og box shown n F gure 16-23

Figure 16-23 You can search for an mage on the network

9. C ck Search For A System Image On The Network You’ be warned that th s shou d

on y be done on a trusted network Secur ty updates are not nsta ed at th s po nt, and the W ndows F rewa s not enab ed 10. C ck Yes n the warn ng d a og box, and then spec fy the ocat on of the network fo der

to connect to, as shown n F gure 16-24

Figure 16-24 Spec fy the network fo der share where your SBS backups are ocated

Recovering Backups

CHAPTER 16 409

11. C ck OK and then spec fy the user name and password to connect to the network

share as shown n F gure 16-25 On most SBS networks, th s w have to be a local computer account on the remote computer because there w not be a doma n contro er to authent cate you

Figure 16-25 You

need to spec fy oca credent a s to connect to the network share

12. Se ect the computer that you want to restore, as shown n F gure 16-26

Figure 16-26 Se ect the computer mage to restore

13. C ck Next to open The Se ect The Date And T me Of System Image To Restore page,


410 CHAPTER 16

Configuring Backup

Figure 16-27 Se ect the mage to restore from the st of backups ava ab e

14. C ck Next to open the Choose Add t ona Restore Opt ons page On th s page, you

can se ect to format and part t on d sks f the w zard sees suffic ent d sks ava ab e, or se ect On y Restore System Dr ves f you want to just restore the dr ves requ red to run W ndows You can restore data dr ves after SBS s restored 15. On the confirmat on page, ver fy that the act ons are correct and c ck F n sh 16. You’ be warned that a d sks used for the restore w

restore w

be formatted C ck Yes and the

start

Restoring a Backup Catalog The deta s of your backups are stored n a fi e ca ed a backup catalog Th s fi e conta ns nformat on about what vo umes are backed up and where they’re ocated W ndows Server Backup stores the cata og n the same p ace that you store your backups If the cata og fi e s corrupted, W ndows Server Backup sends you an a ert and an event s added to the event og (Event 514) Before you can perform add t ona backups, the cata og must be restored or de eted If you have no backups that you can use to recover the cata og, the corrupted fi e must be de eted Th s means nformat on about prev ous backups s ost and the backups can’t be accessed us ng W ndows Server Backup Therefore, t’s mportant to create a new backup mmed ate y after de et ng the cata og fi e Note The Catalog Recovery Wizard is available only when Windows Backup Server de-

tects that the catalog file is corrupted.

Recovering Backups

CHAPTER 16 411

To recover a backup cata og, fo ow these steps 1. Open the Adm n strat ve Too s menu, and c ck W ndows Server Backup 2. In the Act ons pane, under W ndows Server Backup, c ck Recover to start the Cata og

Recovery W zard 3. On the Spec fy Storage Type page, se ect one of the fo ow ng ■

If you don’t have a backup to use to recover the cata og and you just want to de ete the cata og, c ck I Don’t Have Any Usab e Backups, c ck Next, and then c ck F n sh

■

If you do have a backup that you can use, spec fy whether the backup s on a oca dr ve or remote shared fo der and then c ck Next

4. Do one of the fo ow ng ■

On the Se ect Backup Locat on page, f the backup s on a oca dr ve ( nc ud ng DVDs), se ect the dr ve that conta ns the backup that you want to use from the drop-down st If you are us ng DVDs, make sure the last DVD of the ser es s n the dr ve C ck Next

■

If the backup s on a remote shared fo der, on the Spec fy Remote Fo der page, type the path to the fo der that conta ns the backup that you want to use and then c ck Next

A message nforms you that backups taken after the backup that you are us ng for the recovery w not be access b e C ck Yes 5. On the Confirmat on page, rev ew the deta s and then c ck F n sh to recover the

cata og 6. On the Summary page, c ck C ose

After the cata og recovery s comp eted or you have de eted the cata og, you must c ose and then reopen W ndows Server Backup to refresh the v ew

Using the Command Line to Manage Backups There are two ways to do backups from the command ne—us ng W ndows PowerShe or us ng the Wbadm n command Persona y, we much prefer us ng W ndows PowerShe for everyth ng we can, but there are m tat ons here The PowerShe nterface to backups s done through a PowerShe snap- n, and th s snap- n does not prov de any nterface to do ng restores, on y backups Th s sn’t a huge prob em because n the vast major ty of cases you don’t need to automate restores, but you can and shou d be automat ng backups The other s gn ficant m tat on of W ndows PowerShe support for manag ng backups s that t sn’t ava ab e on the M crosoft Hyper-V Server Th s means that you can’t use W ndows PowerShe to manage your backups on the M crosoft Hyper-V Server f you’re us ng that as your v rtua zat on so ut on You’ need to use the Wbadm n command

412 CHAPTER 16

Configuring Backup

# You may copy and modify this script for your own internal use. # If you publish this script or a derivative of it in any form you must # provide full attribution to the authors of this script, # Charlie Russel and Sharon Crawford, and to their book: # “Windows Small Business Server 2011 Standard Administrator’s Companion” # (MSPress, 2011) for which this script was written. # The following will error if already loaded, but continue, so ignore Add-PSSnapin Windows.ServerBackup # First, create a new empty policy $BackupPolicy = New-WBPolicy

# Now, define the parts of it. # First, let’s do the volumes. This requires us to first get a list of them, # and then parse that list to add the ones we want (C:, D: and E:) # We don’t actually need C:, since we’ll get that as part of Bare Metal Restore, # but we include it anyway for completeness $volC = Get-WBVolume -AllVolumes | Where {$_.MountPath -eq “C:”} $volD = Get-WBVolume -AllVolumes | Where {$_.MountPath -eq “D:”} $volE = Get-WBVolume -AllVolumes | Where {$_.MountPath -eq “E:”} $Volumes = $volC,$volD,$volE # now, add that to the blank policy Add-WBVolume -policy $BackupPolicy -volume $Volumes #Define the Exclusions. $excD = New-WBFileSpec -Filespec D:\Temp –exclude $excE = New-WBFileSpec -Filespec E:\Temp –exclude $FileExclusions = $excE,$excD

# and then add that to the policy we’re building Add-WBFileSpec -policy $BackupPolicy -filespec $FileExclusions # Define the backup target # First, you need to create a credential to connect to the remote share # You can specify the username here (DOMAIN\User) but will be # prompted for the password $Cred = Get-Credential example\Charlie

# Now, define the target $Target = New-WBBackupTarget -NetworkPath \\WSS-200\ServerBackup -Credential $Cred

Using the Command Line to Manage Backups

CHAPTER 16 415

# Add the target to the policy Add-WBBackupTarget -policy $BackupPolicy -target $Target

# Define the schedule $sch1 = [datetime]”12/27/2010 12:30:00” $sch2 = [datetime]”12/27/2010 21:00:00” Set-WBSchedule -policy $BackupPolicy -schedule $sch1,$sch2

# Set for system state and for bare metal recovery Add-WBSystemState -policy $BackupPolicy Add-WBBareMetalRecovery -policy $BackupPolicy

# Finally, set for full VSS Backup Set-WBVssBackupOptions -policy $BackupPolicy -VssFullBackup

# Finally, we need to SET the policy before it actually takes control Set-WBPolicy -force -policy $BackupPolicy

# This completes the configuration of the SBS server backup policy $SBSname = (hostname).tolower()

“ The SBS Server $SBSname now has the following backup configuration: “ “” Get-WBPolicy

Using the Wbadmin Command The Wbadm n command a ows you to back up and restore vo umes and fi es from the command ne Wbadm n rep aces the Ntbackup command that was part of SBS 2003 You can’t use Wbadm n to recover backups created w th Ntbackup However, f you need to recover backups made w th Ntbackup, you can down oad a vers on of Ntbackup usab e w th W ndows Server 2008 R2 Th s down oadab e vers on of Ntbackup a ows you to perform recover es of egacy backups, but you cannot use t on W ndows Server 2008 R2 to create new backups To down oad th s vers on of Ntbackup, see http://go.microsoft.com/fwlink/?LinkId=82917 The next sect ons st Wbadm n commands and syntax Tab e 16-3 sts and descr bes the parameters used w th Wbadm n For add t ona ass stance, type Wbadmin /? at a command prompt

416 CHAPTER 16

Configuring Backup

[-allcritical] [-user:username] [-password:password] [-inheritacl:inheritacl] [-quiet]

Wbadmin disable backup The fo ow ng subcommand d sab es runn ng schedu ed da y backups wbadmin disable backup [-quiet]

Wbadmin start backup The fo ow ng subcommand runs a backup job wbadmin start backup [-backupTarget:{TargetVolume | TargetNetworkShare}] [-include:VolumesToInclude] [-allCritical] [-vssFull] [-noVerify] [-user:UserName] [-password:Password] [-noinheritAcl] [-quiet]

Wbadmin stop job The fo ow ng subcommand stops a runn ng backup or recovery job Wbadmin stop job [-quiet]

Wbadmin start recovery The fo ow ng subcommand runs a recovery based on the spec fied parameters wbadmin start recovery -version:VersionIdentifier -items:VolumesToRecover | AppsToRecover | FilesOrFoldersToRecover} -itemtype:{Volume | App | File} [-backupTarget:{VolumeHostingBackup | NetworkShareHostingBackup}] [-machine:BackupMachineName] [-recoveryTarget:{TargetVolumeForRecovery | TargetPathForRecovery}] [-recursive] [-overwrite:{Overwrite | CreateCopy | Skip}]

420 CHAPTER 16

Configuring Backup

[-notRestoreAcl] [-skipBadClusterCheck] [-noRollForward] [-quiet]

Wbadmin start systemstatebackup The fo ow ng subcommand creates a backup of the system state of a computer A backup of the system state can be saved on y to a oca y attached d sk (e ther nterna or externa ) It cannot be saved to a DVD or to a remote shared fo der In add t on, on y the system state and system app cat ons can be recovered from th s backup—vo umes and fi es cannot be recovered from th s backup wbadmin start systemstatebackup -backupTarget: [-quiet]

Wbadmin start systemstaterecovery The fo ow ng subcommand runs a system state recovery based on the supp ed parameters wbadmin start systemstaterecovery -version:VersionIdentifier -showsummary [-backupTarget:{VolumeName | NetworkSharePath}] [-machine:BackupMachineName] [-recoveryTarget:TargetPathForRecovery] [-excludeSystemFiles] [-authsysvol] [-quiet]

Wbadmin start sysrecovery The fo ow ng subcommand runs a system recovery based on spec fied parameters Th s command can be run on y from the W ndows Recovery Env ronment, and t s not sted by defau t n the usage text of Wbadm n (You can access the W ndows Recovery Env ronment from a W ndows Server 2008 R2 nsta at on DVD by nsert ng the DVD and fo ow ng the steps n the w zard unt you see the opt on Repa r Your Computer C ck th s nk to open the System Recovery Opt ons d a og box ) wbadmin start sysrecovery -version:VersionIdentifier -backupTarget:{VolumeHostingBackup | NetworkShareHostingBackup} [-machine:BackupMachineName] [-restoreAllVolumes] [-recreateDisks] [-excludeDisks]

Using the Command Line to Manage Backups

CHAPTER 16 421

[-dfsAuth] [-skipBadClusterCheck] [-quiet]

Windows Recovery Environment W ndows Recovery Env ronment (W ndows RE) s a recovery p atform des gned to automat ca y repa r common causes of unbootab e operat ng system nsta at ons When the computer fa s to start, W ndows automat ca y fa s over nto th s env ronment, and the Startup Repa r too n W ndows RE automates d agnos s and repa r In add t on, W ndows RE s a startng po nt for var ous too s for manua system recovery W ndows RE s a part a vers on of the operat ng system p us a set of too s you can use to carry out operat ng system or fu server recover es, us ng a backup that you created ear er us ng W ndows Server Backup

Wbadmin get versions The fo ow ng subcommand reports on the ava ab e backups wbadmin get versions [-backupTarget:{VolumeName | NetworkSharePath}] [-machine:BackupMachineName]

Wbadmin get status The fo ow ng subcommand reports the status of the current backup or recovery wbadmin get status

Windows Storage Server 2008 R2 Essentials If W ndows Server Backup works perfect y fine, why nvest n another backup product? Good quest on And a good answer s client backup. If you need more than d saster recovery for servers, W ndows Storage Server 2008 R2 Essent a s (WSSE) s the dea comp ement to SBS WSSE nc udes a c ent computer backup that s easy to configure and set up, and t requ res no ntervent on to keep a your SBS network’s c ent computers backed up Note WSSE is limited to 25 users and computers. However, you can have multiple WSSE

servers as members of your SBS network, so even with a large SBS network you can ensure that all client computers are backed up.

422 CHAPTER 16

Configuring Backup

When you buy W ndows Storage Server 2008 R2 Essent a s, you buy the hardware and software comb ned You mere y p ug t n to your network, turn t on, and configure t We won’t cover the n t a configurat on of your WSSE server here, because each Or g na Equ pment Manufacturer (OEM) w have a s ght y d fferent setup exper ence But when you have the WSSE server up and runn ng, the exper ence w be essent a y s m ar, though each OEM m ght have spec a add t ona app cat ons and custom zat ons for the r so ut on

Configuring Windows Storage Server 2008 R2 Essentials for an SBS Network Un ke W ndows Home Server, WSSE can be a member server n an SBS doma n Th s a ows you to eas y manage users and computers ass gned to a WSSE server, and a so makes t easy to have mu t p e WSSE servers on your network f you need to support more than 25 users and computers

Connecting Windows Storage Server Essentials to the SBS Domain The first requ rement for add ng a WSSE server to your SBS network, after you get t up and runn ng, s to configure WSSE to be a doma n member Before you can do th s, however, you shou d create a spec a secur ty group of SBS users who are a owed to connect to the WSSE server To configure your WSSE server to be a member of your SBS doma n, you first need to create a secur ty group to contro wh ch SBS users are a owed to connect to the WSSE server To create the secur ty group for WSSE users and ass gn them an ema address, use the fo ow ng steps 1. Open the W ndows Sma Bus ness Server Conso e, and se ect the Users And Groups

tab 2. C ck the Groups tab, and then c ck the Add A New Group task to open the Add A New

Group W zard 3. C ck Next to open the Add A New Group page, shown n F gure 16-28

Windows Storage Server 2008 R2 Essentials

CHAPTER 16 423

Figure 16-28 The Add A New Group page of the Add A New Group W zard

4. Enter a name for the group, and then se ect Secur ty Group If you want to be ab e to

send ema s to th s group of users, se ect the Enab e Th s Secur ty Group To Rece ve E-Ma check box Note E-mail enabling this security group allows you to send maintenance downtime

notifications and other information of interest to the users of the WSSE server. But you should generally not enable outside email for this group.

5. C ck Next to open the Create A Group E-ma Address page, as shown n F gure 16-29

424 CHAPTER 16

Configuring Backup

Figure 16-29 The Create A Group E Ma Address page of the Add A New Group W zard

6. C ck Next to open the Se ect Group Members For WSSE Users page shown n F gure

16-30 (The name on th s page w your secur ty group )

be d fferent f you’ve chosen a d fferent name for

Figure 16-30 The Se ect Group Members For WSSE Users page of the Add A New Group W zard


CHAPTER 16 425

7. Se ect the users that you want to add to th s group n the eft Users And Groups pane,

and c ck Add to move them to the Group Members pane 8. C ck Add Group to create the new secur ty group, and then F n sh when the w zard s

done After you’ve created the secur ty group to contro wh ch users have access to the WSSE server, you can jo n the server to the SBS doma n and beg n connect ng computers to the WSSE server for backup To jo n the WSSE server to the SBS doma n, use the fo ow ng steps 1. Open the W ndows Storage Server 2008 R2 Dashboard shown n F gure 16-31

Figure 16-31 The W ndows Storage Server 2008 R2 Dashboard conso e

2. C ck Server Sett ngs to open the Server Sett ngs d a og box C ck Doma n n the eft

pane, as shown n F gure 16-32, and enter the name of the SBS doma n n the Doma n To Jo n fie d

426 CHAPTER 16

Configuring Backup

Figure 16-32 The Jo n A Doma n page of the Server Sett ngs d a og box

3. C ck Jo n Doma n, and enter the credent a s for a Network Adm n strator of the SBS

doma n 4. C ck OK and then c ck Yes on the Ass gn Access To Doma n Group d a og box, shown

n F gure 16-33

Figure 16-33 The Ass gn Access To Doma n Group d a og box


CHAPTER 16 427

5. In the Se ect A Group d a og box, shown n F gure 16-34, se ect the secur ty group you

just created and c ck OK

Figure 16-34 The Se ect A Group d a og box

6. C ck OK when prompted to reboot the WSSE server 7. On the W ndows SBS server, open Act ve D rectory Users And Computers from the

Adm n strat ve Too s menu 8. Nav gate to the SBSComputers Organ zat ona Un t (OU) as shown n F gure 16-35

428 CHAPTER 16

Configuring Backup

Figure 16-35 The WSSE server s n the SBSComputers OU

9. Se ect the WSSE server n the st of computers n the SBSComputers OU Drag the

computer to the SBSServers OU You’ be warned about mov ng objects n Act ve D rectory C ck Yes to confirm you want to do t 10. C ose Act ve D rectory Users And Computers Your W ndows Storage Server 2008 R2

Essent a s server s now a member of the SBS doma n and ready for c ent computers to connect to t


CHAPTER 16 429

Connecting to Windows Storage Server 2008 R2 Essentials You must run the W ndows Storage Server 2008 R2 Essent a s Connector on each c ent computer that w use WSSE for backup Th s connector configures the c ent computer backup sett ngs and a so nsta s a Launchpad app cat on on the c ent computer To connect your computer to the WSSE server, fo ow these steps (a on the c ent computer) 1. Open Internet Exp orer, and nav gate to http://<WSSEServerName>/Connect, as shown

n F gure 16-36

Figure 16-36 The Connect Your Computer To The Server page

2. C ck Down oad Software For W ndows and then c ck Run n the F e Down oad –

Secur ty Warn ng d a og box shown n F gure 16-37 Acknow edge the User Account Contro (UAC) warn ng by c ck ng Yes

Figure 16-37 A ways know why you re choos ng to run a f e over the network

430 CHAPTER 16

Configuring Backup

3. C ck Next on each of the first two pages of the Connect A Computer To The Server

W zard 4. On the Log On To Your W ndows Storage Server 2008 R2 page, shown n F gure 16-38,

enter the password for the WSSE server

Figure 16-38 You

need to know the password for your W ndows Storage Server 2008 R2 server

Note The exact steps in this sequence might vary if you don’t have all the prereq-

uisites for connecting to the Windows Storage Server 2008 R2 server, including the Microsoft .NET Framework 4.0.

5. C ck Next to open the Rev ew And Mod fy The Descr pt on Of Th s Computer If Need-

ed page Enter a descr pt on for the computer that you’re jo n ng to the WSSE server 6. C ck Next to open the Do You Want To Automat ca y Wake Up Th s Computer To Back

It Up? page, shown n F gure 16-39, and choose whether you want to automat ca y wake up the computer to run backups or not We strong y recommend that you enab e th s feature to ensure that computers are regu ar y backed up


CHAPTER 16 431

Figure 16-39 Enab ng automat c wakeup to ensure that backups happen regu ar y.

7. C ck Next to open the Do You Want To Part c pate In The W ndows Customer Exper -

ence Improvement Program? page and make a se ect on 8. C ck Next to beg n down oad ng the software to your computer and configur ng t 9. When the c ent computer has fin shed connect ng and configur ng, you’ see the Th s

Computer Is Now Connected To The Server page, shown n F gure 16-40

Figure 16-40 Your computer s now connected to the WSSE server and conf gured for automat c

backups

432 CHAPTER 16

Configuring Backup

10. C ear the Open The Dashboard To Adm n ster Your Server check box, and c ck F n sh to

c ose the w zard

The Windows Storage Server 2008 R2 Essentials Launchpad After your computer s connected to the WSSE server, you’ a so have a new app cat on added to your desktop, the Launchpad shown n F gure 16-41 Th s app cat on g ves you qu ck access to your backups for th s computer, as we as any Shared Fo ders that have been prov s oned for the SBS network The Remote Web Access nk, however, w attempt to connect to the WSSE vers on of Remote Web Access, wh ch shou d not be configured when you’re runn ng WSSE n an SBS env ronment

Figure 16-41 The Launchpad

You can c ck Backup on the Launchpad to br ng up the Backup Propert es d a og box shown n F gure 16-42 From here, you can v ew prev ous backups, start a new backup, or change the Power Management sett ngs


CHAPTER 16 433

Figure 16-42 The Backup Propert es d a og box of the WSSE Launchpad

From the Launchpad, you can a so connect to the Dashboard for the WSSE server C ck Dashboard on the Launchpad to open the Dashboard w ndow shown n F gure 16-43

Figure 16-43 The Dashboard w ndow of the Launchpad

From the Dashboard, you can configure your W ndows Storage Server 2008 R2 Essent a s server w thout hav ng to have a keyboard, mouse, or mon tor connected to t The best p ace for th s server s ocked away n the server room or c oset, or wherever you have your servers

434 CHAPTER 16

Configuring Backup

Summary W ndows Server Backup prov des a bas c but configurab e backup and recovery too , makng schedu ng backups and restor ng backed-up nformat on eas er and faster However, f you need to back up c ent computers, you’ need another so ut on We th nk that W ndows Storage Server 2008 R2 Essent a s s a perfect so ut on for an SBS network and prov des a h gh eve of recoverab ty w th a very easy to use nterface In the next chapter, we move on to an ana ys s of the W ndows SBS Conso e and Server Manager

Summary

CHAPTER 16 435

Part I V

Performing Advanced Tasks CHAPTER 17

W ndows SBS Conso e vs Server Manager 439

CHAPTER 18

Configur ng and Manag ng Ema 469

CHAPTER 19

Manag ng Loca Connect v ty 495

CHAPTER 20

Manag ng Remote Access 521

CHAPTER 21

Us ng Group Po cy 547

CHAPTER 22

Manag ng Reports 579

CHAPTER 23

Custom z ng a SharePo nt S te 597

C HAP TE R 17

Windows SBS Console vs. Server Manager T

he W ndows Sma Bus ness Server (SBS) Conso e s the heart of the M crosoft W ndows Sma Bus ness Server 2011 exper ence and s the preferred too for manag ng SBS Whenever poss b e, use the W ndows SBS Conso e The w zards and features bu t nto the conso e are des gned to work correct y w th SBS and to s mp fy the tasks you need to perform That be ng sa d, W ndows Server 2008 R2 nc udes a comp ete y new Server Manager conso e that s a huge mprovement on ear er management conso es There w be some tasks that you’ ke y need to use Server Manager for, so t’s usefu to fam ar ze yourse f w th t and to understand when to use t or the nat ve stand-a one management conso es for W ndows Server 2008 R2 The nat ve W ndows Server 2008 R2 Server Manager s the too you’ use to add a ro e, ro e serv ce, or feature to SBS, and t s a so a good gateway nto nat ve W ndows Server 2008 R2 management tasks There are some tasks, however, that w thout a doubt are best eft to the W ndows SBS Conso e, and we cover those as we , po nt ng out where us ng the nat ve too s of W ndows Server 2008 R2 s not an opt ma cho ce

Adding (and Removing) Roles and Features Add ng and remov ng ro es from W ndows Server 2008 R2 (and thus W ndows Sma Bus ness Server 2011) can be done from e ther the Server Manager conso e or the W ndows PowerShe command ne Both methods perform the same tasks and fo ow the same og c for wh ch serv ces get nsta ed But th s s defin te y a p ace where t’s a who e ot eas er to use the GUI So un ess you’re dep oy ng dozens of dent ca servers, just use Server Manager (I can’t be eve we sa d that—we’re the qu ntessent a commandne types for a most everyth ng But th s s one t me where graph ca just makes sense )

439

Roles, Role Services, and Features W ndows Server 2008 R2 makes a d st nct on between a server role, a role service, and a feature Server roles are broad group ngs of common funct ona ty that he p define what a server s used for Thus, a fi e server wou d have the F e Serv ces ro e nsta ed, and a Remote Desktop server wou d have the Remote Desktop Serv ces ro e nsta ed Each of these broad y defined ro es has ava ab e one or more ro e serv ces A role service s a part cu ar funct ona ty that s ava ab e on y for the ro e for wh ch t s a ro e serv ce Thus, for a fi e server w th the F e Serv ces ro e nsta ed, the fo ow ng ro e serv ces are ava ab e F e Server, D str buted F e System (and ts subs d ary serv ces, DFS Namespaces and DFS Rep cat on), F e Server Resource Manager, Serv ces for Network F e System, W ndows Search Serv ce, and W ndows Server 2003 F e Serv ces ( nc ud ng ts subs d ary serv ce, the Index ng Serv ce) For the Remote Desktop Serv ces ro e, the fo ow ng ro e serv ces are ava ab e Remote Desktop (RD) Sess on Host, RD V rtua zat on Host, RD L cens ng, RD Connect on Broker, RD Gateway, and RD Web Access Features are W ndows Server 2008 R2 funct ona ty that doesn’t requ re a spec fic ro e to be nsta ed Features are usefu across a w de var ety of server ro e configurat ons Features nc ude broad, genera -purpose funct ona ty, such as Group Po cy Management, as we as narrow but non-ro e-spec fic funct ona ty such as B tLocker Dr ve Encrypt on and Message Queu ng

Adding and Removing Roles Ro es reflect the tasks and serv ces we expect of our servers The F e Serv ces ro e nc udes var ous aspects of us ng SBS as a fi e server, one of the most bas c tasks of our SBS servers Genera y, the ro es that shou d be nsta ed on the ma n SBS server are nsta ed automat ca y as part of the nsta at on of W ndows Sma Bus ness Server 2011 And you shou d be very caut ous about nsta ng any add t ona ro es on the ma n SBS server SBS s a comp cated and busy server a ready, and add ng add t ona ro es or funct ona ty s not usua y recommended Instead, add a second server to your SBS network to add add t ona ro es whenever poss b e, or use the second server that s part of the Prem um Add-on for SBS

Add a Role Us ng the Server Manager conso e, you can add a ro e us ng the fo ow ng steps Note In these steps, we’ll add the Remote Desktop Session Host role to our SBS 2011

Premium Edition second server. The steps are essentially similar for any role, though the exact screens and choices will be slightly different.

Adding (and Removing) Roles and Features

CHAPTER 17 441

1. Open the Server Manager conso e f t sn’t open a ready 2. Se ect Add Ro es from the Act on menu to open the Before You Beg n page of the Add

Ro es W zard, as shown n F gure 17-1

Figure 17-1 The Before You Beg n page of the Add Ro es W zard

3. Read the adv ce on the Before You Beg n page It’s actua y good adv ce and a usefu

rem nder If you’ve read the page, understand a ts mp cat ons, and don’t ever want to see the page aga n, se ect the Sk p Th s Page By Defau t check box 4. C ck Next to open the Se ect Server Ro es page, as shown n F gure 17-2 5. Se ect the server ro e(s) you want to add You can se ect more than one, but do ng so

makes t much more ke y that you’ have to reboot before the nsta at on comp etes 6. C ck Next to open the page for the first ro e that w

be nsta ed, as shown n F gure 17-3 ( f you se ected Remote Desktop Serv ces n the prev ous step) Th s page descr bes the ro e that s be ng nsta ed, and t nc udes a Th ngs To Note sect on that conta ns caut ons or adv sor es spec fic to the ro e be ng nsta ed There s a so a nk to an Add t ona Informat on page w th up-to-date nformat on on the ro e be ng nsta ed

442 CHAPTER 17


Figure 17-2 The Se ect Server Ro es page of the Add Ro es W zard

Figure 17-3 The Remote Desktop Serv ces page of the Add Ro es W zard


CHAPTER 17 443

7. After you’ve read any Th ngs To Note, c ck Next to open the Se ect Ro e Serv ces page

shown n F gure 17-4

Figure 17-4 The Se ect Ro e Serv ces page of the Add Ro es W zard

8. Se ect the ro e serv ces you want to add at th s t me If you se ect a ro e serv ce that has

a dependency on another ro e, ro e serv ce, or feature, you’ see a pop-up d a og box descr b ng the add t ona funct ona ty that w be nsta ed, as shown n F gure 17-5

Figure 17-5 The Add Ro e Serv ces And Features Requ red For Remote Desktop Gateway page of the Add Ro es W zard

444 CHAPTER 17


9. C ck Add Requ red Ro e Serv ces to cont nue and return to the Se ect Ro e Serv ces

page, or c ck Cance f you want to change your ro e serv ces se ect on 10. C ck Next to open the next page n the Add Ro es W zard From here to the end of the

w zard, the spec fic pages w se ected

vary depend ng on what ro es and ro e serv ces you’ve

Note For Remote Desktop Services in an SBS environment, when you get to the Select

User Groups Allowed Access To This RD Session Host Server page, it’s useful to add the Windows SBS Remote Web Access Users group, as shown in Figure 17-6.

Figure 17-6 The Se ect User Groups A owed Access To Th s RD Sess on Host Server page of the

Add Ro es W zard

11. After the Add Ro es W zard has a the nformat on necessary to proceed, t w

open the Confirm Insta at on Se ect ons page Th s s your ast chance to make sure you’ve se ected the ro es and ro e serv ces you expected, and configured any necessary sett ngs appropr ate for your env ronment If everyth ng ooks correct, c ck Insta to beg n the nsta at on


CHAPTER 17 445

12. After the nsta at on comp etes, you’ see the Insta at on Resu ts page, shown n

F gure 17-7 Th s page nd cates whether the nsta at on requ res a restart or any other warn ngs or errors C ck C ose to comp ete the w zard

Figure 17-7 The nsta at on Resu ts page of the Add Ro es W zard

13. If your nsta at on requ res a restart, you’ be prompted to restart the server You

m ght as we do t now because you can’t nsta anyth ng e se wh e a restart s pend ng 14. If your nsta at on requ res a restart, be sure to og back on w th the same account you

used to add the ro e The nsta at on can’t comp ete unt you og back on w th that account The Resume Configurat on W zard w open and comp ete the nsta at on of the ro es and ro e serv ces you se ected C ck C ose when the nsta at on s comp ete

446 CHAPTER 17


Removing a Role You can use e ther the graph ca Server Manager conso e to remove a ro e, or you can use the deprecated but st ava ab e commandne ut ty ServerManagerCmd exe Or you can use the W ndows PowerShe Remove-W ndowsFeature cmd et A have the same funct ona ty they remove on y the exp c t ro e se ected They w not usua y remove any ro es or ro e serv ces that were added dur ng the n t a ro e nsta at on to support the ro e be ng removed— un ess the ro e, ro e serv ce, or feature requ res the ro e that s be ng removed That’s a b t confus ng, sn’t t? Okay, how about a spec fic examp e that makes t a b t c earer Let’s say you nsta ed the Remote Desktop Serv ces ro e w th a ts ro e serv ces You’ a so have Network Po cy And Access Serv ces nsta ed, a ong w th Web Server (IIS) You can un nsta the ent re Remote Desktop Serv ces ro e, and ne ther the Network Po cy And Access Serv ces nor Web Server (IIS) ro es w removed But f you remove the Network Po cy And Access Serv ces ro e, t w a so remove the Remote Desktop Gateway feature, as shown n F gure 17-8

Figure 17-8 Remov ng the Network Po cy And Access Serv ces ro e forces remova of the Remote Desk

top Gateway feature.

To remove a ro e us ng the Server Manager conso e, fo ow these steps 1. Open the Server Manager conso e f t sn’t a ready open 2. Se ect Remove Ro es from the Act on menu to open the Before You Beg n page of the

Remove Ro es W zard 3. Read the adv ce on the Before You Beg n page It’s good adv ce and a usefu rem nder

If you’ve read the page, understand a ts mp cat ons, and don’t ever want to see the page aga n, se ect the Sk p Th s Page By Defau t check box Persona y, we eave t c eared 4. C ck Next to open the Remove Server Ro es page, as shown n F gure 17-9 C ear the

ro es you want to remove


CHAPTER 17 447

Figure 17-9 The Remove Server Ro es page of the Remove Ro es W zard

5. If there are any dependent features, you’ be prompted to remove them a so, as shown

ear er n F gure 17-8 6. When you’ve c eared the check boxes for any ro es you want to remove, c ck Next to

open the Confirm Remova Se ect ons page, as shown n F gure 17-10 Th s page w often nc ude one or more nformat ona messages Be sure you understand a mp cat ons of remov ng the ro e or ro es Note You can print, email, or save the information in the Confirm Removal Selections

page by clicking below the informational window.

7. C ck Remove to actua y beg n the remova 8. When the remova has comp eted, you’ see the Remova Resu ts page, as shown

n F gure 17-11 If any of the ro es or features requ re a restart, you’ see a message warn ng you that a restart s pend ng In our exper ence, remov ng just about anyth ng requ res a restart

448 CHAPTER 17


Figure 17-10 The Conf rm Remova Se ect ons page of the Remove Ro es W zard

Figure 17-11 The Remova Resu ts page of the Remove Ro es W zard


CHAPTER 17 449

9. C ck C ose, and then c ck Yes f prompted for a restart 10. If your remova requ res a restart, be sure to og back on w th the same account you

used to remove the ro e The remova can’t comp ete unt you og back on w th that account The Resume Configurat on W zard w open and comp ete the remova of the ro es you se ected C ck C ose when the remova s comp ete

Adding and Removing Role Services In most s tuat ons, you’ add or remove ro e serv ces as a part of add ng and remov ng the ro es they are serv ces for But often enough, you’ start out w th one set of ro e serv ces for a part cu ar ro e and at some po nt d scover the need to add a ro e serv ce or even remove a ro e serv ce for someth ng that’s no onger needed The process of add ng and remov ng ro e serv ces s much the same as add ng and removng ro es, and fo ows many of the same steps Add ng a ro e serv ce requ res that the ro e for that serv ce be nsta ed You can’t add the RD L cens ng ro e serv ce w thout hav ng the Remote Desktop Serv ces ro e nsta ed

Adding a Role Service You can use e ther the command ne or the graph ca Server Manager conso e to add a ro e serv ce For our examp e, we’ assume you have a ready nsta ed Remote Desktop Serv ces to your second server, and you want to add the RD L cens ng ro e serv ce to the server Fo ow these steps 1. Open the Server Manager conso e f t sn’t a ready open 2. C ck Remote Desktop Serv ces n the eft pane, and se ect Add Ro e Serv ces from the

Act on menu to open the Add Ro e Serv ces W zard, as shown n F gure 17-12 3. Se ect the ro e serv ce you want to add, and c ck Next If th s ro e serv ce has configu-

rat on cho ces, you’ have one or more pages of w zard to address W th the RD L censng ro e serv ce, you’ have the Configure D scovery Scope For RD L cens ng page shown n F gure 17-13 Note You generally should not set a discovery scope for RD Licensing on an SBS net-

work. Instead, use the Remote Desktop Session Host Configuration console to explicitly set the RD Licensing server that your RD Session Host should use. In most scenarios, this will be the RD Session Host itself in an SBS environment.

450 CHAPTER 17


Figure 17-12 The Se ect Ro e Serv ces page of the Add Ro e Serv ces W zard

Figure 17-13 The Conf gure D scovery Scope For RD L cens ng page of the Add Ro e Serv ces

W zard


CHAPTER 17 451

4. Do not se ect the Configure A D scovery Scope For Th s L cense Server check box 5. C ck Next to open the Confirm Insta at on Se ect ons page 6. C ck Insta to beg n the nsta at on 7. After the nsta at on s comp ete, the Insta at on Resu ts page w

open, as shown n F gure 17-14 If no restart s requ red, c ck C ose to comp ete the nsta at on

Figure 17-14 The nsta at on Resu ts page of the Add Ro e Serv ces W zard

Removing a Role Service Remov ng a ro e serv ce doesn’t necessar y remove the ro e For examp e, you can remove the RD L cens ng ro e serv ce w thout affect ng other ro e serv ces of the Remote Desktop Serv ces ro e As a ways, you can use e ther the command ne or the graph ca Server Manager conso e to remove ro e serv ces As w th remov ng ro es, we have a hard t me understand ng why

452 CHAPTER 17


anyone wou d use the command ne to remove a ro e serv ce n an SBS env ronment, but there’s no part cu ar reason not to To remove the RD L cens ng ro e serv ce of the Remote Desktop Serv ces ro e, fo ow these steps 1. Open the Server Manager conso e f t sn’t a ready open 2. C ck the Remote Desktop Serv ces ro e n the eft pane of the Server Manager conso e 3. Se ect Remove Ro e Serv ces from the Act on menu to open the Se ect Ro e Serv ces

page of the Remove Ro e Serv ces W zard, as shown n F gure 17-15

Figure 17-15 The Se ect Ro e Serv ces page of the Remove Ro e Serv ces W zard

4. C ear the Remote Desktop L cens ng check box, and c ck Next to open the Confirm

Remova Se ect ons page 5. C ck Remove to beg n the remova process When the process comp etes, you’ see

the Remova Resu ts page, as shown n F gure 17-16


CHAPTER 17 453

Figure 17-16 The Remova Resu ts page of the Remove Ro e Serv ces W zard

6. C ck C ose to ex t the w zard C ck Yes to restart the server f prompted 7. If remov ng the ro e serv ces requ res a restart, be sure to og back on w th the same

account you used to remove the ro e serv ce The remova can’t comp ete unt you og back on w th that account The Resume Configurat on W zard w open and comp ete the remova of the ro e serv ce you se ected C ck C ose when the remova s comp ete Note Many roles and role services that can be added without a restart are not so well

behaved when being removed. Expect to have to reboot when removing a role or role service.

Adding and Removing Features Add ng or remov ng a feature n SBS 2011 s a very s m ar process to add ng or remov ng a ro e The d fference s that features are ndependent of the ro es on a server—a feature can be added regard ess of the ro es that are a ready on the computer Aga n, as w th add ng a ro e, f there’s a dependency, the Add Features W zard w automat ca y prompt you to add the requ red add t ona ro es or features You can a so add features to a W ndows Server 2008 R2 server that has the Hyper-V ro e nsta ed w thout chang ng the cens ng For more nformat on on cens ng and Hyper-V, see Chapter 6, “Configur ng SBS n Hyper-V ”

454 CHAPTER 17


Adding Features Add ng a feature to W ndows Server 2008 R2 usua y doesn’t requ re other features or ro es, though there are except ons To nsta the two bas c features we have on every server, fo ow these steps 1. Open the Server Manager conso e f t sn’t a ready open 2. C ck Features n the eft pane of the Server Manager conso e 3. Se ect Add Features from the Act on menu to open the Se ect Features page of the

Add Features W zard, as shown n F gure 17-17

Figure 17-17 The Se ect Features page of the Add Features W zard

4. Se ect the features you want to nsta , and c ck Next to beg n the nsta at on process 5. When the process comp etes, you’ see the Insta at on Resu ts page If th s page shows

that one or more of your features has a pend ng restart, you’ need to restart the server before cont nu ng 6. C ck C ose to ex t the w zard C ck Yes to restart the server f prompted 7. If your nsta at on requ res a restart, be sure to og back on w th the same account you

used to add the features The nsta at on sn’t comp ete unt you og back on w th that account The Resume Configurat on W zard w open and comp ete the nsta at on of the features you se ected C ck C ose when the nsta at on s comp ete


CHAPTER 17 455

To nsta the same two features us ng the command ne, use the fo ow ng command servermanagercmd -install PowerShell-ISE Subsystem-UNIX-Apps To nsta the same two features us ng W ndows PowerShe , use the fo ow ng commands Import-Module ServerManager Add-WindowsFeature PowerShell-ISE,Subsystem-UNIX-Apps In our exper ence, these two features can be nsta ed together w thout requ r ng a server restart We’ve added the preced ng W ndows PowerShe to our standard bu d configurat on, ensur ng that the too s we need and expect are ava ab e on a servers Note Windows PowerShell is installed by default on all Windows Server 2008 R2 servers,

including Windows Small Business Server 2011. The Integrated Scripting Environment (ISE) is not installed by default, however, and is a useful addition. The Subsystem for UNIX Applications is not installed by default and is probably useful only to those who must support mixed environments where UNIX and Linux are part of the SBS networking environment.

Removing Features Remov ng a feature from W ndows Server 2008 R2 usua y doesn’t affect other features or ro es, though there are except ons, nc ud ng the NET Framework 3 5 1 feature, wh ch has severa subs d ary features To remove a feature, fo ow these steps 1. Open the Server Manager conso e f t sn’t a ready open 2. C ck Features n the eft pane of the Server Manager conso e and then h gh ght the

feature you want to remove 3. Se ect Remove Features from the Act on menu to open the Se ect Features page of the

Remove Features W zard 4. C ear the check box of the feature you want to remove and c ck Next, and then c ck

Remove to beg n the remova process 5. When the process comp etes, you’ see the Remova Resu ts page If th s page shows a

pend ng restart, you’ need to restart the server before cont nu ng

456 CHAPTER 17


6. C ck C ose to ex t the w zard C ck Yes to restart the server f prompted 7. If your remova requ res a restart, be sure to og back on w th the same account you

used to remove the features The remova sn’t comp ete unt you og back on w th that account The Resume Configurat on W zard w open and comp ete the remova of the features you se ected C ck C ose when the w zard s fin shed

Using the Native Consoles For many tasks, even most tasks, you shou d use the W ndows SBS Conso e There’s even an Advanced Mode vers on that has nks to the nat ve conso es for the most common y requ red tasks that don’t have spec a SBS w zards And for a your nat ve conso es n a s ng e p ace, use the W ndows SBS Nat ve Too s Management conso e, shown n F gure 17-18 It doesn’t matter whether you get to nat ve conso es from the W ndows SBS Nat ve Too s Management conso e, start them d rect y, or use Server Manager, the behav or s the same

Figure 17-18 The W ndows SBS Nat ve Too s Management conso e

Note The title bar of this console says it’s the Advanced Management console, but you

open it from the Windows SBS Native Tools Management link in the Windows Small Business Server section of the Windows Start menu.

Using the Native Consoles

CHAPTER 17 457

Using the Advanced Mode of the Windows SBS Console The s mp est way to work w th the most common y used nat ve conso es s to open them from the Advanced Mode of the W ndows SBS Conso e, shown n F gure 17-19

Figure 17-19 The Users page of the W ndows SBS Conso e (Advanced Mode)

As you can see n the figure, there s an add t ona opt on n the Tasks pane of the Users page—a nk to open the Act ve D rectory Users And Computers snap- n The Act ve D rectory Users And Computers (ADUC) conso e s the nat ve mechan sm for manag ng users and computers n W ndows Server 2008 R2 And there are defin te y tasks that can on y be performed eas y from the ADUC conso e, not from the W ndows SBS Conso e For examp e, you can’t add a contact from the W ndows SBS Conso e—you need to use ADUC for that To use the Advanced Mode of W ndows SBS Conso e to create a contact, fo ow these steps 1. C ck Start, A Programs, W ndows Sma Bus ness Server, and then c ck W ndows SBS

Conso e (Advanced Mode) to open the conso e (Be smart—put a nk to th s on your desktop, or p n t to the Start menu ) 2. C ck Users And Groups and then c ck Users f t sn’t n front 3. In the Tasks pane, on the r ght, c ck Open Act ve D rectory Users And Computers

Snap- n to open ADUC as shown n F gure 17-20

458 CHAPTER 17


Figure 17-20 Act ve D rectory Users And Computers conso e

4. Expand the doma n name n the eft pane, and nav gate to the MyBus ness organ za-

t ona un t (OU) 5. C ck MyBus ness, se ect New, and then se ect Organ zat ona Un t from the shortcut

menu to open the New Object – Organ zat ona Un t d a og box shown n F gure 17-21

Figure 17-21 The New Object

Organ zat ona Un t d a og box

6. Type n a name for the conta ner, and c ck OK to create the OU 7. R ght-c ck the OU you just created, se ect New, and then se ect Contact as shown n

F gure 17-22


CHAPTER 17 459

Figure 17-22 Creat ng a new contact

8. In the New Object – Contact d a og box, shown n F gure 17-23, fi

n the fie ds for the new contact We find t usefu to add (externa ) to the name fie d when add ng secondary ema addresses for users who w have an account on the SBS server

Figure 17-23 The New Object

460 CHAPTER 17

Contact d a og box


9. C ck OK to create the contact 10. C ck Propert es on the Act on menu to open the Propert es d a og box for the new

contact, and enter an ema address as shown n F gure 17-24

Figure 17-24 The Propert es d a og box for a contact

11. C ck OK to save the changes

Using Server Manager A good way to see the ent re management nterface for any server, regard ess of the number of ro es nsta ed, s to use the W ndows Server 2008 R2 Server Manager Th s comb nes adm n strat ve, management, and mon tor ng funct ona ty nto a s ng e conso e, g v ng you a s ng e p ace to manage and mon tor a the funct ona ty of your SBS server that sn’t managed and mon tored from the SBS Conso e The most mportant part of the Server Manager conso e, shown n F gure 17-25, s the Ro es sect on Here you have not on y a summary of the events, messages, and genera hea th of the ro es that are nsta ed on your server, but a so d rect access to the nd v dua management conso es for each ro e


CHAPTER 17 461

Figure 17-25 The Ro es page of the Server Manager conso e

We’ use the Server Manager conso e to take care of a b t of configurat on we need to do on our hp350-sbs-02 sbsexamp e oca server—configur ng the pr nter and a coup e of key workstat ons for DHCP reservat ons Th s s someth ng that s mp y can’t be done d rect y from the SBS Conso e And we could manua y configure each of them w th stat c IP addresses, but we prefer to use DHCP whenever poss b e So the best so ut on s a DHCP reservat on It ensures that key workstat ons are a ways at the address we expect, but f we need to make a major change to the network address ng, t’s a hand ed at one ocat on, sav ng us from havng to go around and manua y configure nd v dua dev ces or workstat ons To open the DHCP conso e n Server Manager and add a DHCP reservat on, fo ow these steps 1. Open the Server Manager f t sn’t a ready open, and c ck Ro es n the eft pane 2. Expand the Ro es sect on and then expand the DHCP Server sect on by c ck ng the

tt e p us s gn to the eft of the sect on you want to expand 3. Dr

down to the IPv4 Address Leases for your SBS server, as shown n F gure 17-26

4. R ght-c ck the dev ce that you want to g ve a DHCP reservat on to— n our case, the

HP 3505 Co or LaserPr nter that s n the Eng neer ng office (ENG-PRN-01)—and se ect Add To Reservat on from the menu, as shown n F gure 17-27

462 CHAPTER 17


Figure 17-26 The Pv4 Address Leases for our EXAMPLE network

Figure 17-27 Convert ng a DHCP ease nto a DHCP reservat on


CHAPTER 17 463

5. If the DHCP ease s successfu y converted to a reservat on, you’ see the message

shown n F gure 17-28 C ck OK

Figure 17-28 The DHCP ease convers on message

Directly Opening Native Consoles A though us ng the Server Manager conso e to access the management conso es for the ro es and features on your server s a s mp e way to get at a of them from one ocat on, we often find that t s awkward to nav gate when a ot of ro es are nsta ed, and we a so hate g v ng up any of our screen rea estate for that eft pane So our so ut on s to s mp y open up the nat ve management conso es d rect y The GUI way s to open the Start menu and c ck Adm n strat ve Too s Th s g ves you a st of the ava ab e Adm n strat ve conso es, as shown n F gure 17-29 The other way s to open them d rect y, e ther from the Run menu or us ng a Cmd or W ndows PowerShe w ndow Our preference s to keep a W ndows PowerShe w ndow open on the desktop, and use that Tab e 17-1 has a st of the management conso es, a ong w th a coup e of keyboard shortcuts for Contro Pane app cat ons that are eas er to get at from the command ne

Figure 17-29 The ava ab e Adm n strat ve conso es on a W ndows Sma Bus ness Server 2011 server

464 CHAPTER 17


Summary The major ty of a your da y management tasks n W ndows Sma Bus ness Server 2011 can be, and shou d be, performed us ng the W ndows SBS Conso e or the W ndows SBS Conso e Advanced Mode But there w nev tab y be some tasks that e ther can’t be performed from there or that are more eas y performed us ng the nat ve W ndows Server 2008 R2 management nterface Espec a y for manag ng the Prem um Add-on second server Before you use the nat ve too s, a ways ver fy that you’re not do ng someth ng that has a bu t- n SBS w zard Whenever an SBS w zard s ava ab e, you shou d use t The w zards a most a ways do severa tasks n an ntegrated way that wou d be d fficu t to do d rect y us ng the nat ve management too s, and you’ have a better-behaved and eas er-to-manage SBS env ronment f you st ck to the w zards whenever you can In the next chapter, we’ cover configur ng and manag ng ema , nc ud ng the n t a setup and configurat on of M crosoft Exchange Server 2010

Summary

CHAPTER 17 467

CHAPTER 18

Configuring and Managing Email O

ne of the centra p ars of M crosoft W ndows Sma Bus ness Server 2011 Standard (SBS 2011) s M crosoft Exchange Server 2010 Exchange Server s nsta ed as part SBS 2011 Standard and prov des a robust, fu -featured, and flex b e ema and co aborat on nfrastructure Manag ng the Exchange nfrastructure n a arge organ zat on s the task of one or more fu -t me Exchange adm n strators, but w th W ndows Sma Bus ness Server, most of the heavy ft ng has been done by the SBS team The n t a nsta at on and configurat on of Exchange are hand ed automat ca y as part of the SBS nsta and the Gett ng Started Tasks st

Basic Email Configuration The defau t Exchange Server configurat on s set up when you run the n t a pass of the Set Up Your Internet Address W zard and the Configure A Smart Host For Internet E-Ma W zard If you haven’t comp eted these tasks, as descr bed n Chapter 8, “Comp et ng the Gett ng Started Tasks,” you need to do that first Before you can run the Set Up Your Internet Address W zard, shown n F gure 18-1, you need to e ther have your Internet doma n name reg stered or have a good dea of the one you want to reg ster, a ong w th a coup e of a ternat ves n case the one you want sn’t ava ab e If you a ready have a doma n, you’ need to know whether you want to manage the DNS sett ngs for t yourse f or have SBS manage t for you Persona y, we prefer manag ng t ourse ves, us ng a serv ce such as ZoneEd t com as our DNS prov der, but for many sma bus nesses t’s just as easy to have SBS manage the doma n for you

469

Figure 18-1 You need some bas c nformat on about your nternet doma n name before you can

conf gure ema and your nternet address

Configuring Internet Mail There are two bas c methods for send ng ema from SBS d rect de very and forward ng D rect de very uses DNS to route ema d rect y to the server that the DNS records po nt to for the rec p ent’s ema doma n Ema doesn’t “pass through” any other S mp e Ma Transfer Protoco (SMTP) servers a ong the way, and s shown as be ng d rect y sent from your SBS Internet doma n The second method forwards a your ma to another SMTP server that s configured to both accept ncom ng ema for forward ng and to understand how to find the correct dest nat on for the ema Most Internet serv ce prov ders (ISPs) prov de th s k nd of forward ng server, known as a Smart Host, as do a var ety of ema fi ter ng and protect on serv ces that you can use, such as ExchangeDefender (http://www.exchangedefender.com), our preferred spam-fi ter ng serv ce

470 CHAPTER 18


Figure 18-2 The Connect v ty page of the W ndows SBS Conso e

3. C ck Smart Host For Internet E-ma , and then c ck V ew Outbound Internet E-ma

Propert es n the Tasks pane to open the Configure Internet Ma W zard shown n F gure 18-3

Figure 18-3 The Before You Beg n page of the Conf gure nternet Ma W zard

472 CHAPTER 18


4. C ck Next to open the Spec fy Sett ngs For Outbound Internet Ma page shown n

F gure 18-4

Figure 18-4 The Spec fy Sett ngs For Outbound nternet Ma page of the Conf gure nternet

Ma W zard

5. Enter the nformat on prov ded by your ISP for connect ng to the r Smart Host Some

ISPs requ re you to prov de authent cat on to connect Th s nformat on s usua y ava ab e on the support pages of your ISP 6. C ck Next to beg n the configurat on, and then c ck F n sh to c ose the w zard

Enabling DNS Email Sending By defau t, Exchange Server n SBS uses DNS to determ ne where to send an ema If you haven’t configured a Smart Host, you don’t need to do anyth ng at a to use DNS ema sendng But f you’ve configured for Smart Host and need to change back to us ng DNS, you run the same w zard as when you configured for Smart Host Fo ow these steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck Network on the top nav gat on bar, and then c ck the Connect v ty tab to open

the Connect v ty page shown ear er n F gure 18-2 3. C ck Smart Host For Internet E-ma , and then c ck V ew Outbound Internet E-ma

Propert es n the Tasks pane to open the Configure Internet Ma W zard 4. C ck Next to open the Spec fy Sett ngs For Outbound Internet Ma page shown n

F gure 18-5

Basic Email Configuration

CHAPTER 18 473

Figure 18-5 Remov ng the Smart Host to return to DNS ema de very

5. Se ect I Do Not Need To Configure A Smart Host Server For Internet E-Ma 6. C ck Next to beg n the configurat on, and then c ck F n sh to c ose the w zard

POP3 Email Some sma bus nesses st re y on externa ema accounts, and these accounts can be usefu dur ng the trans t on to a new SBS nsta at on We th nk us ng M crosoft Exchange s a far better so ut on overa , but SBS does support us ng externa , Post Office Protoco v3 (POP3) ema accounts The W ndow SBS POP3 Connector has changed n SBS 2011 from the vers on n SBS 2003 n three mportant ways ■

POP3 ema s brought to the SBS server us ng SMTP, a ow ng for fu scann ng and fi ter ng, and d rect ntegrat on nto Exchange

■

POP3 ema can be schedu ed for retr eva every five m nutes

■

The POP3 connector no onger supports gener c ema boxes Each ema box must be exp c t y configured and ass gned

Configur ng POP3 ema requ res you to know the ema account propert es— nc ud ng the ma server, account name, and password—for each POP3 ema account you want to add

474 CHAPTER 18


Figure 18-6 The W ndows SBS POP3 Connector d a og box

4. C ck Add to open the POP3 Ma box Accounts page of the W ndows SBS POP3 Con-

nector d a og box, as shown n F gure 18-7 Enter the nformat on to connect to the account For deta s on the var ous sett ngs, see the Under The Hood s debar “POP3 Account Sett ngs,” ear er n th s chapter

Figure 18-7 The POP3 Ma box Accounts page of the W ndows SBS POP3 Connector d a og box

476 CHAPTER 18


Figure 18-8 The Set POP3 Connector Schedu e page

5. Change the Schedu e sect on to automat ca y retr eve ema at the nterva des red If

you need to manua y n t ate a POP3 ema retr eva , c ck Retr eve Now 6. C ck OK to n t ate the schedu e and return to the Connect v ty page

Advanced Email Configuration Wh e most th ngs that you’ need to do for ema configurat on are eas y hand ed from the W ndows SBS Conso e, there are a few th ngs that requ re runn ng the Exchange Management Conso e, shown n F gure 18-9, or us ng W ndows PowerShe scr pts Anyth ng that can be done n the Exchange Management Conso e can a so be done us ng W ndows PowerShe n the Exchange Management She

478 CHAPTER 18


Figure 18-9 The Exchange Management Conso e

Try ng to cover everyth ng that can be done to configure M crosoft Exchange Server 2010 s an ent re book, and not someth ng we’ even try to do n th s chapter What we’ do s use a coup e of examp es to g ve you an dea of what k nds of th ngs can be configured, and how to find them and use the Exchange Management Conso e to accomp sh them For add t ona deta s, we strong y suggest a b t of exp orat on through the graph ca conso e or, when you need more he p, we suggest read ng Microsoft Exchange Server 2010 Administration (Sybex, 2010)

Using Contacts In M crosoft Exchange terms, a contact s someone who doesn’t need an Act ve D rectory user account and doesn’t have ma stored n Exchange But a contact does need to be both a contact n Act ve D rectory and ma -enab ed n M crosoft Exchange If you’ve created someone as a contact n Act ve D rectory, he or she st needs to be ma -enab ed n Exchange If you’re creat ng the contact d rect y n Exchange, you w a so be add ng h m or her to Act ve D rectory at the same t me, so t’s usua y more effic ent to add contacts d rect y from w th n the Exchange Management Conso e, or us ng the New-Ma Contact PowerShe cmd et

Advanced Email Configuration

CHAPTER 18 479

Mail-Enabling Existing Contacts You can ma -enab e ex st ng Act ve D rectory contacts To ma -enab e an ex st ng contact, fo ow these steps 1. Open the Exchange Management Conso e f t sn’t open 2. Nav gate to Rec p ent Configurat on and then c ck Ma Contact n the eft pane of the

conso e 3. C ck New Ma Contact n the Act ons pane to open the New Ma Contact W zard


Figure 18-10 The ntroduct on page of the New Ma Contact W zard

4. Se ect Ex st ng Contact and c ck Browse to open the Se ect Contact d a og box shown

n F gure 18-11 You’ see a st of a Act ve D rectory contacts that are not current y ma -enab ed 5. Se ect the contact you want to ma -enab e and c ck OK to return to the Introduct on

page of the New Ma Contact W zard 6. C ck Next to open the Contact Informat on page of the New Ma Contact W zard,

as shown n F gure 18-12 Most of the fie ds w ex st ng contact

480 CHAPTER 18


a ready be fi ed n because th s s an

Figure 18-11 Brows ng to f nd an Act ve D rectory contact that needs to be ma

enab ed

Figure 18-12 The Contact nformat on page for an ex st ng Act ve D rectory contact who s be ng

ma enab ed


CHAPTER 18 481

7. C ck Ed t to open the SMTP Address d a og box shown n F gure 18-13

Figure 18-13 Add ng an SMTP address to ma

enab e a contact

8. Type n the ema address for the contact and c ck OK to return to the Contact Infor-

mat on page of the New Ma Contact W zard 9. Enter an a as for the contact, as shown n F gure 18-14 Note It’s a good idea to use a standard way to identify contacts so that they don’t get

confused with internal users.

Figure 18-14 You need to spec fy an a as for ma

enab ed contacts

10. C ck Next to open the New Ma Contact page shown n F gure 18-15 Th s summar zes

the act ons that are about to be taken and s your ast chance to cance or to correct the nformat on

482 CHAPTER 18


Figure 18-15 The New Ma Contact page shows the new ma

enab ed contact that w be created

11. C ck New to create the contact and open the Comp et on page shown n F gure 18-16

Figure 18-16 The Comp et on page shows the actua W ndows PowerShe scr pt that was

executed


CHAPTER 18 483

12. C ck F n sh to c ose the New Ma Contact W zard and return to the Exchange Manage-

ment Conso e

Note Press Ctrl+C on the Completion page of the New Mail Contact Wizard (or any other

wizard in Microsoft Exchange 2010) to copy the contents of the page to the clipboard. This will include the Windows PowerShell script that was executed to complete the task. You can then paste this into your favorite editor (we use gvim, http://www.vim.org, but even Notepad will work), and use it as the basis to build future scripts.

Adding a New Mail-Enabled Contact The steps for creat ng a new ma -enab ed contact are s m ar to those for updat ng an ex stng Act ve D rectory contact to be ma -enab ed However, when you’re creat ng a new contact, you’ need to have add t ona nformat on about the contact and know wh ch organ zat ona un t (OU) you want the contact to res de n Use the fo ow ng steps to create a new ma -enab ed contact 1. Open the Exchange Management Conso e f t sn’t a ready open 2. Nav gate to Rec p ent Configurat on and then c ck Ma Contact n the eft pane of the

conso e 3. C ck New Ma Contact n the Act ons pane to open the New Ma Contact W zard 4. Se ect New Contact and c ck Next to open the Contact Informat on page shown n

F gure 18-17

Figure 18-17 The Contact nformat on page for creat ng a new ma

484 CHAPTER 18


enab ed contact

5. C ck Browse to open the Se ect Organ zat ona Un t d a og box shown n F gure 18-18

Figure 18-18 The Se ect Organ zat ona Un t d a og box

6. Se ect the OU to use for th s contact, and c ck OK to return to the Contact Informat on

page 7. F

n the rest of the nformat on for the contact, nc ud ng an a as We th nk t’s a good dea to have a way to make t c ear that th s s an externa contact n the a as because you’ be send ng ema to th s contact outs de your organ zat on

8. C ck Ed t to open the SMTP Address d a og box, and enter the SMTP address for the

contact 9. C ck OK to return to the Contact Informat on page, and then C ck Next to open the

New Ma Contact page Th s summar zes the act ons that are about to be taken and s your ast chance to cance or to correct the nformat on 10. C ck New to create the contact and open the Comp et on page 11. C ck F n sh to c ose the New Ma Contact W zard and return to the Exchange Manage-

ment Conso e


CHAPTER 18 485

When you’re ready to have Exchange Server rece ve ema for an add t ona doma n, use the fo ow ng steps to add the doma n 1. Open the Exchange Management Conso e f t sn’t a ready open 2. Nav gate to Hub Transport n the Organ zat on Configurat on conta ner n the eft pane

and then c ck the Accepted Doma ns tab n the center pane, as shown n F gure 18-19

Figure 18-19 The accepted doma ns for our test SBS network


CHAPTER 18 487

3. C ck New Accepted Doma n n the Act ons pane to open the New Accepted Doma n

W zard shown n F gure 18-20

Figure 18-20 The New Accepted Doma n W zard

4. Enter a name for the doma n you want to rece ve ema for, and then enter the DNS

doma n name n the Accepted Doma n fie d 5. C ck New and then c ck F n sh when the task has comp eted As w th a other com-

mands n the Exchange Management Conso e, you can save the W ndows PowerShe scr pt that was executed to comp ete the command on the Comp et on page before you c ose the w zard 6. C ck New E-Ma Address Po cy n the Act ons pane to open the New E-Ma Address

Po cy W zard shown n F gure 18-21

488 CHAPTER 18


Figure 18-21 The ntroduct on page of the New E Ma Address Po cy W zard

7. Type n a name for the new po cy, and then c ck the Browse button to set the OU to

the MyBus ness OU, as shown n F gure 18-22

Figure 18-22 The Se ect Organ zat ona Un t d a og box


CHAPTER 18 489

8. C ck OK to return to the Introduct on page, and se ect Users W th Exchange Ma boxes

and Ma -Enab ed Groups as shown n F gure 18-21 Th s shou d be a good start ng po nt for most SBS networks, though f you’re heavy users of Resource ma boxes (such as for schedu ng conference rooms), you m ght want to add them as we 9. C ck Next to open the Cond t ons page of the New E-Ma Address Po cy W zard You

can use these cond t ons to fi ter wh ch rec p ents the po cy app es to C ck Prev ew to see a st of the accounts that w be affected by the current set of cond t ons In most cases, you shou d eave the cond t ons b ank on th s page 10. C ck Next to open the E-Ma Addresses page 11. C ck Add to open the SMTP E-Ma Address d a og box shown n F gure 18-23

Figure 18-23 The SMTP E ma Address d a og box of the New E Ma Address Po cy W zard

12. Se ect the format of the ema address to use, and then choose Se ect Accepted Do-

ma n For The E-Ma Address 13. C ck Browse to se ect the new accepted doma n you added ear er 14. C ck OK to return to the E-Ma Addresses page, wh ch w

po cy that w

now show the address

be app ed, and c ck OK

15. C ck Next tw ce to open the Configurat on Summary 16. C ck New to app y the po cy, and then c ck F n sh on the Comp et on page to c ose

the w zard 17. Se ect the or g na W ndows SBS Ema Address Po cy and c ck Change Pr or ty n the

Act ons pane to open the Change E-ma Address Po cy Pr or ty d a og box shown n F gure 18-24

490 CHAPTER 18


Figure 18-24 Set the address po cy you want to contro the Rep y address for to a pr or ty of 1

18. C ck OK, and then c ck App y n the Act ons pane to open the App y E-ma Address

Po cy W zard shown n F gure 18-25 Se ect Immed ate y, c ck Next, and then c ck App y to app y the change

Figure 18-25 You have to app y the po cy before the ema addresses actua y change

19. C ck F n sh to c ose the w zard and return to the Exchange Management Conso e

You’re now rece v ng ema s for the new doma n


CHAPTER 18 491

Changing the Maximum Message Size The defau t max mum s ze of ema messages, both ncom ng and outgo ng, s set to 10 MB n SBS Now for most organ zat ons, th s s probab y adequate, but f you need to support arger messages, you can change the max mum s ze But t turns out t’s not a that easy, and there are ots of p aces you need to change t Yes, you cou d do th s from the Exchange Management Conso e, but heck, th s s a perfect p ace to use a s mp e W ndows PowerShe scr pt to get the job done qu ck y and eas y So here’s a s mp e scr pt that accepts a s ng e commandne parameter, the max mum s ze n megabytes that you want to set for your Exchange messages, and then changes the sett ng where t needs to If you forget to nc ude the s ze, t w prompt you for what s ze to set # Change-ExchSize.ps1 # Script to change the size of the maximum send and receive for # a Windows SBS 2011 Standard installation with Exchange 2010 # # Expects: maximum size parameter in MB or prompts # # Created: 19/2/2011 # ModHist:

param($MaxSize) if (! $MaxSize ) { $MaxSize = Read-Host “What’s the max size(in MB) you want for all mailboxes? “ } $stMaxSize = “$MaxSize” + “MB” “Setting Maximum Send and Receive Transport Size to: $stMaxSize” Set-TransportConfig -MaxSendSize $stMaxSize -MaxReceiveSize $stMaxSize Get-TransportConfig | ft -maxsendsize,maxreceivesize “Setting Maximum Send and Receive Connectors to: $stMaxSize” $ReceiveConnectors = Get-ReceiveConnector $SendConnectors = Get-SendConnector ForEach ($Connector in $ReceiveConnectors ) { Set-ReceiveConnector -Identity $Connector.name -MaxMessageSize $stMaxSize } ForEach ($Connector in $SendConnectors ) { Set-SendConnector -Identity $Connector.name -MaxMessageSize $stMaxSize }


CHAPTER 18 493

“The Maximum Receive Connector size has been set to: “ Get-ReceiveConnector | ft Name, MaxMessageSize “The Maximum Send Connector size has been set to: “ Get-SendConnector | ft Name, MaxMessageSize

Note This script must be run from the Exchange Management Shell on the SBS server,

from an account in the Network Administrator role.

Summary In th s chapter, we covered the bas cs of sett ng up and configur ng M crosoft Exchange Server 2010, wh ch s a core component of W ndows Sma Bus ness Server 2011 Standard We nc uded how to configure the new POP3 E-ma Connector for SBS We covered three more advanced top cs ma -enab ng contacts, add ng an add t ona ema doma n name, and chang ng the max mum s ze of ema messages as a w ndow nto the r ch add t ona feature set that s poss b e w th the Exchange Management Conso e or by us ng the Exchange Management She and W ndows PowerShe A the commands that are performed from the Exchange Management Conso e can be saved as W ndows PowerShe scr pts and executed d rect y from W ndows PowerShe as scr pts or nteract ve commands In the next chapter, we’ cover oca connect v ty, nc ud ng TCP/IP, w re ess connect v ty, and the W ndows F rewa

494 CHAPTER 18


CHAPTER 19

Managing Local Connectivity C

onnect v ty s a huge top c, so we’ve dec ded to sp t t up th s t me nto two chapters In th s chapter, we’ cover “ oca ” connect v ty, wh ch we’re arb trar y definng as everyth ng on the oca area network (LAN) and everyth ng you configure on your M crosoft W ndows Sma Bus ness Server (SBS) 2011 server to a ow you to safe y connect to the outs de wor d In Chapter 20, “Manag ng Remote Access,” we’ cover everyth ng you need to connect to your SBS network when you’re not n the office and phys ca y connected to the LAN SBS nc udes we -des gned w zards for many of the connect v ty tasks we face n configur ng and manag ng an SBS network Some of these w zards have a ready been covered n other chapters ■

The Connect to the Internet W zard to configure your Internet connect on (Chapter 8)

■

The Internet Address Management W zard to set up and manage your Internet doma n name (Chapter 8)

■

The Add A Trusted Cert ficate W zard to obta n and dep oy a trusted cert ficate for your Internet doma n (Chapter 8)

■

The Configure Internet Ma W zard to configure M crosoft Exchange to use a Smart Host for ma de very (Chapter 18)

That’s an mportant st of w zards and covers some of the b ggest areas of network connect v ty, but t does st eave qu te a b t for th s chapter, nc ud ng ■

DHCP and DNS

■

W re ess connect v ty

■

F rewa configurat on

■

F x ng network prob ems

Th s ast top c focuses on the F x My Network W zard, wh ch rep aces the Configure E-Ma and Internet Connect v ty W zard (CEICW) of SBS 2003 F na y, n Chapter 20, we’ cover Remote Web Access and v rtua pr vate networks

495

DHCP and DNS SBS manages DHCP and DNS w th no user ntervent on requ red n most cases SBS configures tse f to be the on y DHCP server on the network, and the pr mary DNS server as we You shou d norma y not have to change any of the DNS or DHCP sett ngs on your network for bas c operat on, but there can be spec a zed needs that requ re add t ona configurat on For examp e, on our network we prefer to have a arger exc uded range of IP addresses that the DHCP server can’t use because of how we configure key workstat ons and pr nters Note The tools you need for DHCP and DNS are the DHCP console (dhcpmgmt.msc) and

the DNS Manager console (dnsmgmt.msc), respectively. You can open these consoles from the Administrative Tools menu, from the SBS Native Tools Management console, from the Windows SBS Console (Advanced Mode), or directly from the command line. We use the command line.

Managing DHCP DHCP automat ca y prov des computers on the oca network segment w th va d IP addresses and mportant add t ona configurat on sett ngs, nc ud ng the addresses of DNS servers and the defau t gateway, a ong w th other configurat on sett ngs f needed SBS manages the core DHCP sett ngs automat ca y, but you can add add t ona sett ngs as appropr ate for your env ronment, as we as v ew and manage the current address eases and exc us ons If your network nc udes pr nters or other dev ces that requ re unchang ng IP addresses, you can e ther exc ude the address from use by DHCP and manua y set the dev ce or configure DHCP for an address reservat on to ensure that the dev ce w a ways get the same address On our network, we a so ass gn DHCP reservat ons to key workstat ons so that they’re at pred ctab e IP addresses to s mp fy troub eshoot ng Note Although it isn’t required to exclude a DHCP address that you assign a reserva-

tion to, we prefer to exclude an entire range of addresses and then use DHCP reservations within that range for computers and devices we want predictable addresses for. Not the normal way, but it works for us and our admittedly specialized needs.

496 CHAPTER 19


To obtain the MAC address using the getmac command, from a command prompt, type getmac /s computer /v

where computer is the IP address, host name, or DNS name of the remote computer you want the MAC address for. Finally, you can obtain the MAC address of any current DHCP client by looking at the current DHCP lease for the client—the MAC address is shown in the Unique ID column.

To create a DHCP reservat on for an ex st ng DHCP c ent, comp ete the fo ow ng steps 1. Open the DHCP conso e f t sn’t a ready open 2. In the eft pane, expand the conta ners unt you can se ect Address Leases n the IPv4

sect on 3. R ght-c ck the dev ce you want to create a reservat on for, as shown n F gure 19-3,

and se ect Add To Reservat on

Figure 19-3 Convert ng an ex st ng ease nto a DHCP reservat on

4. C ck OK The ex st ng DHCP ease w

be converted nto a DHCP reservat on

To create a DHCP reservat on for a dev ce that doesn’t current y have a DHCP address, comp ete the fo ow ng steps 1. Open the DHCP conso e f t sn’t a ready open 2. In the eft pane, expand the conta ners unt you can se ect Reservat ons

500 CHAPTER 19


3. Se ect New Reservat on from the Act on menu to open the New Reservat on d a og

box shown n F gure 19-4 ■

Reservation Name Usua y the DNS name for the dev ce or c ent Choose a name that conforms to DNS nam ng requ rements for best compat b ty

■

IP Address The IP address that you are reserv ng for th s dev ce or c ent

■

MAC Address The Med a Access Contro or hardware address of the network card for the dev ce or c ent Th s s a hexadec ma number that s g oba y un que and s genera y pr nted d rect y on the dev ce

■

Description A descr pt ve phrase that w make t eas er to dent fy the spec fic dev ce the reservat on s ass gned to

■

Supported Types The cho ces are Both, DHCP on y, or BOOTP on y BOOTP s an o der protoco for automat ca y ass gn ng IP addresses and configurat on deta s that s no onger common y used, but se ect ng the Both opt on s the best cho ce un ess you have a spec fic reason not to

Figure 19-4 The New Reservat on d a og box

4. C ck Add, and the reservat on s added The reservat on w

nher t the configurat on opt ons that have been set for the DHCP scope, and you can add spec fic opt ons for each reservat on

Setting DHCP Options The process for sett ng DHCP opt ons s essent a y the same regard ess of the eve you set the opt on at As descr bed n the “DHCP Opt ons Scope” Under The Hood s debar ear er n the chapter, each eve of DHCP nher ts opt ons from the h gher eve but can overr de them As an examp e of sett ng DHCP opt ons, we’ set the Host Name opt on for the DHCP reservat on for our pr nter (The pr nter s ass gned a DHCP reservat on at 192 168 0 40 )

DHCP and DNS

CHAPTER 19 501

To set the host name for the pr nter us ng a DHCP opt on, use the fo ow ng steps 1. Open the DHCP conso e f t sn’t a ready open 2. In the eft pane, expand the conta ners unt you can se ect Reservat ons 3. Se ect the DHCP reservat on for the pr nter n the eft pane, and se ect Configure Op-

t ons from the Act on menu to open the Reservat on Opt ons d a og box 4. Scro down n the Ava ab e Opt ons st to 012 Host Name, and se ect the check box

next to t as shown n F gure 19-5

Figure 19-5 Sett ng the host name for a DHCP reservat on

5. Enter the host name for the pr nter n the Str ng Va ue fie d, and c ck OK to return to

the DHCP conso e

Enabling DNS Updates On an SBS server, the DHCP server s by defau t not configured to automat ca y update the DNS server when t ass gns an IP address to a c ent Th s s not a prob em for W ndows c ents because they w update the r own records But f you have other types of DHCP c ents, you can configure DHCP to hand e the DNS update automat ca y To enab e DHCP to automat ca y update the DNS records, fo ow these steps 1. Open the DHCP conso e f t sn’t a ready open 2. R ght-c ck IPv4, se ect Propert es, and then c ck the DNS tab to br ng up the IPv4

Propert es d a og box, shown n F gure 19-6

502 CHAPTER 19


Figure 19-6 The DNS tab of the Pv4 Propert es d a og box

3. Se ect the Enab e DNS Dynam c Updates Accord ng To The Sett ngs Be ow check box

If you have dumb dev ces, such as pr nters, a so se ect the Dynam ca y Update DNS A And PTR Records For DHCP C ents That Do Not Request Updates check box 4. C ck OK when you’ve made your changes to return to the DHCP conso e

Managing DNS SBS uses the DNS server serv ce for oca name reso ut on on y SBS automat ca y creates three DNS zones two forward ookup zones and a reverse ookup zone It creates a forward ookup zone for the nterna doma n (examp e oca ), wh ch a ows you to use a DNS name to reso ve an IP address w th computers and dev ces on the nterna network It a so creates a “sp t DNS” for reso ut on of your pub c DNS name by creat ng a oca vers on for use by nterna c ents so that they can reach the “pub c” resources such as Remote Web Access (RWA) and Out ook Anywhere w thout actua y eav ng the nterna network Externa c ents can’t reach that nterna server, so the r DNS quer es for these resources po nt to the pub c IP address of your SBS network It a so creates a reverse ookup zone (0 168 192 n-addr arpa n the screen shots n th s chapter), wh ch enab es you to reso ve the DNS name assoc ated w th a part cu ar IP address (a usefu tr ck for troub eshoot ng) A three zones use secure dynam c updates so that W ndows c ents can automat ca y and secure y update the r own DNS records SBS manages DNS automat ca y for W ndows c ents Non-W ndows c ents and dev ces, however, w not have DNS records automat ca y created and ma nta ned In most s tuat ons, th s s perfect y OK, but f you need to ensure that c ent IP addresses are fu y reso vab e on the SBS network, you’ need to e ther manua y create and ma nta n the records or configure

DHCP and DNS

CHAPTER 19 503

DHCP to automat ca y update them as descr bed ear er n the “Enab ng DNS Updates” sect on

Adding a DNS Record You can manua y configure DNS records for fixed IP address c ents or c ents that use a DHCP reservat on By add ng the records, you ensure that the r IP address can be reso ved from the r names, s mp fy ng management and troub eshoot ng However, t does requ re that you ma nta n the records and ensure the r accuracy, and manua ed t ng and ma ntenance of DNS records s someth ng to avo d f at a poss b e However, for spec a dev ces that you need to ass gn a fixed IP address to and that don’t hand e DHCP we , manua y add ng the records to the DNS server s the on y so ut on To add A and PTR (Address and Po nter) records to the SBS DNS server, fo ow these steps 1. Open the DNS Manager conso e (Dnsmgmt msc) f t sn’t a ready open 2. Se ect the nterna DNS doma n n the eft pane as shown n F gure 19-7 (examp e oca

n the screen shot)

Figure 19-7 The DNS Forward Lookup Zone for the nterna network

3. Se ect New Host (A Or AAAA) from the Act on menu to open the New Host d a og box

shown n F gure 19-8

504 CHAPTER 19


Figure 19-8 Add ng a new host record for the pr nter

4. F

n the host name and IP address for the new DNS record, and se ect the Create Assoc ated Po nter (PTR) Record check box to a so create a reverse ookup record for the dev ce

5. C ck Add Host, and then c ck OK on the DNS message d a og box to create the record 6. C ck Done to return to the DNS Manager conso e

DNS Forwarding When a c ent makes a DNS query of a DNS server and t doesn’t have the nformat on e ther n ts own records or n ts cache of known IP addresses from prev ous quer es, there are three poss b e opt ons for the server ■

Return a Record Not Found message

■

Forward the query to a nearby server that m ght have the nformat on

■

Forward the query to one of the Internet’s root DNS servers

Obv ous y, the first opt on sn’t terr b y usefu , un ess you’re creat ng a very pr vate test network and you don’t want any quer es go ng outs de t The second opt on, DNS Forward ng, was the defau t behav or for SBS 2003 In SBS 2003, the DNS server was configured to automat ca y forward DNS requests that t d dn’t have the answer for to the DNS server of your Internet serv ce prov der (ISP) Th s was effic ent, because the ISP’s DNS servers were usua y no more than a hop or two away, and the answer was qu ck y returned A good dea f you trust your ISP to have accurate and safe DNS servers The th rd opt on s for the server to forward any DNS query for wh ch t doesn’t have the answer to the Internet’s DNS root servers Th s opt on, wh ch uses root h nts, s somewhat s ower than query ng the ISP’s servers, wh ch are a ot c oser, but t does ensure an accurate answer

DHCP and DNS

CHAPTER 19 505

Figure 19-9 The Forwarders tab of the DNS server Propert es d a og box

Figure 19-10 The Ed t Forwarders page of DNS server propert es

7. Leave the Use Root H nts If No Forwarders Are Ava ab e check box se ected un ess you

want the fa ure or unava ab ty of your ISP’s DNS server to cause DNS quer es to fa on your network 8. C ck OK to c ose the DNS server Propert es d a og box and return to the DNS Manager

conso e

DHCP and DNS

CHAPTER 19 507

Wireless Connectivity W re ess connect v ty has become an essent a bus ness too We expect to be ab e to connect w re ess y wherever we go and, ncreas ng y, our expectat ons are met But prov d ng w reess access ns de your SBS network s a b t d fferent You st genera y need to do t, but you need to take ser ous precaut ons to ensure that you don’t comprom se secur ty We’ve heard arguments on a s des of the w re ess secur ty quest on, from those who appear to th nk that s mp y h d ng your w re ess network s a that’s requ red, to those who c a m there s no such th ng as a secure w re ess network and we shou dn’t ever use or a ow t We , as w th most such arguments, the answer s somewhere n the m dd e Exact y where n the m dd e s rea y about your own comfort eve and percept on of r sk There are ways to mp ement fu Two Factor Authent cat on (TFA) for w re ess connect v ty, and they can be done even on a sma network f you want and need to spend the resources to do t (For more on TFA, see the Rea Wor d s debar “Two Factor Authent cat on and RWA” n Chapter 20 ) W re ess secur ty has come a ong way from the ear y days of w re ess network ng In t a y, there was W red Equ va ent Pr vacy (WEP) that came n two eve s 64-b t and 128-b t Unfortunate y, the a gor thm for WEP was ser ous y flawed, and by 2001 there were w de y ava ab e decrypt on programs that et v rtua y anyone who wanted to comprom se WEP secur ty We now be eve that WEP s actua y worse than no secur ty at a It s so easy to comprom se that t shou d be cons dered no secur ty at a , but t g ves users a fa se sense of secur ty WEP was rep aced w th W -F Protected Access (WPA), and fina y by WPA2 WPA2—a so known by ts Inst tute of E ectr ca And E ectron cs Eng neers (IEEE) standard des gnat on of 802 11 —has two eve s of secur ty WPA2-Enterpr se and WPA2-Persona WPA2-Enterpr se uses an 802 1X or RADIUS server to d str bute d fferent n t a keys to every user Th s 802 1X server can use Two Factor Authent cat on to further ncrease secur ty Rea st ca y, mp ement ng WPA2-Enterpr se s more than most SBS networks can do, but f you want to try t, a good start ng p ace s th s document on TechNet http://technet.microsoft. com/en-us/library/bb457068.aspx Note For a full list of available wireless documentation on TechNet, see http://technet.

microsoft.com/en-us/network/bb530679.aspx.

WPA2-Persona uses a Pre-Shared Key (PSK) of 8 to 63 characters n ength, and t can use e ther Advanced Encrypt on Standard (AES) or Tempora Key Integr ty Protoco (TKIP) encrypt on TKIP prov des backward compat b ty w th dev ces des gned for the or g na WPA standard, but t has been comprom sed and we don’t recommend t When WPA2-Persona s used w th AES and has a m n mum 16-character PSK, t prov des acceptab e secur ty for most sma bus nesses and can be eas y mp emented Another mportant requ rement s to choose a w re ess network name (SSID) that s not the defau t on your w re ess access po nt (WAP)

508 CHAPTER 19


■

WPA The or g na WPA encrypt on standard s based on RC4, wh ch can be comprom sed However, because t changes keys w th suffic ent frequency and der ves the new keys n an mproved way as compared to WEP, t was a s gn ficant mprovement over WEP, and t cou d genera y be mp emented w thout buy ng new hardware W th 802 1X authent cat on and the appropr ate authent cat on method, the n t a encrypt on keys are automat ca y generated

■

WPA2 The WPA2 encrypt on s based on AES and s much more secure than RC4, wh e the WPA2 standard ncorporates add t ona secur ty measures beyond just encrypt on Both Pre-Shared Key (WPA-Persona ) and RADIUS/802 1X authent cat on (WPA2-Enterpr se) scenar os are supported Th s s the m n mum w re ess secur ty standard you shou d a ow on your SBS network

■

IEEE 802.11i Th s s the under y ng standard for WPA2, wh ch s descr bed n the preced ng bu et po nt

■

VPNs One so ut on to sett ng up secure w re ess networks s to p ace the w re ess network outs de your ma n network and use a VPN connect on to the ma n network Th s approach has the advantage of gett ng around the nsecur t es of o der equ pment, but t has nherent prob ems If the externa access po nt s open and unsecured, t eaves the c ent exposed to any other computer n range It a so mposes a performance h t and requ res a VPN connect on for every c ent Mach ne group po c es are not app ed, and the overa re ab ty of the connect on and the adm n strat ve overhead are s gn ficant ssues as we For more on the good and bad of VPNs, see Chapter 20

■

IEEE 802.1X Us ng 802 1X as the authent cat on mechan sm for WPA2 encrypt on s an exce ent so ut on, but mp ement ng t on most SBS networks sn’t rea st c

We know some of these points are a bit controversial, but we also think that it’s possible to allow wireless clients on your internal SBS network. But only if you set realistic minimum standards and don’t use ineffective “security” measures that provide a false sense of security while actually doing little, if anything, to protect you from an attack.

510 CHAPTER 19


Windows Firewall The W ndows F rewa n W ndows Server 2008 R2 s the same bas c firewa nc uded n W ndows 7 and adds many new features and capab t es compared to the W ndows F rewa nc uded n prev ous vers ons These new features nc ude outbound fi ter ng; fi ter ng based on SIDs; a better management UI; configurat on for oca , remote, oca port, remote port, and protoco ; and t ght ntegrat on w th IPsec The other b g change s ocat on-spec fic po c es There are three separate firewa profi es a doma n profi e, a pr vate profi e for computers that aren’t doma n members but are on secured networks, and a pub c profi e for computers that res de on pub c y access b e networks And, fina y, per-user ru es are now supported A though these profi es aren’t terr b y usefu for the SBS server tse f, wh ch uses on y the Doma n Profi e, the same profi es are used by W ndows 7 and W ndows V sta computers and can be enforced w th Group Po cy In SBS, the W ndows F rewa s on by defau t A of the w zards n SBS and W ndows Server 2008 R2 that are used to add ro es and features w automat ca y set the necessary W ndows F rewa ru e or ru es to ensure proper funct ona ty wh e st secur ng the server SBS 2003 R2 had a bu t- n firewa , but most of the w zards used to configure the server were not des gned to configure the firewa , and most env ronments had the W ndows F rewa d sab ed on servers, re y ng on an externa firewa , or ISA 2004 on SBS Prem um servers, to protect the network In SBS 2011, the expectat on s that the W ndows F rewa rema ns enab ed The W ndows Server 2008 R2 W ndows F rewa a ows more granu ar contro over the configurat on and sett ngs than prev ous vers ons To open the W ndows F rewa W th Advanced Secur ty conso e, shown n F gure 19-11, type wf.msc at the command prompt, c ck W ndows F rewa W th Advanced Secur ty n the Adm n strat ve Too s fo der, or open the F rewa Sett ngs n the Secur ty page of the W ndows SBS Conso e

Windows Firewall

CHAPTER 19 511

Figure 19-11 The W ndows F rewa W th Advanced Secur ty conso e

Important SBS configures the firewall automatically as part of the normal SBS wizards.

You should only make changes directly with extreme caution. Know not only what problem you’re trying to solve, but why it isn’t automatically handled by the SBS wizards. And be sure you understand the security implications whenever you make a change.

W ndows F rewa has three profi es a Doma n Profi e, a Pr vate Profi e, and a Pub c Profi e Each profi e can have d fferent nbound and outbound ru es as needed To bu d a spec fic ru e, c ck Inbound Ru es or Outbound Ru es and then c ck New Ru e Custom ru es can be set for programs or for ports The SBS server uses on y the Doma n Profi e

Setting Firewall Policies Using Group Policy Use Group Po cy to ensure a cons stent app cat on of W ndows F rewa po c es across the doma n Us ng norma Group Po cy ru es as d scussed n Chapter 21, “Us ng Group Po cy,” you can set up a Group Po cy to manage a group of systems Use the bu t- n W ndows Management Instrumentat on (WMI) fi ters of SBS Group Po cy to set spec fic po c es for d fferent types of c ents and servers

512 CHAPTER 19


Firewall Rule Basics When bu d ng W ndows F rewa ru es, there are three poss b e act ons for a connect on that matches the ru e ■

A ow the connect on

■

On y a ow a connect on that s secured through the use of IPsec (authent cated bypass)

■

Exp c t y b ock the connect on

The order of precedence for W ndows F rewa ru es s as fo ows ■

Authent cated bypass

■

B ock connect on

■

A ow connect on

■

Defau t profi e behav or

Th s means that f you have a B ock ru e and an A ow ru e, and your connect on meets both cr ter a, the block rule will always win By be ng as spec fic as poss b e w th your ru es, you have ess ke hood of confl ct and more d rect contro Port ru es are much more genera than app cat on ru es and shou d be avo ded whenever poss b e

Rule Definitions Bu d ng ru e defin t ons s the process of bu d ng a comb nat on of cond t ons and spec fic access types nto a ru e that e ther a ows or d sa ows a connect on Ru es can be defined for ■

Programs Spec fic app cat ons that are e ther a owed or d sa owed by the ru e

■

Ports Genera a ow or d sa ow of a protoco through a port

■

Predefined Preconfigured and we -known serv ces and programs

■

Custom Can comb ne programs, ports, and spec fic nterfaces nto a custom ru e

Ru es can a ow or d sa ow traffic to or from programs, system serv ces, computers, or users Ru es can use protoco va ues of

■

Any

■

Internet Ass gned Numbers Author ty (IANA) IP protoco numbers

■

TCP

■

UDP

■

ICMPv4

■

ICMPv6

■

Others nc ud ng IGMP, HOPOPT, GRE, IPv6-NoNxt, IPV6-Opts, VRRP, PGM, L2TP, IPv6Route, IPv6-Frag

Windows Firewall

CHAPTER 19 513

Ru es for oca ports (UDP or TCP) can nc ude ■

A Ports

■

Spec fic Ports (comma-separated st)

■

Dynam c RPC

■

RPC Endpo nt Mapper

■

Edge Traversa

Ru es for Remote Ports (TCP and UDP) can nc ude ■

A Ports

■

Spec fic Ports (comma-separated st)

Ru es for ICMP traffic (ICMPv4 and ICMPv6) can be ■

A ICMP types

■

Spec fic types of ICMP traffic

Ru es can be for a Loca IP address scope of ■

Spec fic IPv4 or v6 address or st of addresses

■

Range of IPv4 or v6 addresses or st of ranges

■

Ent re IPv4 or v6 subnet or st of subnets

Ru es can be for a remote IP address scope of ■

Spec fic IPv4 or v6 address or st of addresses

■

Range of IPv4 or v6 addresses or st of ranges

■

Ent re IPv4 or v6 subnet or st of subnets

■

Predefined set of computers ( oca subnet, defau t gateway, DNS servers, WINS servers, DNS servers or a st of such tems)

Ru es can spec fy an nterface type of ■

A

nterface types

■

Loca area network

■

Remote access

■

W re ess

Ru es can nc ude program types of ■

A programs

■

System (a spec a keyword that restr cts traffic to the system process)

■

Spec fic path and exe name to an executab e

514 CHAPTER 19


Ru es for serv ces can ■

App y to a programs and serv ces

■

App y to serv ces on y

■

App y to a spec fied serv ce

There are three predefined spec a oca ports ■

Dynam c RPC s used by app cat ons and serv ces that rece ve dynam c RPC traffic over TCP (Does not nc ude traffic over named p pes )

■

RPC Endpo nt Mapper s used on y w th the RPCSS serv ce and a ows traffic to the endpo nt mapper

■

Edge Traversa s used on y w th the ph psvc (Teredo) serv ce and a ows the traffic to be decapsu ated by the Teredo serv ce on a dynam c port

Add t ona ru es can be set to a ow on y secure connect ons For secure connect ons you can spec fy that the connect on ■

Requ re encrypt on

■

A ow connect ons on y from spec fied computers n Act ve D rectory

■

A ow connect ons on y from spec fied users or secur ty groups n Act ve D rectory

Important Whenever possible, resist the temptation to create specific Windows

Firewall rules for specific computers or users. Although it is technically possible, it can quickly become a management and documentation nightmare. Use the SBS security groups and OUs to control firewalls. This is flexible and easy to maintain, and can be easily documented.

Creating a Firewall Policy You create F rewa Po c es by comb n ng ru es and ass gn ng them to groups of users or computers e ther through a WMI fi ter or an organ zat ona un t (OU) As an examp e, use the fo ow ng steps to create a ru e that b ocks L ve Messenger from a server computer 1. Open the Group Po cy Management Conso e 2. Nav gate to the SBSServers OU as shown n F gure 19-12

Windows Firewall

CHAPTER 19 515

Figure 19-12 The SBSServers OU n the Group Po cy Management Conso e

3. R ght-c ck SBSServers and se ect Create A GPO In Th s Doma n, And L nk It Here from

the shortcut menu to open the New GPO d a og box shown n F gure 19-13

Figure 19-13 The New GPO d a og box

4. G ve the GPO a name and c ck OK 5. H gh ght the new po cy n the L nked Group Po cy Objects pane and r ght-c ck

Se ect Ed t from the shortcut menu to open the Group Po cy Management Ed tor, shown n F gure 19-14

516 CHAPTER 19


Figure 19-14 The Group Po cy Management Ed tor

6. Nav gate to the Outbound Ru es conta ner of W ndows F rewa W th Advanced Secu-

r ty, as shown n F gure 19-14 7. R ght-c ck Outbound Ru es and se ect New Ru e from the shortcut menu to open the

New Outbound Ru e W zard shown n F gure 19-15

Figure 19-15 The Ru e Type page of the New Outbound Ru e W zard

Windows Firewall

CHAPTER 19 517

8. Se ect Program and c ck Next to open the Program page, as shown n F gure 19-16

Figure 19-16 The Program page of the New Outbound Ru e W zard

9. Se ect Th s Program Path and enter the fu path to W ndows L ve Messenger

(%ProgramF es(x86)%\W ndows L ve\Messenger\msnmsgr exe) 10. C ck Next to open the Act on page Se ect B ock The Connect on 11. C ck Next to open the Profi e Se ect a three profi es 12. C ck Next to open the Name page In the Name fie d, enter Windows Live

Messenger, and add a descr pt on 13. C ck F n sh to create the ru e The resu t s shown n F gure 19-17

518 CHAPTER 19


Figure 19-17 The Group Po cy Management Conso e, show ng the new Outbound Ru e

Note This block rule is hardly sufficient to block all instances or types of instant messag-

ing from the servers on an SBS network, but it’s presented to show how the Firewall Policy rules work and are configured.

Fixing Network Problems In a perfect wor d, networks wou d never fa , no one wou d ever have to change a network card, IP addresses wou d be automat ca y ass gned and never change, and no one wou d ever have to try to troub eshoot a network connect v ty prob em We , IPv6 he ps w th some of th s, but we’re afra d that there’s st a ong way to go unt we reach network n rvana Unt we do, however, there’s the F x My Network W zard (FMNW) n SBS The FMNW s the rep acement for the Configure E-Ma And Internet Connect v ty W zard (CEICW) of SBS 2003 W th the advent of IPv6 as an essent a network ng protoco , the job of repa r ng your network and configur ng t to an expected state has gotten much b gger, and the FMNW s the resu t The ro e of the FMNW s the same for both oca and remote connect v ty— dent fy var ances from the network ng state that SBS expects, and change everyth ng t can to that expected state Where t can’t make the change, such as the router configurat on on a router that doesn’t have Un versa P ug and P ay enab ed, t dent fies the prob em

Fixing Network Problems

CHAPTER 19 519

and suggests the changes you need to make manua y Because the FMNW addresses both oca and remote connect v ty ssues, we’ve chosen to wa t and cover t at the end of Chapter 20, “Manag ng Remote Access ”

Summary Loca connect v ty s a huge top c, and th s chapter has tr ed to cover the most mportant areas for SBS networks We covered DHCP and DNS, w re ess connect v ty, and firewa configurat on In the next chapter, we’ cover remote connect v ty and network troub eshoot ng

520 CHAPTER 19


CHAPTER 20

Managing Remote Access I

n the days before computers, workers went to work and then went home At home, they m ght be reachab e, but anyth ng they needed to do requ red go ng back n to work Then computers and pagers and fina y ce phones came a ong, and workers were expected to be reachab e v rtua y any where and any t me But that e ectron c eash d dn’t come w th an equa ab ty to access the resources to reso ve the prob em or dea w th the ssue A too often, respond ng to that e ectron c eash meant go ng n to work W ndows Sma Bus ness Server 2011 Standard (SBS), however, g ves you new and mproved too s to enab e access to cr t ca resources from wherever you are, w thout hav ng to come n to the office The two centra p ars of SBS that g ve you access to the network’s resources are Remote Web Access (RWA) and v rtua pr vate networks (VPN) RWA s the rep acement for the Remote Web Workp ace (RWW) of prev ous vers ons of SBS, and t adds mportant new funct ona ty A th rd remote access so ut on, Remote Desktop Serv ces (RDS) and RemoteApps, s an exce ent so ut on for SBS s tes that have the Prem um Add-on and are runn ng a second W ndows server RDS and RemoteApps s covered n deta n Chapter 26, “Add ng a Term na Server,” nc ud ng how to ntegrate RemoteApps nto RWA

Remote Web Access When RWW was ntroduced n SBS 2003, t was a revo ut onary new way to enab e remote access to network resources n a secure and conven ent manner that was the source of not a tt e envy from enterpr se networks that had noth ng equ va ent In SBS 2011, RWW has been rep aced by RWA, shown n F gure 20-1, wh ch has mproved funct ona ty as compared to RWW, and s shared w th other products, such as W ndows Sma Bus ness Server 2011 Essent a s, and W ndows Home Server 2011

521

Figure 20-1 The Remote Web Access ogon page

The bas c prem se of RWA s to prov de a secure way for remote users to access the resources of the SBS network Users connect to the RWA and ng page, shown n F gure 20-2, and from there they can ■

Connect to the r desktop n the office

■

Up oad and down oad fi es to the fo der shares on the SBS server

■

Connect to the company’s nterna webs te (Companyweb)

■

Read the r ema us ng M crosoft Out ook Anywhere

■

Change the r password

■

Connect to add t ona he p or features as ava ab e

Adm n strat ve users have add t ona opt ons ava ab e, nc ud ng the ab ty to connect to the SBS server or other servers on the network

522 CHAPTER 20


Figure 20-2 The Remote Web Access and ng page for standard users

Configuring the RWA Computer List A major change n SBS 2011 RWA s the ab ty to m t the st of computers that a user sees when he ogs n to RWA In SBS 2003, the st of computers showed a the ava ab e workstat ons n the doma n—not a b g dea n an SBS doma n of 5 users, but a b t of a pa n n an SBS network of 50 users In SBS 2011, each user sees on y the st of computers that he’s a owed to connect to The st s created n t a y when you jo n the computer to the SBS network, as shown n F gure 20-3

Remote Web Access

CHAPTER 20 523

Figure 20-3 Ass gn ng users to a computer dur ng n t a dep oyment of the computer

After computers are set up, however, you can eas y change th s st We tend to th nk from a user perspect ve, rather than a computer perspect ve, so we change t by configur ng the computers that a user account s ass gned to To change the st of computers that a user can connect to from RWA, open the W ndows Sma Bus ness Server 2011 Standard Conso e (W ndows SBS Conso e) and then use the fo ow ng steps 1. C ck on Users And Groups n the nav gat on bar, and then on the Users tab 2. Se ect the user you want to mod fy, and then c ck Ed t User Account Propert es n the

Tasks pane to open the Propert es d a og box for the user, as shown n F gure 20-4 3. C ck Computers n the eft pane to open the Set Network Computer Access page,

shown n F gure 20-5

524 CHAPTER 20


Figure 20-4 The Propert es d a og box for user A fredo Fettucc ne

Figure 20-5 The Set Network Computer Access page

Remote Web Access

CHAPTER 20 525

Enabling or Disabling a User for RWA You can enab e or d sab e the access of nd v dua users to RWA Norma y, a users are enab ed for RWA, but f you want on y a subset of your users to have the pr v ege to og n to RWA you can d sab e the access of those you want to exc ude Fo ow these steps to enab e or d sab e a user from Remote Web Workp ace 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck on Users And Groups n the nav gat on bar and then c ck on the Groups tab 3. Se ect the W ndows SBS Remote Web Access Users secur ty group n the ma n pane,

and c ck Ed t Group Propert es n the Tasks pane to open the Propert es d a og box for the group, as shown n F gure 20-12

Figure 20-12 The Propert es page of the W ndows SBS Remote Web Access Users secur ty group

4. Se ect a user account n the Group Members pane, and c ck Remove to remove the

user 5. To add a user account, c ck Add to open the Change Group Membersh p d a og box


530 CHAPTER 20


Authentication is the process of ensuring that the individual who requests access to a resource is, in fact, the individual she is claiming to be. There are four basic kinds of authentication: “what-you-know,” “who-you-are,” “what-you-have,” and “whereyou-are.” TFA requires that any user requesting remote access to the resources of your SBS network use two methods to uniquely identify herself. The first method is the providing the user name and password of the user, and the second is some other factor. The real beauty of TFA is that even if one of your factors is compromised, it’s useless without the second factor. The basic user name and password is a what-you-know factor, and it’s the most commonly used form of authentication. When combined with a sort of loose whereyou-are factor—that is, at the console of your own PC—and when passwords or passphrases are sufficiently complex, it’s a good method of authentication. Who-you-are authentication is usually some form of biometric analysis—fingerprint readers, retina scanners, and even visual recognition software all are forms of whoyou-are authentication. We’re not big fans of the most common of these, fingerprint readers. They’re rather easily defeated from what we’ve seen to date. What-you-have authentication is usually something like a smart card or a one-time password generator. Microsoft’s corporate network uses smart cards for its TFA, but we think one-time passwords are a lot easier to deal with and deploy in a small business. You don’t require deploying smart card readers for everyone, and the overall costs are significantly less as a result. Finally, where-you-are authentication uses your physical location as a proof of who you are. An example is the variable authentication process that some banks are implementing. It starts with the IP address and machine name from which you’re connecting to your bank. The bank knows that the IP address is typical for you and only asks a standard set of verification questions. But if you were to connect from a public wireless access point while you’re on vacation, the bank would immediately be more cautious about who you are claiming to be, and the secondary verification process is more detailed. This kind of variable authentication process is expensive to implement and outside the scope of most small businesses. We use TFA for remote access to our SBS network. We’ve implemented Scorpion Software’s AuthAnvil (http://www.scorpionsoft.com). The AuthAnvil RWA agent (formerly known as RWWGuard) extends the standard RWA logon page to require a one-time password, as shown in Figure 20-14.

532 CHAPTER 20


3. Se ect the Remote Web Access nk n the eft pane, and then c ck V ew S te Propert es

n the Tasks pane to open the Propert es d a og box for RWA 4. C ck Home Page L nks n the eft pane of the Propert es d a og box to open the Home

Page L nks For Remote Web Access page shown n F gure 20-15

Figure 20-15 The Home Page L nks For Remote Web Access page

5. Dese ect any nks you don’t want to have v s b e on RWA Th s w

affect a users

6. C ck Manage L nks to open the Remote Web Access L nk L st Propert es d a og box,

shown n F gure 20-16 7. To d sab e e ther Organ zat on L nks or Adm n strat on L nks, dese ect them on the

Genera page of the Remote Web Access L nk L st Propert es d a og box 8. C ck Perm ss ons n the eft pane to open the Manage Gadget Perm ss ons page,


534 CHAPTER 20


Figure 20-16 The Genera page of the Remote Web Access L nk L st Propert es d a og box

Figure 20-17 The Perm ss ons page of the Remote Web Access L nk L st Propert es d a og box

Remote Web Access

CHAPTER 20 535

9. C ck Mod fy beneath the st you want to change perm ss ons for to open the Change

Group Membersh p d a og box for the secur ty group 10. C ck Organ zat on L nks to open the Manage Organ zat on L nks page shown n F gure

20-18 L nks added here w be v s b e to a SBS users who have perm ss on to og on to RWA (See Chapter 26 for deta s on add ng nks here for RemoteApps )

Figure 20-18 The Manage Organ zat on L nks page of the Remote Web Access L nk L st Proper t es d a og box show ng severa added RemoteApps nks

11. C ck Adm n strat on L nks to open the Manage Adm n strat on L nks page L nks added

here w be v s b e on y to users w th e ther Network Adm n strat on or Standard User W th Adm n strat on L nks ro es 12. C ck OK to return to the ma n Remote Web Access Propert es page 13. C ck Custom zat on n the eft pane to open the Custom ze Remote Web Access page,

shown n F gure 20-19 Here you can change the organ zat on name (that appears on RWA ogon page), as we as add your company’s ogo and a custom background mage to the ogon page 14. When you’ve comp eted your changes to the RWA webs te propert es, c ck OK to

ex t and app y the changes Just to g ve you an dea of what s eas y poss b e, I added a background mage from a photo taken from the office w ndow, and a p cture of our hea th and safety officer to our examp e doma n’s RWA ogon page, as shown n F gure 20-20

536 CHAPTER 20


Figure 20-19 Custom z ng the ogon page of Remote Web Access

Figure 20-20 Custom z ng the RWA ogon page

Remote Web Access

CHAPTER 20 537

Enabling VPNs Enab ng VPNs to your SBS network s a s mp e process You run the Set Up V rtua Pr vate Network ng W zard from the W ndows SBS Conso e, and you configure your router or firewa for VPN passthrough If you have Un versa P ug and P ay (UPnP) enab ed, SBS w make the change on the router for you But we don’t enab e UPnP on our network, and we don’t recommend that you do so, e ther Just manua y configure the router— t takes on y a few m nutes, and we th nk t’s safer than eav ng UPnP enab ed To enab e VPN access to your SBS network, use the fo ow ng steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck on Network n the nav gat on bar, and then c ck on the Connect v ty tab 3. Se ect VPN Connect on n the ma n pane, and then c ck Configure A V rtua Pr vate

Network n the Tasks pane to open the Set Up V rtua Pr vate Network ng W zard shown n F gure 20-21

Figure 20-21 The Set Up V rtua Pr vate Network ng W zard

4. C ck on A ow Users To Connect To The Server By Us ng A VPN When the w zard com-

p etes, you’ see a status page that te s you the w zard comp eted successfu y, and w th any warn ngs, as shown n F gure 20-22

Virtual Private Networks

CHAPTER 20 539

Figure 20-22 W th UPnP turned off, you

get a warn ng that the router wasn t conf gured

5. If you get a warn ng, c ck on V ew Warn ng Deta s to see what the warn ng s about

If you have UPnP turned off on your router, you’ see the warn ng deta s shown n F gure 20-23

Figure 20-23 W th UPnP off, you must manua y conf gure ports on your router

6. C ck C ose to c ose the Set Up V rtua Pr vate Network ng Warn ng Deta s page and

then F n sh to c ose the w zard 7. If you don’t have UPnP enab ed on your router, open Internet Exp orer and og on to

the router 540 CHAPTER 20


8. The deta s for each router are d fferent, but you need to configure the router to for-

ward port 1723 to the IP address of the SBS server You m ght a so need to configure PPTP Passthrough Most routers have an automat c method (often ca ed “V rtua Servers”) for configur ng port forward ng Consu t your router documentat on 9. After the router s configured, you’ probab y need to restart the router When you do,

VPNs w

be enab ed on your SBS network

Configure VPN Permissions By defau t, on y users w th the Network Adm n strator ro e are enab ed for VPN access To add users, you need to add them to the W ndows SBS V rtua Pr vate Network Users secur ty group As w th most th ngs n SBS, there’s more than one way to get there, but we use the fo ow ng steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck Network on the nav gat on bar, and then c ck the Connect v ty tab 3. Se ect VPN Connect on n the eft pane, and then c ck V ew V rtua Pr vate Network

Propert es n the Tasks pane to open the V rtua Pr vate Network ng Genera Propert es page, shown n F gure 20-24

Figure 20-24 The V rtua Pr vate Network ng Genera Propert es page

Virtual Private Networks

CHAPTER 20 541

4. C ck Mod fy to open the Change Group Membersh p d a og box for the W ndows SBS

V rtua Pr vate Network Users secur ty group, shown n F gure 20-25

Figure 20-25 The Change Group Membersh p d a og box for the W ndows SBS V rtua Pr vate

Network Users secur ty group

5. Se ect users or groups of users n the User And Groups pane on the eft, and c ck Add

to add them to the W ndows SBS V rtua Pr vate Network Users secur ty group 6. Se ect users or groups of users n the Group Members pane on the r ght, and c ck

Remove to remove them from the W ndows SBS V rtua Pr vate Network Users secur ty group On y members of the W ndows SBS V rtua Pr vate Network Users secur ty group have perm ss on to use a VPN to connect to the SBS network 7. When you fin sh mak ng your changes, c ck OK to save the changes and return to the

W ndows SBS Conso e

Fixing Network Problems In a perfect wor d, networks wou d never fa , no one wou d ever have to change a network card, IP addresses wou d be automat ca y ass gned and never change, and no one wou d ever have to try to troub eshoot a network connect v ty prob em We , IPv6 he ps w th some of th s, but we’re afra d that there’s st a ong way to go unt we reach network n rvana Unt we do, however, there’s the F x My Network W zard (FMNW) n SBS Now, we have to say r ght up front that when we heard the name for th s new w zard, we were more than a tt e concerned It sounded a ot ke someth ng you m ght run on a home PC, w th usua y ess than opt ma resu ts But then we remembered that for SBS 2003, the SBS team had a ready created one of the best network configurat on w zards we’ve ever

542 CHAPTER 20


used—the Configure E-ma and Internet Connect v ty W zard Affect onate y known as the CEICW (say that fast three t mes), the CEICW was a sort of one-stop shop for resett ng a your network sett ngs back to where they be onged The CEICW was rea y good at what t d d, but t d d have some m ts It cou dn’t te that your IP address had changed, t d dn’t recogn ze that your router wasn’t respond ng, and t neg ected to do a few other th ngs that we’d sort of w shed t d d There were a so t mes when you needed to run a d fferent w zard or actua y resort to us ng the nat ve W ndows Server too s W th the FMNW n SBS 2011, the SBS team has taken the concept of the CEICW and extended and mproved t s gn ficant y The actua n t a configurat on of Internet doma n name and ema , a ong w th pub c DNS names, have been separated out as d screte tasks w th the r own w zards, wh ch makes a ot of sense After you’ve done those, they rea y aren’t ke y to change a that much But t’s a the other th ngs that seem to go wrong w th network ng The FMNW, shown n F gure 20-26, s ocated on the Connect v ty page of the Network sect on of the W ndows SBS Conso e The FMNW can dent fy, and n most cases fix, prob ems w th DHCP, DNS, ogons, network access (both oca and remote), Internet connect v ty, RWA, ema , and VPNs In some cases, you m ght need to run the w zard mu t p e t mes, and f you have UPnP d sab ed on your router, you’ need to make any router changes that t dent fies yourse f, manua y

Figure 20-26 The n t a page of the F x My Network W zard

When we ran t on our network, wh ch had IPv6 d sab ed, we got the Potent a Network Issues page shown n F gure 20-27


CHAPTER 20 543

Figure 20-27 Th s s what a d sab ed Pv6 ooks ke

Now we expected th s, because we de berate y d sab ed IPv6, know ng that a m ss ng or m sconfigured IPv6 s the number one source of the troub e ca s to M crosoft Customer Support when W ndows Sma Bus ness Server 2008 has prob ems The W zard worked away for 10 to 15 seconds, and then gave us the resu ts page shown n F gure 20-28

Figure 20-28 The F x My Network W zard has successfu y f xed the f rst prob em

544 CHAPTER 20


Th s looks ke a s we But you shou d always run the w zard a second t me whenever you find an ssue Because somet mes t takes two or more tr es to fix a the prob ems, and t often can’t even see a prob em unt t fixes someth ng e se that s b ock ng So, even though a ooked we , we ran the FMNW aga n, and resu t s shown n F gure 20-29

Figure 20-29 Somet mes t takes more than one pass of the F x My Network W zard to f x everyth ng

Oops OK, et’s run t aga n Now t says that there’s some stuff we’re go ng to have to do ourse ves, as shown n F gure 20-30

Figure 20-30 When the FMNW needs he p, t w

te you

So we c ck Yes and return to the Potent a Network Issues page The first tem s h gh ghted, and we’re d rected n the Deta s sect on to a M crosoft art c e w th deta s on how to fix t, as shown n F gure 20-31


CHAPTER 20 545

Figure 20-31 We d dn t d sab e Pv6 proper y

So, we go to the page, where t te s us we shou dn’t rea y ever need to d sab e IPv6, but f we abso ute y ns st on d sab ng t, here’s the proper way to do t A n a , just better to not d sab e t n the first p ace F x the IPv6 ssue, and re-run the FMNW You shou d run t unt you get e ther a comp ete y green check on ssues, or the on y ssues eft are ssues you’ve a ready dec ded you don’t want the w zard to fix (such as configur ng the router or firewa ) The one m tat on of the FMNW s that t won’t run successfu y f you have more than a s ng e network card enab ed on your SBS server Because that’s not a supported configurat on, the w zard reports the ssue and offers to d sab e the extra NIC—not a great dea, because t cou d we d sab e the wrong one Our so ut on s to s mp y d sab e the NIC pr or to runn ng the F x My Network W zard on our product on network, wh ch does have more than one network card n the server because of the unusua network ng requ rements here w th a of our test networks

Summary Connect v ty s a huge top c, but n th s chapter we focused on remote connect v ty and troub eshoot ng The Remote Web Access porta and V rtua Pr vate Networks are the two supported methods of remote access, and the F x My Network W zard s a great troub eshoot ng too In the next chapter, we’ cover Group Po cy and how you can use t to he p manage your SBS network

546 CHAPTER 20


The GPT is a set of files in the SYSVOL folder on the server. When you create a GPO, the corresponding GPT folder structure is created automatically. The actual name of the folder for the GPT is the globally unique identifier (GUID) for the GPO—a number that is useful to the computer but is otherwise incomprehensible. To see the policy folder, look in %SystemRoot%\SYSVOL\sysvol\domain name\policies. But do not change this folder in any way. Work on Group Policy through the Group Policy Management Console (GPMC).

Managing Group Policies The Group Po cy Management Conso e (GPMC) prov des a comprehens ve overv ew of Group Po cy n a s ng e conso e A Group Po cy management tasks can be performed n the GPMC except configur ng nd v dua po c es n GPOs When you want to configure nd v dua po c es, the GPMC w Object Ed tor w th the po cy oaded

aunch the Group Po cy

To see the group po c es spec fica y defined for W ndows SBS, se ect Adm n strat ve Too s from the Start menu and then se ect Group Po cy Management Expand Forest and then Doma ns unt you get to MyBus ness as shown n F gure 21-1

Figure 21-1 V ew ng SBS Group Po cy

Managing Group Policies

CHAPTER 21 549

To v ew or mod fy an ex st ng GPO, r ght-c ck the GPO and se ect Ed t as shown n F gure 21-2

Figure 21-2 Choos ng to ed t a GPO

Th s act on opens the Group Po cy Management Ed tor (shown n F gure 21-3), where n you can expand var ous tems n the conso e to v ew ex st ng sett ngs

Figure 21-3 V ew ng Group Po c es

550 CHAPTER 21

Using Group Policy

Order of Inheritance As a ru e, Group Po cy sett ngs are passed from parent conta ners down to ch d conta ners Th s means that a po cy that s app ed to a parent conta ner app es to a the conta ners— nc ud ng users and computers—that are be ow the parent conta ner n the Act ve D rectory tree h erarchy However, f you spec fica y ass gn a Group Po cy for a ch d conta ner that contrad cts the parent conta ner po cy, the ch d conta ner’s po cy overr des the parent Group Po cy If po c es are not contrad ctory, both can be mp emented For examp e, f a parent conta ner po cy ca s for an app cat on shortcut to be on a user’s desktop and the ch d conta ner po cy ca s for another app cat on shortcut, both appear Po cy sett ngs that are d sab ed are nher ted as d sab ed Po cy sett ngs that are not configured n the parent conta ner rema n unconfigured

Overriding Inheritance Severa opt ons are ava ab e for chang ng how nher tance s processed One opt on, ca ed enforc ng a GPO nk, prevents ch d conta ners from overr d ng any po cy sett ng set n a h gher eve GPO Th s opt on s not set by defau t on a GPOs

Enforcing a GPO Link in the GPMC To enforce a nk, open the Group Po cy Management Conso e, r ght-c ck the Group Po cy object nk n the conso e tree, and se ect Enforced, as shown n F gure 21-4

Figure 21-4 Enforc ng a GPO nk

Managing Group Policies

CHAPTER 21 551

A second opt on s B ock Inher tance When you se ect th s opt on, the ch d conta ner does not nher t any po c es from parent conta ners In the event of a confl ct between these two opt ons, the Enforced opt on a ways takes precedence S mp y stated, Enforced s a nk property, B ock Inher tance s a conta ner property, and Enforced takes precedence over B ock Inher tance

Setting Block Inheritance To enab e B ock Inher tance, open the Group Po cy Management Conso e and r ght-c ck the doma n or organ zat ona un t (OU) for wh ch you want to b ock nher tance Se ect B ock Inher tance, as shown n F gure 21-5

Figure 21-5 Sett ng b ock nher tance for a doma n

Order of Implementation Group po c es are processed n the fo ow ng order 1. Loca GPO 2. GPOs nked to the s te n the order spec fied by the adm n strator 3. Doma n GPOs, as spec fied by the adm n strator 4. OU GPOs, from argest to sma est OU (parent to ch d OU)

The GPO w th the owest nk order s processed ast, and therefore has the h ghest precedence If mu t p e GPOs attempt contrad ctory sett ngs, the GPO w th h ghest precedence w ns

552 CHAPTER 21

Using Group Policy

Except ons to th s order are GPOs w th enforced or d sab ed nks, GPOs w th d sab ed user or computer sett ngs, and OUs (or the who e doma n) set to b ock nher tance To see the order of precedence for GPOs for a doma n or OU, open the Group Po cy Management Conso e and, n the conso e tree, se ect the doma n name or the OU In the deta s pane, c ck the Group Po cy Inher tance tab, as shown n F gure 21-6

Figure 21-6 V ew ng a doma n s Group Po cy order of nher tance

Creating a Group Policy Object The nsta at on of W ndows SBS creates an Act ve D rectory doma n that nc udes a defau t doma n po cy, a defau t Doma n Contro ers po cy, and severa po c es spec fica y for Sma Bus ness Server When you need to set up a GPO of your own, fo ow these steps 1. Se ect Group Po cy Management from the Adm n strat ve Too s menu, and nav gate to

the conta ner to wh ch you want the new GPO to app y 2. R ght-c ck the doma n, s te, or OU; and se ect Create A GPO In Th s Doma n, And L nk

It Here 3. In the New GPO d a og box, type n a name for the Group Po cy Object and c ck OK 4. R ght-c ck the new GPO and se ect Ed t to aunch the Group Po cy Object Ed tor 5. Spec fy sett ngs for the GPO When you’re fin shed, c ose the Group Po cy Object

Ed tor 6. In the Group Po cy Management Conso e, r ght-c ck the doma n name or the OU th s

GPO s to be assoc ated w th and se ect L nk An Ex st ng GPO 7. In the Se ect GPO d a og box, se ect the GPO to nk and c ck OK

Creating a Group Policy Object

CHAPTER 21 553

Managing Group Policy Links W th numerous GPOs on a network, t’s mportant to keep track of GPO nks w th n the doma n To find out what nks ex st for a part cu ar GPO, fo ow these steps 1. Se ect Group Po cy Management from the Adm n strat ve Too s menu 2. R ght-c ck the doma n name n the conso e tree and se ect Search 3. In the Search Item drop-down st, se ect GPO- nks 4. C ck Add and then c ck Search 5. In the Search Resu ts box shown n F gure 21-7, doub e-c ck a GPO to v ew ts nks and

other sett ngs

Figure 21-7 F nd ng GPO nks

Setting the Scope of the GPO A GPO app es to a the users and computers n the conta ner w th wh ch the GPO s assoc ated Most GPOs defau t to app y ng to Authent cated Users—name y, everyone who can og on to the network Inev tab y, there are GPOs that shou d app y on y to some To fi ter the app cat on of a GPO, fo ow these steps 1. Se ect Group Po cy Management from the Adm n strat ve Too s menu 2. Se ect the Group Po cy Object you want to fi ter, and c ck the Scope tab

Managing Group Policy Links

CHAPTER 21 555

3. On the Scope tab n the Secur ty F ter ng sect on, c ck Add and ocate the groups or

users that shou d have the po cy app ed to them In the Se ect User, Computer, Or Group d a og box, shown n F gure 21-8, make your se ect on and c ck OK

Figure 21-8 Se ect ng groups or users to wh ch the GPO app es

If Authent cated Users appears n the Secur ty F ter ng st on the Scope page, se ect t and c ck Remove Th s ensures that the GPO s app ed on y to the groups or users you added

Enabling and Disabling GPO Links To check or change the status of a GPO nk, fo ow these steps 1. Se ect Group Po cy Management from the Adm n strat ve Too s menu 2. In the conso e tree, nav gate to the Group Po cy Objects under your doma n name and

se ect the GPO 3. On the Scope tab, nks are sted and the status of the nk s shown under L nk

Enab ed To change the status, r ght-c ck the nk and se ect L nk Enab ed from the shortcut menu, as shown n F gure 21-9

Figure 21-9 Enab ng a GPO nk

556 CHAPTER 21

Using Group Policy

Disabling a Branch of a GPO If a GPO has an ent re node under User Configurat on or Computer Configurat on that’s not configured, d sab e the node to avo d process ng those sett ngs Th s speeds startup and ogon for a users subject to that GPO To d sab e a node, open the Group Po cy Management Conso e and fo ow these steps 1. In the conso e tree, expand Group Po cy Objects 2. R ght-c ck the GPO that conta ns the User or Computer sett ngs you want to d sab e,

po nt to GPO Status, and then choose one of the fo ow ng opt ons shown n F gure 21-10 ■

C ck User Configurat on Sett ngs D sab ed to d sab e user sett ngs for the GPO

■

C ck Computer Configurat on Sett ngs D sab ed to d sab e computer sett ngs for the GPO

Figure 21-10 D sab ng a branch of a GPO

A check mark next to User Configurat on Sett ngs D sab ed or Computer Configurat on Sett ngs D sab ed nd cates that the opt on s current y se ected

Refreshing Group Policy Po cy changes are mmed ate, but they are not nstant y propagated to c ents C ent computers request po cy on y when one of the fo ow ng occurs

■

The computer starts

■

A user ogs on

Refreshing Group Policy

CHAPTER 21 557

■

An app cat on requests a refresh

■

A user requests a refresh

■

A Group Po cy refresh nterva s enab ed, and the nterva has e apsed

By defau t, Group Po cy refreshes n the background every 90 m nutes w th a random offset of 0 through 30 m nutes added so that not a computers request a refresh at the same t me If you find the defau t refresh too ong or too short, you can change the refresh nterva by fo ow ng these steps 1. Se ect Group Po cy Management from the Adm n strat ve Too s menu 2. To add the sett ng to an ex st ng GPO, r ght-c ck the GPO and se ect Ed t To create a

new GPO, r ght-c ck the doma n name or OU; and se ect Create A GPO In Th s Doma n, And L nk It Here Supp y a name for the new GPO, r ght-c ck t n the Group Po cy Management Conso e, and se ect Ed t 3. In the conso e tree, expand Computer Configurat on, expand Po c es, expand Adm n-

strat ve Temp ates, expand System, and then se ect Group Po cy as shown n F gure 21-11

Figure 21-11 Group Po cy sett ngs for Group Po cy

4. In the deta s pane, doub e-c ck Group Po cy Refresh Interva For Computers 5. On the Sett ngs tab, se ect Enab ed, and then supp y the new sett ngs C ck OK when

fin shed Note Don’t make the interval very short because a large amount of network traffic is

generated by each refresh.

558 CHAPTER 21

Using Group Policy

Because po cy can be set at severa eve s, when you ook at a po cy object, what you see s both oca po cy and the po cy n effect on the system Loca po cy and actua po cy n effect m ght not be synonymous f the computer s nher t ng sett ngs from doma n- eve po c es If you make a po cy sett ng and t sn’t reflected n effect ve po cy, a po cy from the doma n s overr d ng your sett ng It’s a so poss b e that the po cy change hasn’t been refreshed s nce the change was made To force a po cy refresh for the oca computer, open a Command Prompt w ndow and type the fo ow ng gpupdate [/target:{computer | user}] /force

Backing Up a Group Policy Object A va uab e feature, new n the Group Po cy Management Conso e, s the ab ty to back up and restore GPOs Inc ude regu ar backup of a GPOs as part of your overa p ann ng-ford saster strategy To back up a GPO, fo ow these steps 1. Open the Group Po cy Management Conso e In the conso e tree, nav gate to Group

Po cy Objects n the doma n that conta ns the GPO to be backed up ■

To back up a s ng e GPO, r ght-c ck the GPO and se ect Back Up

■

To back up a GPOs n the doma n, r ght-c ck Group Po cy Objects and se ect Back Up A (See F gure 21-12 )

Figure 21-12 Back ng up a GPOs

2. In the Back Up Group Po cy Object d a og box, type the path to the backup ocat on

and then c ck Back Up 3. After the operat on comp etes, c ck OK

Backing Up a Group Policy Object

CHAPTER 21 559

Note Because the only reason to back up GPOs—or anything else, for that matter—is

to protect data that might have to be restored one day, be sure that the backup folder is secure and can be accessed only by authorized administrators.

Restoring a Group Policy Object You can eas y restore GPOs that have been backed up If you back up a the GPOs n a conta ner, you can restore a of them, some of them, or one at a t me To restore backed-up GPOs, comp ete these steps 1. Se ect Group Po cy from the Adm n strat ve Too s menu 2. In the conso e tree, nav gate to Group Po cy Objects 3. To restore a prev ous vers on of an ex st ng GPO or to restore a de eted GPO, r ght-c ck

Group Po cy Objects and se ect Manage Backups 4. In the Manage Backups d a og box, se ect the GPO to restore and c ck Restore

When you have a ot of GPOs to sort through, se ect the check box that a ows you to d sp ay on y the atest vers ons of the backed-up GPOs If you’re unsure of wh ch GPO to restore, h gh ght them one at a t me and c ck V ew Sett ngs

Deploying Applications with Group Policy Manag ng software on c ent computers can be a ted ous task, but you can use Group Po cy to dep oy app cat ons automat ca y The Group Po cy Software Insta at on extens on enab es you to dep oy app cat ons to computers n the doma n or forest us ng Group Po cy and nc udes the capab ty to do the fo ow ng ■

Pub sh app cat ons so that users can v ew and nsta programs from the network

■

Ass gn app cat ons to users or computers so that the app cat ons are nsta ed automat ca y when users need them or on the next restart or ogon

■

Target app cat ons to d fferent groups us ng Group Po cy

■

V ew the nsta at on status us ng Group Po cy Resu ts

560 CHAPTER 21

Using Group Policy

3. Copy the app cat on setup fi es to the fo der created n step 1, or use an adm n strat ve

setup command to nsta the setup fi es to the fo der Consu t the software manufacturer for spec fic nstruct ons and recommendat ons Note To publish the software distribution folder in Active Directory so that users can

find the folder when searching Active Directory for shared folders, right-click the appropriate container in the Active Directory Users And Computers console, choose New, select Shared Folder, and then type the path of the DFS folder or shared folder in the Network Path box.

Creating a GPO for Software Deployment Create a new GPO for dep oyed app cat ons by fo ow ng these steps 1. Open Group Po cy Management from the Adm n strat ve Too s fo der on the Start

menu 2. R ght-c ck the doma n or OU where you want to create the GPO; and se ect Create A

GPO In Th s Doma n, And L nk It Here, as shown n F gure 21-13

Figure 21-13 Creat ng a new GPO

3. In the New GPO d a og box, type n a name for the GPO as shown n F gure 21-14 and

c ck OK

Deploying Applications with Group Policy

CHAPTER 21 563

Figure 21-14 Prov d ng a name for the new GPO

4. Nav gate to the new GPO n the eft pane, and under Secur ty F ter ng c ck Add to as-

s gn th s GPO to spec fic users or computers

Configuring the Group Policy Software Installation Extension A number of opt ons contro how Group Po cy dep oys and manages software packages These opt ons determ ne how packages are added to the GPO, the amount of contro users have over an nsta at on, and the defau t app cat on for a g ven fi e extens on, as we as wh ch categor es you can use for group ng app cat ons The fo ow ng sect ons cover these opt ons Note Software installation settings for applications deployed to users are not shared

with applications that are deployed to computers. Each type of deployment maintains its own set of applications and settings.

Setting Software Installation Options To change the defau t sett ngs for the Group Po cy Software Insta at on extens on, first open the Software Insta at on Propert es d a og box by perform ng the fo ow ng steps 1. Open the Group Po cy Management Conso e from the Adm n strat ve Too s menu 2. R ght-c ck the GPO you created for app cat on dep oyment and se ect Ed t 3. Under Computer Configurat on or User Configurat on, expand Po c es and then ex-

pand Software Sett ngs 4. R ght-c ck Software Insta at on and se ect Propert es, as shown n F gure 21-15, to

open the Software Insta at on Propert es d a og box

564 CHAPTER 21

Using Group Policy

Figure 21-15 Se ect ng Software nsta at on propert es

Note Software Installation settings for applications deployed to users are not shared

with applications that are deployed to computers. Each type of deployment maintains its own set of applications and settings.

5. On the Genera tab (shown n F gure 21-16), spec fy the ocat on of the software d str -

but on po nt

Figure 21-16 The Software nsta at on Propert es d a og box


CHAPTER 21 565

Adding a Software Package to a Group Policy Before Group Po cy can ass gn or pub sh app cat ons that you copy to the software d str but on po nt d scussed ear er n th s chapter, you must add the nsta at on packages to the GPO To add a package to a GPO, fo ow these steps 1. Insta the app cat on to the software d str but on po nt us ng an adm n strat ve setup

command or by manua y copy ng the setup fi es, as d scussed n “Creat ng a Software D str but on Po nt” ear er n th s chapter 2. Open the Group Po cy Management Conso e from the Adm n strat ve Too s menu 3. R ght-c ck the GPO you created for app cat on dep oyment and se ect Ed t to open

the Group Po cy Management Ed tor 4. Se ect e ther User Configurat on or Computer Configurat on, expand Po c es, and then

expand Software Sett ngs 5. R ght-c ck Software Insta at on, choose New, and then choose Package as shown n

F gure 21-17

Figure 21-17 nsta ng a new software package

6. Se ect e ther W ndows Insta er Package(* ms ) or make a se ect on from the drop-down

st of fi e types, depend ng on the type of app cat on you want to dep oy (Note that you can dep oy zap fi es on y to users, not computers ) 7. Nav gate to the software d str but on po nt you created and se ect the package, as

shown n F gure 21-18 Do not use a oca fi e path 8. C ck Open to open the Dep oy Software d a og box, and choose from the fo ow ng

opt ons for how to dep oy the package When you have made your se ect ons, c ck OK


CHAPTER 21 567

■

Se ect Pub shed to pub sh the app cat on n Act ve D rectory w th the defau t sett ngs (ava ab e on y w th User Configurat on)

■

Se ect Ass gned to ass gn the app cat on w th the defau t propert es

■

Se ect Advanced to mod fy how W ndows dep oys the app cat on

Note Windows deploys packages after the second logon or restart for Windows XP clients,

after the first logon or restart for Windows 2000 clients, and after the first logon or restart if you enable the Always Wait For The Network At Computer Startup And Logon policy.

Figure 21-18 Se ect ng a software d str but on package

Group Policy Preferences Group Po cy Preferences he p you configure, dep oy, and manage operat ng system and app cat on sett ngs that you cannot manage by us ng Group Po cy Examp es nc ude mapped dr ves, schedu ed tasks, and Start menu sett ngs Us ng Group Po cy Preferences s often a better a ternat ve than ogon scr pts for configur ng these sett ngs Group Po cy Preferences are bu t nto the Group Po cy Management Conso e Networks customar y have two types of sett ngs enforced sett ngs (Group Po cy) and opt ona sett ngs (preferences) Enforced sett ngs can’t be changed by users Preferences, on the other hand, can be changed by users By spec fica y dep oy ng preferences, you can create configurat ons that are more su tab e for your organ zat on than the operat ng system’s

568 CHAPTER 21

Using Group Policy

To v ew Group Po cy Preferences, start Group Po cy Management from the Adm n strat ve Too s menu and fo ow these steps 1. Nav gate to Group Po cy Objects R ght-c ck Defau t Doma n Contro ers Po cy and

se ect Ed t 2. Under Computer Configurat on, expand Preferences, expand W ndows Sett ngs, and

then expand Contro Pane Sett ngs 3. Under User Configurat on, expand Preferences, expand W ndows Sett ngs, and then

expand Contro Pane Sett ngs As you can see n F gure 21-20, the Computer Configurat on and User Configurat on sts are very s m ar However, even when the names are dent ca , the propert es m ght d ffer The fo ow ng preferences do not over ap App cat ons, Dr ve Maps, Internet Sett ngs, Reg ona Opt ons, and Start Menu under User Configurat on; and Network Shares and Network Opt ons under Computer Configurat on

Figure 21-20 Group Po cy Preferences extens ons

570 CHAPTER 21

Using Group Policy

Using Group Policy Preferences for Windows L ke Group Po cy sett ngs, preferences are a most nfin te y configurab e In the next sect ons, we’ d scuss a samp e of these extens ons, beg nn ng w th the W ndows sett ngs

Drive Maps The Dr ve Maps sett ng a ows you to create, update, and de ete mapped dr ves and the r propert es To create a mapped-dr ve preference tem, fo ow these steps 1. Start Group Po cy Management from the Adm n strat ve Too s menu 2. R ght-c ck the GPO that w

conta n the new preference tem, and then c ck Ed t

3. In the conso e tree, nav gate to User Configurat on, expand the Preferences fo der, and

then expand the W ndows Sett ngs fo der R ght-c ck the Dr ve Maps node, po nt to New, and se ect Mapped Dr ve 4. In the New Dr ve Propert es d a og box, se ect one of the fo ow ng act ons for Group

Po cy to perform ■

Create Creates a new mapped dr ve

■

Replace De etes an ex st ng mapped dr ve, and creates a new one

■

Update Changes spec fic sett ngs of an ex st ng mapped dr ve

■

Delete Removes a mapped dr ve

5. Enter dr ve-map sett ngs, wh ch are descr bed n Tab e 21-5 6. C ck the Common tab, and se ect the opt ons you want For more nformat on, see

“Configur ng Common Opt ons” ater n th s chapter 7. C ck OK The new preference tem d sp ays n the deta s pane

The new mapped dr ve w

d sp ay when a user ogs on (See F gure 21-21 )

Group Policy Preferences

CHAPTER 21 571

■

Remove This Item When It Is No Longer Applied By defau t, Group Po cy doesn’t remove preferences when the GPO s removed from the user or computer Se ect th s opt on and the preference tem s removed when the GPO s removed

■

Apply Once And Do Not Reapply The resu ts of preference tems are rewr tten each t me Group Po cy refreshes, wh ch s every 90 m nutes by defau t Se ect th s opt on and preferences w app y once for the computer, no matter how many users share the computer Se ect th s opt on n User Configurat on and the tem w be app ed once on each computer the user ogs n to

■

Item-Level Targeting You can use tem- eve target ng to app y preference tems to nd v dua users and computers You can nc ude mu t p e preference tems, each ta ored for se ected users or computers and each targeted to app y sett ngs on y to the re evant users or computers

Using Group Policy Preferences for Control Panel In add t on to the W ndows category, you can make preference sett ngs under Contro Pane

Devices Use the Dev ces preference tem to centra ze the enab ng or d sab ng of spec fic types of hardware for users or computers You can configure an ent re c ass of dev ces, such as Ports (COM & LPT), or narrow the se ect on to a part cu ar type of dev ce, such as Commun cat ons Port (COM2) To configure a Dev ce preference tem, fo ow these steps 1. Start the Group Po cy Management Conso e 2. R ght-c ck the GPO that w

conta n the new preference tem and then c ck Ed t

3. In the conso e tree under Computer Configurat on or User Configurat on, expand the

Preferences fo der, and then expand the Contro Pane Sett ngs fo der 4. R ght-c ck Dev ces, po nt to New, and se ect Dev ce 5. In the New Dev ce Propert es d a og box, se ect Use Th s Dev ce (Enab e) or Do Not Use

Th s Dev ce (D sab e) from the Act on drop-down st 6. Enter the Dev ce sett ngs (See Tab e 21-7 for descr pt ons ) 7. C ck the Common tab, and se ect the des red opt ons (For more nformat on, see

“Configur ng Common Opt ons” ear er n th s chapter ) 8. C ck OK The new preference tem appears n the deta s pane

Group Policy Preferences

CHAPTER 21 575

5. Rev ew your se ect on on the Summary Of Se ect ons page C ck Back to change the

se ect ons C ck Next to accept them C ck F n sh Rev ew the Group Po cy Resu ts You can a so r ght-c ck the report name and se ect Advanced V ew (See F gure 21-23 ) Th s w open a Resu tant Set of Po cy w ndow (as shown n F gure 21-24) that deta s every aspect of po cy for the se ected user or computer

Figure 21-23 Group Po cy Resu ts

Figure 21-24 Advanced v ew of Group Po cy Resu ts

Using Group Policy Results

CHAPTER 21 577

Summary In th s chapter, we descr bed some common uses of Group Po cy and Group Po cy Preferences, a n pursu t of organ z ng and centra z ng secur ty and other sett ngs In the next chapter, we move on to configur ng and gather ng reports on your W ndows SBS network’s operat ons

578 CHAPTER 21

Using Group Policy

CHAPTER 22

Managing Reports M

on tor ng and ana yz ng network reports s frequent y far down on an adm n strator’s to-do st Reports get attent on on y when someth ng goes wrong or there’s a strong susp c on that someth ng s about to go horr b y wrong The purpose of th s chapter s to encourage you to schedu e reports and a erts before that oh-no moment arr ves M crosoft W ndows Sma Bus ness Server (SBS) comes w th deta ed reports bu t n These reports are a ready configured and schedu ed, though you can mod fy a sett ngs In add t on, you can create your own reports for spec fic c rcumstances F rst, we’ rev ew the two bu t- n reports, the Summary Network Report and the Deta ed Network Report

Network Reports To v ew the defau t Summary Network Report (a so referred to as “the Summary report” n th s chapter), open the SBS Conso e, c ck Reports, and then h gh ght Summary Network Report as shown n F gure 22-1

Figure 22-1 V ew ng the Summary Network Report

579

Th s report s run once a day by defau t The Deta ed Network Report (or “Deta ed report”), wh ch s shown n F gure 22-2, runs once a week by defau t Both t mes and frequenc es can be reconfigured The summary and deta ed reports have exact y the same opt ons, just configured d fferent y Both have the same content and schedu e opt ons, and you can configure ema opt ons n the same way

Figure 22-2 The week y Deta ed Network Report

Customizing the Summary Report The defau t Summary Network Report rea y doesn’t te you much more than you can see on the Home page of the W ndows SBS Conso e However, you can eas y custom ze t to d sp ay se ected reports on network hea th To custom ze the Summary Network Report, fo ow these steps 1. C ck Reports n the W ndows SBS Conso e 2. R ght-c ck the Summary Network Report and se ect V ew Report Propert es 3. The Summary Network Report Propert es d a og box opens on the Genera page

You can change both the report name and descr pt on by typ ng n new ones C ck Content

580 CHAPTER 22

Managing Reports

4. On the Content page, shown n F gure 22-3, se ect the areas you want to nc ude on

the report

Figure 22-3 Se ect ng the content to nc ude n the Summary Network Report

5. C ck E-Ma Opt ons Se ect the user accounts that shou d rece ve the report when t’s

generated Enter the ema addresses for add t ona rec p ents n the Other E-Ma Addresses box When you enter mu t p e ema addresses, separate each address w th a sem co on 6. C ck Schedu e to spec fy the frequency w th wh ch the report w

the t me t w

be generated and

be generated

7. C ck Arch ves to v ew a st of past reports To see a report, se ect the report and c ck

V ew Report The report w C ck OK when fin shed

d sp ay n an Internet Exp orer w ndow (See F gure 22-4 )

Network Reports

CHAPTER 22 581

Figure 22-4 V ew ng an arch ved Summary Network Report

Note When editing report properties, you don’t need to go through the pages in order.

Select only the ones you need to modify, and click OK when you’re finished.

Customizing the Detailed Network Report To custom ze the Deta ed Network Report, fo ow these steps 1. C ck Reports n the W ndows SBS Conso e 2. R ght-c ck Deta ed Network Report and se ect V ew Report Propert es 3. The Report Propert es d a og box opens on the Genera page You can change both the

report name and descr pt on by typ ng n new ones C ck Content 4. On the Content page, se ect the areas you want to nc ude on the report 5. C ck E-Ma Opt ons Se ect the user accounts that shou d rece ve the report when t’s

generated, as shown n F gure 22-5 Enter the ema addresses for add t ona rec p ents n the Other E-Ma Addresses box When you enter mu t p e ema addresses, separate each address w th a sem co on

582 CHAPTER 22

Managing Reports

Figure 22-5 Se ect ng ema accounts that w

rece ve the report

6. C ck Schedu e to spec fy the frequency w th wh ch the report w

be generated and the t me t w be generated The day of the week and t me can be changed for week y reports, or you can choose a da y report and spec fy the t me of day to generate the report (See F gure 22-6 )

Figure 22-6 Chang ng the report schedu e

Network Reports

CHAPTER 22 583

7. C ck Arch ves to v ew a st of past reports To see a report, se ect t and c ck V ew

Report The report w

d sp ay n an Internet Exp orer w ndow C ck OK when fin shed

Creating a New Report Us ng the same format as the Summary and Deta ed reports, you can bu d a new report to su t your spec fic needs For examp e, et’s say you outsource certa n adm n strat ve tasks and want to send a regu ar secur ty report to the person who hand es t You’d fo ow these steps to create that report 1. C ck Reports n the W ndows SBS Conso e 2. In the Tasks pane, c ck Add A New Report 3. On the Genera page, type n a name and descr pt on for the report 4. C ck Content Se ect the subject or subjects you want nc uded n the report, as shown

n F gure 22-7

Figure 22-7 Se ect ng content for the report

5. C ck E-Ma Opt ons Se ect the addresses to ema the report to and add the addresses

of any others not a ready sted (See F gure 22-8 ) When you enter mu t p e ema addresses, separate each address w th a sem co on

584 CHAPTER 22

Managing Reports

Figure 22-8 Se ect ng ema addresses that w

rece ve the report

6. C ck Schedu e to spec fy the frequency w th wh ch the report w

be generated and the t me t w be generated The day of the week and t me can be changed for week y reports Or you can choose a da y report and spec fy the t me of day to generate the report

7. C ck OK when you’re fin shed to save the new report and add t to the st n the W n-

dows SBS conso e Note The Archives page isn’t available until a report has been saved.

Configuring Alerts W ndows SBS nc udes a arge set of a erts To v ew the a erts, c ck Network n the W ndows SBS Conso e and then se ect Computers In the Tasks pane, c ck V ew Not ficat on Sett ngs In the Not ficat on Sett ngs d a og box, there are three pages of not ficat ons to choose from

Configuring Alerts

CHAPTER 22 585

Alerts for Services On the Serv ces page, shown n F gure 22-9, you’ find a st of serv ces w th the r startup type

Figure 22-9 Sett ng not f cat ons for serv ces

As you can see, many of the serv ces are a ready marked for not ficat on f the serv ce stops Se ect add t ona serv ces for not ficat on, or remove the ones you don’t care about When a se ected serv ce stops, an a ert s sent to the Home page of W ndows SBS Conso e and w a so appear on any subsequent y generated Summary or Deta ed report that nc udes other a erts, as shown n F gure 22-10 Note Click E-Mail Address in the Notification Settings dialog box, and specify an email

address to receive notifications. To send to multiple email addresses, separate them using a semicolon.

586 CHAPTER 22

Managing Reports

Figure 22-10 An ema a ert nd cat ng that serv ces have stopped

Performance Counter Alert A the other a erts n th s sect on are nterest ng and occas ona y very usefu , but the a ert you’ be gratefu for on a regu ar bas s s the one for ow d sk space On the Performance Counter page of the Not ficat on Sett ngs d a og box, Percent Free D sk Space s se ected by defau t w th a thresho d set to five percent (You can c ear the check box to remove the not ficat on, though we’d be hard-pressed to understand why anyone wou d do so ) To change the thresho d for the not ficat on, h gh ght Percent Free D sk Space and then c ck Ed t In the Ed t box, shown n F gure 22-11, enter a thresho d for not ficat on C ck OK when fin shed

Figure 22-11 Chang ng the not f cat on thresho d

Configuring Alerts

CHAPTER 22 587

Event Log Error Alerts On the Event Log Errors page shown n F gure 22-12, a arge number of potent a event og errors are sted

Figure 22-12 Se ect ng event og error not f cat ons

Se ect or c ear errors accord ng to your needs C ck OK when fin shed Note Click E-Mail Address, and specify an email address to receive notifications. To send

to multiple email addresses, use a semicolon to separate addresses.

Creating Custom Alerts Of course, one s ze never fits a You can create a custom a ert that adds a ert nformat on to reports and enab es users to rece ve ema not ficat ons when the spec fied event occurs The custom a ert prov des nformat on about a spec fic event that has occurred, wh ch w enab e a system adm n strator to qu ck y correct a prob em

588 CHAPTER 22

Managing Reports

Creating an Alert for a Stopped Service Creat ng an a ert s a mu t step process but not at a d fficu t In th s examp e, we’ configure an a ert to appear f the Remote Desktop Gateway serv ce stops or fa s to start

Acquire a GUID To create a custom a ert, you need to first acqu re a GUID (g oba y un que dent fier) that w be ass gned to the a ert By far the eas est way to get a GUID s to go to http://www.guidgen. com, where a GUID s generated the moment you connect (See F gure 22-13 ) The GUID s eas y cop ed and pasted nto the Notepad fi e you’re about to create

Figure 22-13 The easy way to get GU Ds

To generate a GUID oca y, comp ete these steps 1. Se ect A Programs from the Start menu and then c ck W ndows PowerShe 2. At the command prompt, type the fo ow ng command [System.Guid]::NewGuid().ToString()

3. Record the GUID that’s returned, as shown n F gure 22-14

Creating Custom Alerts

CHAPTER 22 589

Figure 22-14 Acqu r ng a GU D

Find Event Information Next, you must obta n nformat on about the event that w be assoc ated w th the custom a ert To acqu re the nformat on you need, fo ow these steps 1. Se ect Event V ewer from the Adm n strat ve Too s menu 2. Locate the event og where the event s recorded In th s examp e, we’re creat ng an

a ert that w

appear when a part cu ar serv ce fa s to start

3. In the events pane, shown n F gure 22-15, se ect the event to assoc ate w th the cus-

tom a ert For th s examp e, we’re us ng an event w th the ID of 7036 The event ID w be used ater n th s document, so make note of the number 4. C ck the Deta s tab, and se ect Fr end y V ew Then expand System 5. Make note of the Prov der Name and Channe

Figure 22-15 V ew ng event nformat on

590 CHAPTER 22

Managing Reports

3. Save the fi e as filename xm . 4. Copy the xm fi e to the %programfi es%\W ndows Sma Bus ness Server\Data\Mon -

tor ng\Externa A erts d rectory on the computer that s runn ng the W ndows SBS 2011 operat ng system (You w have to create the Externa A erts d rectory ) 5. Se ect Serv ces from the Adm n strat ve Too s menu 6. R ght-c ck W ndows SBS Manager Serv ce and se ect Restart as shown n F gure 22-16

Figure 22-16 Restart ng the SBS Manager serv ce

Depend ng on the source for the a ert, you m ght not see the not ficat on for some t me W ndows SBS Conso e po s for changes every 30 m nutes, so f you want to check sooner than that, go to the Reports tab, r ght-c ck a report that nc udes Other A erts (such as the Deta ed Network Report), and se ect Generate Report The resu tant report w F gure 22-17

592 CHAPTER 22

Managing Reports

show whether the custom a ert has been act vated, as shown n

Figure 22-17 Report show ng an act vated custom a ert

You can a so v ew the new a ert by c ck ng the Network tab at the top of the SBS Conso e pane, se ect ng the server, and then c ck ng the V ew Computer A erts task (See F gure 22-18 )

Figure 22-18 V ew ng a custom a ert

Creating Custom Alerts

CHAPTER 22 593

Custom Alert for Backup Failure Backups are so cruc a to the secur ty of your network that when one fa s you want to know about t sooner rather than ater Th s sect on exp a ns what you need to create an xm fi e that w generate an a ert

Create a New GUID Acqu re a GUID as descr bed n the ear er “Acqu re a GUID” sect on Make note of the GUID, and fo ow these steps 1. Open NotePad, and add the fo ow ng data to the NotePad fi e, subst tut ng the GUID

you acqu red for GUID <Parameters> <Path>Application Microsoft-Windows-Backup <SetEventID>546

2. Save the fi e w th the xm extens on, shown n F gure 22-19, and copy t nto the

%programfi es%\W ndows Sma Bus ness Server\Data\Mon tor ng\Externa A erts d rectory on the computer that s runn ng the W ndows SBS 2011 operat ng system

594 CHAPTER 22

Managing Reports

Figure 22-19 Backup Fa ure .xm f e

3. Se ect Serv ces from the Adm n strat ve Too s menu R ght-c ck the W ndows SBS Man-

ager Serv ce, and then c ck Restart Note For more on building your own alerts as well as security add-ins, visit http://msdn.

microsoft.com/en-us/library/cc721702.aspx. Additional custom alerts can be downloaded free at http://sbs.codeplex.com.

Summary In th s chapter, we covered the Reports component of the W ndows SBS Conso e Fortunate y, more deta ed not ficat ons can be had through V ew Not ficat on Sett ngs and part cu ar y through dev s ng custom a erts Next, we move on to creat ng and custom z ng a usefu W ndows SharePo nt s te on the network

Summary

CHAPTER 22 595

CHAPTER 23

Customizing a SharePoint Site M

crosoft W ndows Sma Bus ness Server (SBS) 2011 Standard nc udes SharePo nt Foundat on 2010, and the SBS nsta at on automat ca y creates an nterna webs te ca ed Companyweb, wh ch s a custom SharePo nt s te des gned for sma bus nesses Th s defau t s te meets the needs of most sma bus nesses w th tt e custom zat on requ red, but you can eas y add features to Companyweb to make t even more usefu for your env ronment and needs w thout be ng a deve oper or web des gner SharePo nt keeps gett ng better w th each vers on, and who e books have been wr tten about how to create, manage, and deve op for SharePo nt s tes We won’t pretend to try to cover everyth ng, but n th s chapter we’ cover some of the features and configurat on of Companyweb and SharePo nt n genera , and show you how to add a usefu set of nks to RemoteApps

Introducing SharePoint Foundation 2010 SharePo nt Foundat on s a web-based co aborat on and document-management system that s eas y and qu ck y dep oyed to prov de an effect ve ntranet so ut on for bus nesses of a s zes In SBS, SharePo nt s nsta ed automat ca y, and an nterna webs te (http:// companyweb), shown n F gure 23-1, s created and configured w th a range of features that make sense for sma bus nesses Note In this chapter, we shorten SharePoint Foundation 2010 to simply SharePoint.

Microsoft SharePoint 2010, which is designed for hosting multiple, independent SharePoint portals, is a separate product.

597

Figure 23-1 The defau t nterna webs te for SBS 2011 Standard

The ma n center pane of Companyweb has a sect on for announcements and a ca endar sect on On the eft pane are nks nto other ma n areas of the webs te, nc ud ng document brar es, the Fax Center, ca endar and tasks sts, a team d scuss on area, and a photo brary These tems are genera y ava ab e from other pages of the webs te, g v ng you qu ck access w thout hav ng to nav gate back to the home page On the r ght s de of the page s the L nks pane, a p ace to put nks to mportant externa resources or app cat ons that users can run The start ng Companyweb s te s a good start ng po nt, but there are p enty of ways you can extend t and add add t ona features and sect ons w thout hav ng to be a web deve oper Of course, f you are a web deve oper, you can use myr ad opt ons to create add t ona features and funct ona ty SharePo nt s eas y extens b e, and there are good books ava ab e for both profess ona deve opers and nterested users

Understanding SharePoint Items Let’s start by ook ng at the p eces that can make up a SharePo nt s te ■

Libraries L brar es come n var ous formats, nc ud ng

• Document

brar es for stor ng and co aborat ng on documents, nc ud ng bas c vers on ng features

• P cture

598 CHAPTER 23

brar es for stor ng photos and graph cs


■

• Form brar es for stor ng InfoPath form temp ates • W k page brar es that et you bu d nteract ve, bas c w k

s tes

Lists L sts come n var ous formats for present ng and stor ng st-based nformat on, nc ud ng

■

• Commun cat ons sts such as announcements and contacts • Track ng sts such as nks, ca endar, and tasks • Custom sts, nc ud ng a datasheet v ew

Web pages Web pages nc ude a bas c web page, s tes, and workp aces or a web

parts page ■

Discussions A st type used to bu d a bas c forum for ongo ng co aborat ve d scuss ons

■

Tasks Tasks come n both bas c tasks sts and project tasks that nc ude Gantt chart funct ona ty to graph ca y track project status

Understanding SharePoint Roles SharePo nt has five bas c perm ss on eve s on a s te Fu Contro , Des gn, Contr bute, Read, and L m ted Access In SBS 2011 Standard, there are three secur ty groups defined for SharePo nt perm ss ons W ndows SBS SharePo nt V s torsGroup, W ndows SBS SharePo nt MembersGroup, and W ndows SBS SharePo nt OwnersGroup These correspond to three SharePo nt s te ro es for the defau t Companyweb s te CompanyWeb V s tors, CompanyWeb Members, and CompanyWeb Owners The CompanyWeb V s tors group has on y the W ndows SBS SharePo nt V s torsGroup as a member Th s group can read but can’t ed t the s te or ts contents, nor can members of the group add d scuss on tems By defau t, no SBS users are n the W ndows SBS SharePo nt V s torsGroup, though you can move users nto t The CompanyWeb Members group has on y the W ndows SBS SharePo nt MembersGroup as a member Th s group has Des gn perm ss ons and can read, wr te to, and contr bute to the Companyweb s te, nc ud ng post ng to d scuss ons and custom z ng the s te By defau t, a user accounts w th the Standard User ro e and Standard User W th Adm n strat ve L nks ro e are part of th s group The CompanyWeb Owners group has on y the W ndows SBS SharePo nt OwnersGroup as a member Th s group has fu adm n strat ve r ghts on the Companyweb s te and can create new workspaces, change user and s te perm ss ons, and create new user ro es and perm ss ons By defau t, a Network Adm n strators are part of th s group The CompanyWeb Members group s a powerfu group that has the ab ty to change the ook and fee of your Companyweb s te; can add or de ete sect ons, documents, or art c es; and genera y has very near y the fu power of the Owners, w th the so e except on of not

Introducing SharePoint Foundation 2010

CHAPTER 23 599

be ng ab e to contro the perm ss ons of other users As shown n F gure 23-2, there s a esser eve of perm ss ons ca ed Contr bute—wh ch st a ows users to v ew, add, and update content but doesn’t g ve them fu des gn capab t es We th nk th s s a more appropr ate ro e for most users, and you shou d cons der chang ng the defau t perm ss ons for CompanyWeb Members to Contr bute nstead of Des gn

Figure 23-2 The defau t perm ss ons for CompanyWeb Members are Des gn perm ss ons

To change the perm ss ons for a of CompanyWeb Members, fo ow these steps 1. Log on to the Companyweb s te w th an account that has Owners perm ss ons 2. On the ma n Companyweb page, se ect S te Perm ss ons from the S te Act ons drop-

down st to open the Perm ss ons page shown n F gure 23-3

600 CHAPTER 23


Figure 23-3 The Perm ss ons: Companyweb page of the Companyweb s te

3. Se ect the CompanyWeb Members check box, and then c ck Ed t User Perm ss ons on

the r bbon to open the Ed t Perm ss ons page shown n F gure 23-4

Figure 23-4 The Ed t Perm ss ons page for CompanyWeb Members

4. C ear the Des gn – Can V ew, Add, Update, De ete, Approve, And Custom ze check box;

and se ect the Contr bute – Can V ew, Add, Update, And De ete L st Items And Documents check box 5. C ck OK to return to the Perm ss ons Companyweb page


CHAPTER 23 601

From the Perm ss ons Companyweb page, you can a so create a new group and ass gn perm ss ons and users to t, or d rect y add users and ass gn them perm ss ons These perm ss ons are carr ed throughout the s te We strong y recommend that you not start ass gn ng perm ss ons to nd v dua users but st ck to the three ro es If there are users who need Des gn perm ss ons but who shou d not be fu s te Owners, you shou d create an add t ona group named CompanyWeb Des gners spec fica y for them To ed t the perm ss ons for a part cu ar sect on of the Companyweb s te, open that sect on of the s te and then se ect Sett ngs from the Sett ngs drop-down st Here you can customze the part cu ar sect on and ed t the perm ss ons for the sect on As an examp e, et’s mod fy the perm ss ons of the defau t Shared Documents brary to a ow our user “A fie” to have fu contro of the brary, us ng these steps 1. Open http://Companyweb f t sn’t a ready open 2. C ck Shared Documents n the eft pane to open the Shared Documents page, shown

n F gure 23-5

Figure 23-5 The Shared Documents brary of the defau t Companyweb s te

3. C ck L brary on the r bbon, and then c ck the Ed t Perm ss ons button to open the Edit Permissions

Perm ss on Too s tab shown n F gure 23-6

602 CHAPTER 23


Figure 23-6 The Perm ss on Too s tab for the Shared Documents brary

4. C ck Stop Inher t ng Perm ss ons to enab e sett ng un que perm ss ons for th s brary,

wh ch nher ts perm ss ons by defau t from the parent s te You’ be warned that th s w d sab e nher tance, as shown n F gure 23-7

Figure 23-7 D sab ng perm ss on nher tance for a document brary

Important This is a good time to emphasize that when you change permissions on

a portion of a site, you lose the inheritance that makes it easy to keep track of what permissions are granted. If you do need to change permissions as we are in this example, be sure to clearly document the changes. Or resist the temptation and find another way to manage things. It is possible, however, to revert to inherited permissions.

5. Se ect the group that you want to set perm ss ons for, as shown n F gure 23-8


CHAPTER 23 603

Figure 23-8 The Shared Documents brary now has un que perm ss ons

6. C ck the button that corresponds to the perm ss on change you want to make You can

re-enab e nher ted perm ss ons, grant spec fic perm ss ons to nd v dua s or groups, ed t the ex st ng perm ss ons, deny perm ss ons, or check the perm ss ons sett ngs for a ro e 7. C ck Ed t to open the Ed t Perm ss ons d a og box to change the perm ss ons for th s

brary for the ro e you have se ected, as shown n F gure 23-9

Figure 23-9 Sett ng the Shared Documents brary to a ow Fu Contro perm ss ons for CompanyWeb Members

604 CHAPTER 23


8. C ck Grant Perm ss ons on the r bbon to open the Grant Perm ss ons d a og box shown

n F gure 23-10 From here you can add nd v dua users or groups, bypass ng the defau t ro es n SBS 2011

Figure 23-10 The Add Users: Shared Documents page

9. Type Alfie n the Users/Groups box, and c ck the Check Names button n the ower

r ght of the box SharePo nt ver fies the user and subst tutes h s fu name, A fredo Fettucc ne 10. Se ect Fu Contro – Has Fu Contro from the Grant Users Perm ss on D rect y sect on 11. If you want to send A fie an ema message te ng h m that he’s n charge now, se ect

the Send We come E-ma To The New Users check box and ed t the message as appropr ate 12. C ck OK to make the change and return to the Perm ss ons Shared Documents page

shown n F gure 23-11, where A fie now has fu contro


CHAPTER 23 605

Figure 23-11 The Perm ss ons: Shared Documents page of the Companyweb s te

Customizing Companyweb You can custom ze Companyweb to add add t ona sts, nks, and brar es Work ng w th a SharePo nt s te to custom ze t s pretty stra ghtforward and fo ows a s m ar og c wherever you are We’ start by add ng a regu ar IT team meet ng and creat ng a workspace for t that a ows IT team members to fi e the r reports ahead of t me and add comments to others’ reports

Adding a Workspace Add ng a workspace creates an area where a group of users can d rect y nteract and share documents and d scuss ons, separate from the overa document brar es For our examp e, et’s first create a recurr ng meet ng and ass gn users to the meet ng, fo ow ng these steps 1. From the ma n Companyweb page, c ck Add New Event n the Ca endar sect on of the

center pane to open the Ca endar – New Item page 2. Type n a t t e and ocat on for th s meet ng, set the t me and date to next Monday at

9 AM, fin sh ng at 10 AM, and add a descr pt on as shown n F gure 23-12

606 CHAPTER 23


Figure 23-12 Add ng a new Ca endar tem

3. Se ect the Make Th s A Repeat ng Event check box The Recurrence sect on w

expand


Figure 23-13 The Make Th s A Repeat ng Event sect on of a new Ca endar tem

Customizing Companyweb

CHAPTER 23 607

4. Set the meet ng for Week y, and set t to end after 10 occurrences 5. Se ect the Use A Meet ng Workspace check box, and c ck Save to open the New Meet-

ng Workspace page shown n F gure 23-14

Figure 23-14 Creat ng a new workspace for the T team meet ng

6. Se ect Use Un que Perm ss ons n the User Perm ss ons sect on, and c ck OK to open

the Temp ate Se ect on page 7. Se ect Bas c Meet ng Workspace for th s meet ng, and c ck OK to open the Set Up

Groups For Th s S te page shown n F gure 23-15 8. Add users as members of th s s te by se ect ng the Create A New Group opt on and

typ ng n the r account names, separated by sem co ons C ck the Check Names con to ver fy the names 9. To add add t ona owners, repeat the prev ous step w th names for the owners of th s

s te 10. When you’ve set the perm ss ons as you want, c ck OK to open the workspace you’ve

created, as shown n F gure 23-16

608 CHAPTER 23


Figure 23-15 The Set Up Groups For Th s S te page

Figure 23-16 The new Week y T Team Meet ng workspace


CHAPTER 23 609

11. C ck Manage Attendees to open the Attendees page, and c ck the Items tab Then

c ck New Item to open the Attendees – New Item page shown n F gure 23-17 Type n the name for the attendee and c ck Save

Figure 23-17 The Attendees

New tem page

12. Repeat the prev ous step unt you’ve added a the attendees to the st, as shown n

F gure 23-18

Figure 23-18 Attendees have been added to our team meet ng.

610 CHAPTER 23


13. C ck Nav gate Up next to the S te Act ons button to return to the ma n page for th s

workspace 14. C ck Add New Item n the Agenda sect on to create an agenda for the current meet-

Navigate Up

ng, as shown n F gure 23-19

Figure 23-19 Add ng an agenda tem to the meet ng

15. Repeat the prev ous step as requ red to add tems to the agenda, as shown n

F gure 23-20


CHAPTER 23 611

Figure 23-20 The agenda for the next T team meet ng s f ed out

16. Use the Nav gate Up button to nav gate back to the ma n Companyweb page

SharePo nt Foundat on 2010 supports add t ona types of s tes and brar es beyond workspaces, as shown n F gure 23-21 One rea y usefu brary type s the W k Page L brary Addng any of these s an essent a y s m ar process to add ng the workspace we’ve just added, though the part cu ar steps and opt ons w be d fferent for d fferent types

612 CHAPTER 23


Figure 23-21 You can create new brar es, sts, pages and s tes to support a w de var ety of co aborat on

Adding RemoteApps Links If you have an RD Sess on Host on your network and you’re us ng RemoteApp programs, you can extend your Companyweb s te to add nks to those RemoteApp programs d rect y on your users’ home page The process has four bas c steps 1. Add the RD Web Access ro e serv ce on the SBS 2011 Standard server 2. Reg ster the Web Part as a safe contro 3. Create a fo der to store the Web Part 4. Add the Web Part to Companyweb

The first two steps nvo ve the nat ve W ndows 2008 R2 Server Manager If you need a refresher on Server Manager, see Chapter 17, “W ndows SBS Conso e vs Server Manager ”


CHAPTER 23 613

Add the RD Web Access Role Service The defau t nsta at on of SBS nc udes the funct ona ty of the RD Gateway ro e serv ce of Remote Desktop Serv ces, but t doesn’t actua y nc ude any of the Remote Desktop Serv ces ro e and doesn’t nc ude the RD Web Access ro e serv ce So the first th ng you need to do s add the Remote Desktop Serv ces ro e and the RD Web Access ro e serv ce, us ng the fo owng steps 1. Open W ndows Server 2008 R2 Server Manager from the Start menu 2. C ck Ro es, and then c ck Add Ro es from the Act on menu to open the Se ect Server

Ro es page shown n F gure 23-22


3. Se ect Remote Desktop Serv ces and c ck Next to open the Remote Desktop Serv ces

page that nc udes an ntroduct on to Remote Desktop Serv ces 4. C ck Next to open the Se ect Ro e Serv ces page shown n F gure 23-23

614 CHAPTER 23


Figure 23-23 The Se ect Ro e Serv ces page of the Add Ro es W zard

5. C ck Next and then c ck Insta to add the RD Web Access ro e serv ce to the SBS

server When the nsta at on comp etes, you’ see the Insta at on Resu ts page shown n F gure 23-24, warn ng you that you’ need to do some add t ona configurat on to RD Web Access Note In most cases, you won’t need to restart the SBS server when you add this role

service, but you might need to add additional updates the next time the server checks for updates.


CHAPTER 23 615

Figure 23-24 The nsta at on Resu ts page of the Add Ro es W zard

6. C ck C ose to return to Server Manager You can c ose the Server Manager conso e;

we’re done w th t for now

Configure RD Web Access You need to do some bas c configurat on of RD Web Access and of your RD Sess on Host server to enab e the Web Part to work F rst, og on to your RD Sess on Host and fo ow these steps to add the SBS server to the st of RD Web Access computers a owed to connect to Remote Desktop Serv ces 1. Open a command prompt as an Adm n strator 2. At the command prompt, type lusrmgr.msc and press Enter to open the Loca Users

And Groups conso e 3. Se ect Groups n the eft pane, and then open the TS Web Access Computers group

n the center pane to open the TS Web Access Computers Propert es page shown n F gure 23-25

616 CHAPTER 23


Figure 23-25 The TS Web Access Computers oca group propert es on the RD Sess on Host

server

4. C ck Add, and then c ck Object Types and se ect Computers as shown n F gure 23-26

Figure 23-26 The Object Types d a og box

5. C ck OK, and then type the name of your SBS server n the Enter The Object Names

To Se ect fie d and c ck Check Names Then c ck OK to return to the Propert es d a og box 6. C ck OK to return to Loca Users And Groups You can c ose the conso e and then c ose

your sess on on the RD Sess on Host Next, you need to configure RD Web Access to use your RD Sess on Host Open Internet Exp orer and fo ow these steps 1. Connect to https://remote./RDWeb For our doma n, that s https://

remote.sbsexample.com/RDWeb, as shown n F gure 23-27


CHAPTER 23 617

Figure 23-27 Logg ng on to the RDWeb s te

2. Log on to the s te w th an account n the Network Adm n strator ro e to open the Con-

figurat on page of Remote Desktop Serv ces Defau t Connect on, as shown n F gure 23-28

Figure 23-28 The Conf gurat on page of the Remote Desktop Serv ces Defau t Connect on s te

618 CHAPTER 23


3. Enter the NetBIOS name of your RD Sess on Host server n the Source Name fie d, and

then c ck OK to c ose the Configurat on page and open the RemoteApp Programs page shown n F gure 23-29

Figure 23-29 The RemoteApp Programs page of the Remote Desktop Serv ces Defau t Connec

t on s te

Register the Web Part as Safe Next you need to reg ster the Web Part you’re go ng to use as a safe control Th s a ows t to run w thout need ng an e evated prompt To reg ster the Web Part, fo ow these steps 1. Open an e evated Cmd or PowerShe command prompt us ng Run As Adm n strator 2. Change to the d rectory where the configurat on fi e for Companyweb s, and open

web config n Notepad or your favor te p a n-text ed tor as shown n F gure 23-30 by enter ng the fo ow ng commands cd “C:\inetpub\wwwroot\wss\VirtualDirectories\Companyweb80” notepad web.config


CHAPTER 23 619

Figure 23-30 Ed t ng the web.conf g f e for Companyweb

3. In the web config fi e, ocate the <SafeContro s> sect on of the fi e At the end of the

sect on of SafeContro Assemb y entr es, add the fo ow ng ne <SafeControl Assembly=”TSPortalWebPart, Version=6.1.0.0, Culture=neutral,PublicKe yToken=31bf3856ad364e35” Namespace=”Microsoft.TerminalServices.Publishing.Portal” TypeName=”*” Safe=”True” AllowRemoteDesigner=”True” />

Note Add this as a single line, with no line breaks.

4. Save the change and ex t Notepad Keep the e evated command prompt open You’

need t n the next sect on Important Always make a copy of important files before editing them—just in case.

Create a Folder to Store the Web Part Next you need to create a fo der to ho d the Web Part and ts mages, and to g ve the Network Serv ces account fu contro on the fo der Use the fo ow ng steps 1. In the e evated command prompt from the prev ous sect on, type the fo ow ng

commands mkdir “C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ wpresources\TSPortalWebPart\6.1.0.0__31bf3856ad364e35\images” mkdir “C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ wpresources\TSPortalWebPart\6.1.0.0__31bf3856ad364e35\rdp”

Note Notice the two underscores after 6.1.0.0 in the preceding command lines.

620 CHAPTER 23


2. Change the d rectory to the parent fo der of the two fo ders you just created cd “C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ wpresources\TSPortalWebPart\6.1.0.0__31bf3856ad364e35”

3. G ve the Network Serv ce account and the spwebapp account fu contro over the two

fo ders you created n step 1 cmd /c icacls images /grant NetworkService:F cmd /c icacls images /grant spwebapp:F cmd /c icacls rdp /grant NetworkService:F cmd /c icacls rdp /grant spwebapp:F

4. C ose the Command Prompt w ndow f you see a success message

Add the Web Part to Companyweb F na y, the reason you’re do ng a th s—to add the Web Part to Companyweb, fo ow these steps 1. Open Companyweb w th an account that has SharePo nt Owners pr v eges 2. Se ect S te Sett ngs from the S te Act ons menu to open the S te Sett ngs page shown

n F gure 23-31

Figure 23-31 The S te Sett ngs page for the Companyweb s te


CHAPTER 23 621

3. C ck Web Parts under the Ga er es sect on to open the Web Part Ga ery page, as


Figure 23-32 The Web Part Ga ery page

4. C ck the Documents tab and then c ck New Document to open the New Web Parts

page Scro down to the bottom, and se ect the M crosoft Term na Serv ces Pub sh ng Porta TSPorta WebPart check box as shown n F gure 23-33 5. C ck Popu ate Ga ery (back at the top of the page) to add the Web Part, and return to

the Web Part Ga ery 6. C ck the Nav gate Up button to return to the ma n Companyweb page 7. Se ect Ed t Page from the S te Act ons menu to open Companyweb n ed t mode, as


622 CHAPTER 23


Figure 23-33 Add the TSPorta WebPart to the Web Part Ga ery

Figure 23-34 The Companyweb s te n ed t mode


CHAPTER 23 623

8. C ck the Insert tab, and then c ck Web Part to open the Web Parts d a og box shown

n F gure 23-35

Figure 23-35 Ed t ng the Companyweb s te to add a Web Part

9. C ck M sce aneous n the Categor es pane, se ect TSPorta WebPart, and then c ck Add

to add the Web Part to your Companyweb page 10. The new Web Part w

be automat ca y popu ated w th the RemoteApps ava ab e on

your RD Sess on Host Th s just beg ns to scratch the surface of what you can do w th SharePo nt and the Companyweb s te, but we th nk the new features that are enab ed w th SharePo nt Foundat on 2010 are exc t ng And hav ng our RemoteApps on the Companyweb page s a great add t on

Summary In th s chapter, we covered custom z ng the defau t SharePo nt s te, Companyweb We’ve shown how to mod fy perm ss ons, add a workspace, and mod fy the s te to use Companyweb as an RD Web Access porta for runn ng remote app cat ons d rect y from Companyweb In the next part, we move on to nsta ng and us ng the Prem um Add-on features, nc udng nsta ng the second server, nsta ng M crosoft SQL Server 2008 R2, and configur ng Remote Desktop Serv ces on the second server

624 CHAPTER 23


Part V

Premium Edition Features CHAPTER 24

Insta ng the Second Server 627

CHAPTER 25

Insta ng M crosoft SQL Server 2008 R2 Standard Ed t on for Sma Bus ness 657

CHAPTER 26

Add ng a Term na Server 673

CHAPTER 24

Installing the Second Server M

crosoft W ndows Sma Bus ness Server 2011 Standard (W ndows SBS 2011) w th Prem um Add-on nc udes a fu copy of W ndows Server 2008 R2 Standard that can be used for any purpose des red, as ong as t’s nsta ed on the SBS network Because W ndows Server 2008 R2 s ava ab e on y n a 64-b t vers on, the Prem um Add-on nc udes downgrade r ghts to W ndows Server 2008 Standard, wh ch has both 32-b t and 64-b t vers ons Th s a ows you to support ne-of-bus ness (LOB) app cat ons that don’t yet support a 64-b t operat ng system Because the second server s fu W ndows Server 2008 R2 Standard, you can nsta any of the norma ro es and features on the server as you wou d any other copy of W ndows Server 2008 R2 Standard, nc ud ng Hyper-V and Remote Desktop Serv ces (the new name for Term na Serv ces) W ndows Server 2008 R2 Standard nc udes “1+1” v rtua zat on cens ng, a ow ng for v rtua zat on of a s ng e nstance of W ndows Server as a ch d part t on—but on y f the parent part t on s used so e y for the Hyper-V ro e We th nk a very nterest ng scenar o s to nsta the second server as a Hyper-V parent, and then nsta the second server aga n, v rtua zed to support any add t ona ro es and features, nc ud ng M crosoft SQL Server (covered n Chapter 25, “Insta ng M crosoft SQL Server 2008 R2 Standard Ed t on for Sma Bus ness”) and the Remote Desktop Sess on Host ro e (covered n Chapter 26, “Add ng a Term na Server”) Another cho ce for some env ronments w be to nsta the second server as an add t ona doma n contro er Th s can make a ot of sense f the second server s go ng to be used to support a remote s te—for examp e, where a oca nfrastructure server, w th Act ve D rectory Doma n Serv ces, DNS, DHCP, F e Server, and Pr nt Server ro es wou d ke y be nsta ed

Minimum System Requirements There are no spec a requ rements for nsta ng the second server that make t d fferent from nsta ng any other vers on of W ndows Server 2008 R2 Your m n mum requ rements and steps rema n the same The offic a m n mum requ rements are shown n Tab e 24-1, a ong w th our commentary on those requ rements and suggested rea -wor d m n mums

627

Installation Insta ng W ndows Server 2008 R2 from standard d str but on med a onto a c ean server w th no operat ng system on t requ res just seven screens at the very beg nn ng, and the ent re rest of the nsta at on w comp ete w thout further nterrupt on You don’t need to enter any network nformat on, computer name, doma n name, or other nformat on except the actua PID assoc ated w th the nsta at on and the anguage to nsta Use the fo ow ng steps to nsta W ndows Server 2008 R2 onto a bare server us ng standard DVD med a 1. Turn on the server, and mmed ate y nsert the W ndows Server 2008 R2 DVD for the

W ndows Server 2008 arch tecture you want to nsta If the pr mary hard d sk hasn’t got a bootab e operat ng system on t, you’ go d rect y nto the W ndows Server 2008 R2 nsta at on process If the d sk has a bootab e operat ng system on t, you m ght be prompted w th Press Any Key To Boot From CD Or DVD If you are, press a key 2. When the n t a Insta W ndows page appears, shown n F gure 24-1, se ect the an-

guage and other reg ona sett ngs to use for th s nsta at on

Figure 24-1 The n t a page of the nsta W ndows W zard

3. C ck Next to open the page shown n F gure 24-2 From here, you can choose to repa r

a corrupted W ndows Server 2008 R2 nsta at on, or get add t ona nformat on before nsta ng

630 CHAPTER 24


Figure 24-2 The nsta Now page of the nsta W ndows W zard

4. C ck Insta Now to open the Type Your Product Key For Act vat on page of the Insta

W ndows W zard as shown n F gure 24-3 (If you’re nsta ng a vo ume cense vers on of W ndows Server 2008 R2, you won’t see th s screen )

Figure 24-3 The Type Your Product Key For Act vat on page of the nsta W ndows W zard

Installation and Initial Configuration

CHAPTER 24 631

5. Type n a product key for th s nsta at on of W ndows Server 2008 R2 (See the Under

The Hood s debar “PID- ess Insta s” ear er n th s chapter for nformat on on nsta ng w thout enter ng a product key for those vers ons that st have th s screen ) 6. Leave the Automat ca y Act vate W ndows When I’m On ne check box se ected un ess

you need to contro when act vat on occurs 7. C ck Next to open the Se ect The Operat ng System You Want To Insta page of the In-

sta W ndows W zard as shown n F gure 24-4 If you’re nsta ng a vers on that a ows you to enter a product key, you’ on y see a st of vers ons that match the product key you entered

Figure 24-4 The Se ect The Operat ng System You Want To nsta page of the nsta W ndows

W zard

8. Se ect e ther a Fu Insta at on or a Server Core Insta at on Th s se ect on s rrevo-

cab e—you can’t change an nsta at on at a ater t me from Fu to Server Core, or from Server Core to Fu (For deta s on nsta ng and configur ng W ndows Server 2008 R2 Server Core or the free M crosoft Hyper-V Server R2, see Chapter 6, “Configur ng SBS n Hyper-V,” where we prov de some scr pts to s mp fy the process ) 9. C ck Next to open the P ease Read The L cense Terms page Se ect I Accept The L cense

Terms You don’t have a cho ce—e ther accept them or the nsta at on term nates 10. C ck Next to open the Wh ch Type Of Insta at on Do You Want page, and se ect Cus-

tom (Advanced) to open the Where Do You Want To Insta W ndows page shown n F gure 24-5

632 CHAPTER 24


New in SBS 2008 and Windows Server 2008 R2 is the ability to extend existing partitions, even during the installation process. Although this isn’t a feature that matters in completely new installations, it can be a useful feature when you’re recycling a computer. You can extend a partition onto available unallocated space on the same disk.

Note If you need to open a command window during the installation process, just press

Shift+F10. Now you can manually run Diskpart.exe or any other tool available at this point in the process to manually load a driver or fine-tune partitioning.

When the nsta at on comp etes, W ndows Server 2008 R2 w restart and proceed to the ogon screen You’ need to enter a new password for the Adm n strator account, as shown n F gure 24-8, and then og on to the new server

Figure 24-8 Sett ng the n t a password for the Adm n strator account

When you og on, you’ see the In t a Configurat on Tasks (ICT) W zard, shown n F gure 24-9, wh ch makes the n t a setup of your new server easy


CHAPTER 24 635

Figure 24-9 The n t a Conf gurat on Tasks W zard for W ndows Server 2008 R2

Initial Configuration After the SBS Prem um second server nsta at on comp etes, there are st qu te a few tasks to perform The bas c requ rements haven’t changed—they’ve just been sh fted to after, nstead of dur ng, the nsta At m n mum, you’ need to perform the fo ow ng tasks on a fresh server nsta at on ■

Ass gn the n t a Adm n strator account password

■

Insta any hardware dr vers requ red

■

Set the t me zone

■

Configure the network ng

■

Ass gn a name to the server

■

Jo n the server to the SBS doma n

■

Configure automat c updates and automat c feedback sett ngs

■

Check for updates and nsta them

636 CHAPTER 24


The first of those tasks, ass gn ng the Adm n strator account password, s requ red before you can og on for the first t me, so we’ve a ready covered that There are add t ona tasks on the In t a Configurat on Tasks (ICT) W zard that you probab y want to perform as part of your n t a setup ■

Act vate W ndows

■

Add server ro es

■

Add server features

■

Enab e Remote Desktop

■

Configure W ndows F rewa

■

Exact y wh ch ro es and features you’ need to nsta var es depend ng on what the server w be used for We’ cover the bas cs of add ng a feature here, by add ng the W ndows Backup feature And n Chapter 26, we’ cover add ng ro es n more deta We’ enab e Remote Desktop because the SBS 2011 Group Po cy that enab es Remote Desktop doesn’t app y to servers, though t m ght get automat ca y enab ed n t a y unt the new server s moved to the correct organ zat ona un t (OU) W ndows F rewa shou d be configured automat ca y by the ro e and feature w zards and Group Po cy

Install Hardware Drivers There’s a m ss ng p ece n the ICT W zard—no d rect way to add hardware dr vers for any hardware on the server that sn’t recogn zed M crosoft makes every effort to get as many dr vers as poss b e on the nsta at on DVD, but the rea ty s that new hardware w cont nue to be re eased, and the dr vers are m ted to what was ava ab e when W ndows Server 2008 R2 sh pped So some hardware m ght requ re dr vers that aren’t on the DVD If these are dr vers for hard d sk contro ers, you a ways have the opt on of add ng them dur ng the nsta at on, but for other hardware you need to wa t unt W ndows Server 2008 R2 s nsta ed After the nsta at on comp etes and you’ve ogged on, you can nsta add t ona dr vers as requ red We th nk t’s a good dea to do th s as the first step before configur ng any sett ngs n the ICT Th s s espec a y mportant f your network card sn’t recogn zed, because you’ need connect v ty to the SBS network to comp ete the rest of the ICT

Setting the Time Zone Dur ng the n t a nsta at on, W ndows w p ck a t me zone (probab y not the one you’re n un ess you ve on the west coast of North Amer ca) and w a so set the current date and t me based on your computer’s BIOS To set the date and t me, as we as the current t me zone, c ck the nk on the ICT W zard to open the Date And T me d a og box shown n F gure 24-10 After you’ve set your server’s c ock and t me zone, c ck App y and then c ck OK to return to the ICT W zard


CHAPTER 24 637

Configuring Networking Next on the st s configur ng your network ng By defau t, your new server has enab ed both IPv4 and IPv6, and w th the DHCP server runn ng on the ma n SBS 2011 server, you shou d have automat ca y ass gned IP addresses For servers, we h gh y recommend that at east the IPv4 address be a fixed address In most scenar os, the IPv6 address can be a state ess autoconfigurat on address Note If no DHCP server is available, the server will have a link-local address—an auto-

configuration IP address that is unique on the network but won’t be forwarded by routers to another network. These IP addresses begin with 169.254. If your second server has an IP address in this range, check for problems with the physical network connecting the second server to the SBS server, or for problems with the DHCP Server service on the main SBS 2011 server.

To configure the network ng and set a fixed IP address for the server, fo ow these steps 1. C ck Configure Network ng n the In t a Configurat on Tasks w ndow to open the Net-

work Connect ons Contro Pane app cat on shown n F gure 24-11

Figure 24-11 The Network Connect ons Contro Pane app cat on

2. R ght-c ck the connect on you want to configure and se ect Propert es from the short-

cut menu to open the Loca Area Connect on Propert es d a og box, shown n F gure 24-12


CHAPTER 24 639

Figure 24-12 The Loca Area Connect on Propert es d a og box

3. Se ect Internet Protoco Vers on 4 (TCP/IPv4), and c ck Propert es 4. Se ect Use The Fo ow ng IP Address, as shown n F gure 24-13

Figure 24-13 The nternet Protoco Vers on 4 (TCP/ P) Propert es d a og box

5. Enter an IP address, a subnet mask, and a defau t gateway appropr ate to your net-

work Th s shou d be n the range exc uded from the SBS 2011 DHCP server range

640 CHAPTER 24


■

hp160-win7-01 (It’s running on that same Hewlett-Packard DL160SE G6, it’s a Windows 7 VM, and it’s the first one we created.)

■

hp160-v32- 03 (It’s running on that same Hewlett-Packard DL160SE G6, it’s a 32-bit Windows Vista VM, and it’s the third one we created.)

We know it’s a boring way to name things, but we think it’s a lot easier to understand than trying to remember that Zeus is the main SBS server and Athena is the second server running SQL Server.

You can save a reboot f you change the computer name and doma n at the same t me Both requ re a reboot that w prevent other tasks from be ng comp eted, but fortunate y they can be pa red To set the name and doma n, fo ow these steps 1. C ck Prov de Computer Name And Doma n n the ICT W zard to open the System

Propert es d a og box shown n F gure 24-14

Figure 24-14 The System Propert es d a og box

2. You can enter a descr pt on for th s computer f you want, but t’s hard y ever v s b e

and thus not terr b y usefu 3. C ck Change to open the Computer Name/Doma n Changes d a og box shown n

F gure 24-15

642 CHAPTER 24


Figure 24-15 The Computer Name/Doma n Changes d a og box

4. Type n a computer name cons stent w th your nam ng convent on, and then c ck Do-

ma n to type n the SBS doma n name Note You can use either the NetBIOS version of the domain name (EXAMPLE, here) or

the DNS version (example.local).

5. C ck OK You are prompted for credent a s to perform the change, as shown n F gure

24-16 Th s shou d be the adm n strator account you chose for the SBS doma n

Figure 24-16 You must prov de adm n strat ve credent a s for the SBS doma n

6. C ck OK If there aren’t any prob ems, you’ get a We come message ke that shown n

F gure 24-17


CHAPTER 24 643

Figure 24-17 The We come message ets you know you re now jo ned to the doma n

7. C ck OK to acknow edge the We come message You’ be warned that you need to re-

start the server before the changes take fu effect C ck OK, and then c ck C ose Then c ck Restart Now Important It’s tempting at this point to try to delay the reboot to see if you can

squeeze a few more things in before having to wait for the server to shut down and restart. And we understand the temptation—we’re big fans of minimizing the number of reboots required and doing as many things as we can when we know we’re going to have to reboot. But this is the one time we think you shouldn’t do it. You need to get that new name and security in place before anything else happens.

8. After the server has rebooted, og on w th an SBS account—not the oca adm n strator

account—to comp ete the configurat on of the server

Enable Updates and Feedback The next group of sett ngs on the ICT W zard s used to set how updates are hand ed and what feedback s sent to M crosoft The first sett ng n th s sect on of the ICT W zard s to actua y configure what sett ngs are used for updates and feedback You can make three bas c cho ces when you c ck Enab e Automat c Updat ng And Feedback on the ICT W zard ■

W ndows and M crosoft Update sett ngs

■

W ndows Error Report ng sett ngs

■

Customer Exper ence Improvement Program sett ngs

To configure these sett ngs, fo ow these steps 1. On the In t a Configurat on Tasks W zard, c ck Enab e Automat c Updat ng And Feed-

back to open the d a og box shown n F gure 24-18 2. Un ess you rea y want your server to be automat ca y down oad ng and nsta ng

updates w th no warn ng, and w th automat c reboots (aga n w thout warn ng), do not se ect Enab e W ndows Automat c Updat ng And Feedback 3. C ck Manua y Configure Sett ngs to open the d a og box shown n F gure 24-19

644 CHAPTER 24


Figure 24-18 The Enab e W ndows Automat c Updat ng And Feedback d a og box

Figure 24-19 The Manua y Conf gure Sett ngs d a og box

4. You can’t change the sett ngs for W ndows Automat c Updat ng—these are contro ed

by Group Po cy and are set n the SBS Conso e, as descr bed n Chapter 15, “Manag ng Software Updates ” 5. C ck Change Sett ng n the W ndows Error Report ng sect on to open the W ndows

Error Report ng Configurat on d a og box shown n F gure 24-20


CHAPTER 24 645

Figure 24-20 The W ndows Error Report ng Conf gurat on d a og box

6. Se ect how you want error reports hand ed We th nk that automat ca y send ng at

east summary reports, and preferab y deta ed reports, s good for a of us See the Under the Hood s debar “W ndows Error Report ng” for more nformat on on what s sent and why we care After you’ve made your se ect on, c ck OK to return to the Manua y Configure Sett ngs d a og box, shown ear er n F gure 24-19 7. C ck Change Sett ng n the Customer Exper ence Improvement Program sect on to

open the Customer Exper ence Improvement Program Configurat on d a og box shown n F gure 24-21

Figure 24-21 The Customer Exper ence mprovement Program Conf gurat on d a og box

646 CHAPTER 24


Figure 24-22 The W ndows Update d a og box

If updates are ava ab e, they’ be d sp ayed and you can choose to nsta them mmed ate y The defau t s to connect to W ndows Server Update Serv ces (WSUS) runn ng on the ma n SBS server Insta the updates, and get the reboot out of the way

Customizing the Server The fina sect on of the ICT W zard s used to add ro es and features to the server, enab e remote access, and configure W ndows F rewa We can fina y get down to actua y sett ng the server up to do some rea work A the rest has just been gett ng ready We’ cover add ng ro es to the server when we ta k about Remote Desktop Sess on Host (Term na Server) n Chapter 26 Ro es are a new way that W ndows Server 2008 R2 groups s m ar funct ona ty together for nsta at on and configurat on A ro e s a spec fic set of funct ona ty that the server needs for a part cu ar set of uses Ro es can a so have ro e serv ces, wh ch are subsets of the funct ona ty n the ro e and can be nsta ed on y as part of the ro e Features can be nsta ed on any server, w thout be ng spec fic to a part cu ar funct on of how the server w be used We th nk that at east one feature, the W ndows Server Backup Features ( nc ud ng the commandne too s), shou d be nsta ed on every server that sn’t backed up by some other too , so we’ cover that nsta at on here The other two sett ngs n th s ast sect on of the ICT W zard are enab ng Remote Desktop and configur ng W ndows F rewa

648 CHAPTER 24


Adding the Windows Server Backup Features W ndows Server Backup s the new backup ut ty ntroduced n W ndows Server 2008 and s gn ficant y enhanced n W ndows Server 2008 R2 It nc udes a graph ca user nterface (GUI) by defau t, but a so has commandne too s ( nc ud ng W ndows PowerShe cmd ets) ava ab e Whenever you add the W ndows Server Backup features, you shou d nc ude the commandne too s to ensure that you can scr pt backups You can’t back up your new server unt you nsta the W ndows Server Backup features To add the features from the ICT W zard, fo ow these steps 1. C ck Add Features n the In t a Configurat on Tasks W zard to open the Add Features

W zard, shown n F gure 24-23

Figure 24-23 The Se ect Features page of the Add Features W zard

2. Scro down to near the bottom of the Features st, and se ect W ndows Server Backup

Features, nc ud ng a subfeatures, as shown n F gure 24-23 3. C ck Next to open the confirmat on page You’ see a st of features that are go ng to

be nsta ed and a warn ng that th s m ght requ re a reboot Don’t worry, the server w not reboot as ong as th s s the on y feature you’re nsta ng 4. C ck Insta to beg n the actua nsta at on When the nsta at on comp etes, you’ see

the Insta at on Resu ts page Any prob ems w be h gh ghted here, or t w s mp y report that the nsta at on was successfu C ck C ose to ex t the Add Features W zard


CHAPTER 24 649

Remote Desktop Next on the ICT W zard st s a nk to enab e Remote Desktop Remote Desktop a ows adm n strators to connect d rect y to the server w thout hav ng to s t down at the conso e n the server room W ndows Server 2008 R2 ntroduces vers on 7 of the Remote Desktop Protoco (RDP) The Remote Desktop C ent vers on 7 s nc uded n W ndows 7 and W ndows Server 2008 R2, and vers on 7 c ents for W ndows XP SP3 and W ndows V sta SP1 and SP2 are down oadab e from M crosoft Know edge Base Art c e 969084 at http://support.microsoft. com/kb/969084 Vers on 7 of RDP nc udes many mprovements over ear er vers ons, nc ud ng 32-b t co or, server authent cat on, W ndows Med a P ayer red rect on, Aero g ass support, and RemoteApps support For remote adm n strat on of a server, the most mportant mprovement s server authent cat on, wh ch ensures that you are actua y connect ng to the computer you th nk you are At th s po nt, w th a fresh y nsta ed W ndows Server, you’ see that Remote Desktop has been automat ca y enab ed But t won’t ast After you move the server to the correct organ zat ona un t (OU), t w ose that Group Po cy sett ng and you’ need to redo t So the best th ng to do s first move the server to the correct OU now, us ng the fo ow ng steps 1. On the W ndows SBS 2011 server, og n w th an account that s n the Network Adm n-

strator ro e 2. Open the Act ve D rectory Users And Computers conso e by typ ng dsa.msc n the

Search fie d of the Start menu 3. Nav gate to the MyBus ness, Computers, SBSComputers OU as shown n F gure 24-24

Figure 24-24 The Act ve D rectory Users And Computers conso e

650 CHAPTER 24


4. C ck the server you just added to the doma n (xmp -rds-05 n our case), and drag the

server to the SBSServers OU 5. You’ get a warn ng about mov ng objects n Act ve D rectory Doma n Serv ces, as

shown n F gure 24-25 In th s case, you can gnore the warn ng, so c ck Yes

Figure 24-25 Never move objects n Act ve D rectory Doma n Serv ces w thout a c ear dea of why you re do ng t

6. C ose Act ve D rectory Users And Computers, and og n to the server you just moved

Use an account n the Network Adm n strator ro e 7. Open a command w ndow (Cmd exe), us ng Run As Adm n strator, and run gpupdate

/force 8. The ICT W zard w

now show that the Remote Desktop s d sab ed, as shown n F gure

24-26

Figure 24-26 The change n OU has d sab ed Remote Desktop


CHAPTER 24 651

9. C ck Enab e Remote Desktop to open the System Propert es d a og box shown n F g-

ure 24-27 Se ect A ow Connect ons From Computers Runn ng Any Vers on Of Remote Desktop (Less Secure), and c ck OK to return to the ICT W zard

Figure 24-27 The System Propert es d a og box

10. Se ect the Do Not Show Th s W ndow At Logon check box, and then c ck C ose to c ose

the ICT W zard (You can a ways get t back by runn ng oobe.exe ) 11. F na y, there’s one more tt e b t of custom zat on we do on every server When you

c osed the ICT W zard, the Server Manager conso e opened, as shown n F gure 24-28

652 CHAPTER 24


Figure 24-28 The Server Manager conso e

12. In the Server Summary sect on, c ck Configure Server Manager Remote Management

to open the d a og box shown n F gure 24-29

Figure 24-29 Enab ng Server Manager remote management

13. Se ect the Enab e Remote Management Of Th s Server From Other Computers check

box, and c ck OK to return to the Server Manager conso e


CHAPTER 24 653

CHAPTER 25

Installing Microsoft SQL Server 2008 R2 Standard Edition for Small Business I

f you purchased the M crosoft W ndows Sma Bus ness Server 2011 Prem um Add-on (SBS 2011 Prem um Add-on), you have an add t ona W ndows Server 2008 R2 Standard cense for an add t ona server and a cense for M crosoft SQL Server 2008 R2 Before you nsta SQL Server, you shou d rev ew both hardware and other requ rements Th s chapter can’t come c ose to te ng you everyth ng you m ght need to know about SQL Server—there are many books ava ab e on every aspect However, we can g ve you an overv ew of the features and a br ef ntroduct on to nsta ng SQL Server Note SQL Server 2008 R2 includes all service packs for SQL Server 2008 and Power-

Pivot technology for sophisticated data analysis working with Microsoft Office.

Installation Options You have cho ces when t comes to nsta ng SQL Server 2008 R2, a though f you use t to support a part cu ar ne-of-bus ness app cat on, the dec s on m ght a ready be made for you SBS 2011 Prem um Add-on cons sts of censes for the 64-b t vers ons of W ndows Server 2008 R2 and SQL Server 2008 R2 If you want, you can downgrade to 32-b t vers ons of W ndows Server 2008 and SQL Server 2008 SQL Server 64-b t can be nsta ed on your W ndows SBS 2011 Server or, preferab y, on a second server runn ng W ndows Server 2008 R2 64-b t The downgraded SQL Server 2008 32-b t can be nsta ed on a second server runn ng W ndows Server 2008 32-b t

657

Installation Restrictions Before you beg n the process of nsta ng and dep oy ng SQL Server, you shou d be aware of the fo ow ng restr ct ons The vers on of SQL Server nc uded n SBS 2011 Prem um Add-on s censed for nsta at on on y n your W ndows SBS 2011 network You cannot nsta SQL Server on a server that s not n the W ndows SBS 2011 doma n The W ndows SBS 2011 CAL Su te for Prem um Users or Dev ces s requ red for users who, or dev ces that, access SQL Server You can nsta SQL Server on the server runn ng W ndows SBS 2011 or on the second server that you set up for your W ndows SBS 2011 doma n However, for secur ty reasons, t’s a bad dea to nsta the SQL Server on a doma n contro er Use the second server n the W ndows SBS 2011 doma n You can move the W ndows SharePo nt Serv ces content database to SQL Server Standard Ed t on, but t’s not a sens b e dea because then you’ need a SQL Server CAL for everyone who accesses SharePo nt

Installing SQL Server (Part One) To nsta SQL Server, nsert the DVD n the dr ve on the server and fo ow these steps 1. If the startup sequence doesn’t start automat ca y, se ect Computer from the Start

menu and doub e-c ck the DVD dr ve 2. The first d a og box that appears, shown n F gure 25-1, adv ses that M crosoft NET

Framework and an updated W ndows Insta er w Server nsta at on C ck OK

be nsta ed as part of the SQL

Figure 25-1 The f rst setup d a og box

658 CHAPTER 25


3. The SQL Server Insta at on Center, shown n F gure 25-2, opens The fo ow ng sect ons

descr be the nks on each page

Figure 25-2 The SQL Server nsta at on Center

Planning The SQL Server Insta at on Center prov des a wea th of nformat on A that read ng m ght be daunt ng at first, but at east 90 percent of a successfu nsta at on s n the p ann ng So the p ann ng page s where we’ start

Hardware and Software Requirements C ck the Hardware And Software Requ rements nk to see the m n mum hardware and software requ rements to nsta and run SQL Server 2008 R2 The nk s to the MSDN SQL Server Deve oper Center

Installing SQL Server (Part One)

CHAPTER 25 659

Security Documentation C ck the Secur ty Documentat on nk for adv ce on secur ty measures C ck the nks under the head ng Before Insta ng SQL Server, shown n F gure 25-3, for best pract ces

Figure 25-3 On ne SQL Server secur ty documentat on

Online Release Notes The On ne Re ease Notes nk takes you to the atest updates about the SQL Server nsta at on The Re ease Notes document s ava ab e on y on ne and s not on the nsta at on med a

System Configuration Checker The System Configurat on Checker exam nes the computer for poss b e nsta at on prob ems After t runs, se ect Show Deta s to see the ru es and resu ts as shown n F gure 25-4 Probems detected by the System Configurat on Checkers must be corrected before nsta at on can cont nue For even more deta s, c ck the V ew Deta ed Report nk

660 CHAPTER 25


Figure 25-4 The System Conf gurat on Checker resu ts

Install Upgrade Advisor C ck Insta Upgrade Adv sor f you a ready have e ther SQL Server 2005 or SQL Server 2008 nsta ed Upgrade Adv sor w check for any ssues that need to be addressed before nsta ng SQL Server 2008 R2

Online Installation Help The On ne Insta at on He p nk connects to the MSDN L brary, spec fica y to the Insta at on How-To sect on for SQL Server 2008 R2

How to Get Started with SQL Server 2008 R2 Failover Clustering C ck the SQL Server 2008 R2 Fa over C uster ng nk to v ew nformat on on bu d ng a SQL Server c uster A two-node c uster can be bu t but w requ re add t ona censed cop es of SQL Server and W ndows Server 2008


CHAPTER 25 661

How to Get Started with a PowerPivot for SharePoint Standalone Server Installation C ck the PowerP vot nk for nformat on on sett ng up PowerP vot for SharePo nt as e ther a new nsta at on or w th an ex st ng SharePo nt server

Upgrade Documentation C ck the Upgrade Documentat on nk to connect to on ne top cs, nc ud ng “Vers on and Ed t on Upgrades,” wh ch sts the supported paths

Installation The Insta at on page of the SQL Server Insta at on Center nc udes nks to w zards that w start d fferent types of nsta at ons

New SQL Server Stand-Alone Installation or Add Features to an Existing Installation C ck the New SQL Server Stand-A one Insta at on nk to start the first-t me nsta of SQL Server Return to th s nk to add features to an ex st ng nsta at on

New SQL Server Failover Cluster Installation Use th s nk to nsta a s ng e-node SQL Server 2008 R2 fa over c uster

Add Node To A SQL Server Failover Cluster Use th s nk to add a second node to a s ng e-node SQL Server fa over c uster Th s requ res a second censed copy of SQL Server and a second censed copy of W ndows Server 2008

Upgrade from SQL Server 2000, SQL Server 2005 Or SQL Server 2008 Use th s nk to upgrade your ex st ng vers on of SQL Server Be sure to first check Upgrade Documentat on on the P ann ng page and ver fy that your vers on of SQL Server s d rect y upgradab e to SQL Server 2008 R2

Search for Product Updates Before nsta ng SQL Server 2008, c ck the Search For Product Updates nk to be sure that your W ndows nsta at on s up to date

662 CHAPTER 25


Maintenance The Ma ntenance page nks to w zards to update or repa r your SQL Server nsta at on

Edition Upgrade C ck the Ed t on Upgrade nk to start the process of chang ng your ed t on of SQL Server

Repair Th s nk starts a repa r w zard to fix a corrupt SQL Server 2008 R2 nsta at on

Remove Node From A SQL Server Failover Cluster C ck th s nk to remove an ex st ng node from a fa over c uster

Tools The Too s page of the SQL Server Insta at on Center nc udes three nks, as descr bed n the fo ow ng sect ons

System Configuration Checker The System Configurat on Checker exam nes the computer for poss b e nsta at on prob ems After t runs, se ect Show Deta s to see the ru es and resu ts Th s nks to the same too as the System Configurat on Checker nk on the P ann ng page

Installed SQL Server Features Discovery Report When you’re not sure just what SQL Server products are nsta ed on the server, c ck th s nk to see a report The report deta s any SQL Server 2000, SQL Server 2005, SQL Server 2008, and SQL Server 2008 R2 products and features that are present

Upgrade Integration Services Packages To upgrade SQL Server 2005 Integrat on Serv ces Packages to the SQL Server 2008 R2 format, you can use th s nk, wh ch s not act vated unt after SQL Server 2008 R2 s nsta ed

Resources The Resources page of the SQL Server Insta at on Center, shown n F gure 25-5, nc udes mu t p e nks to techn ca resources and other he pfu webs tes


CHAPTER 25 663

Figure 25-5 Resources page of the SQL Server nsta at on Center

Note Disregard the Register Your Copy Of SQL Server 2008 R2 Express link. The edition

you have is SQL Server 2008 Standard Edition for Small Business.

Advanced The Advanced page of the SQL Server Insta at on Center nc udes advanced nsta at on opt ons

Install Based On Configuration File Use th s nk to aunch an nsta at on us ng an ex st ng configurat on fi e

Advanced Cluster Preparation C ck th s nk to aunch a w zard for prepar ng a fa over c uster nsta at on

Advanced Cluster Completion Th s nk starts a w zard that w c uster-prepared nstances

comp ete a SQL Server 2008 R2 fa over c uster from a st of

Image Preparation Of A Standalone Instance Of SQL Server Use th s nk to aunch a w zard that w 664 CHAPTER 25

prepare an maged nstance of SQL Server 2008 R2


Image Completion Of A Standalone Instance Of SQL Server Se ect th s nk to aunch a w zard to configure a prepared maged nstance of SQL Server

Options The Opt ons page of the SQL Server Insta at on Center shows processor-type opt ons, but the opt on has a ready been determ ned by the operat ng system on the server where SQL Server w be nsta ed If the operat ng system s 32-b t, you can on y nsta 32-b t SQL Server If the operat ng system s 64-b t, you can on y nsta 64-b t SQL Server

Installing SQL Server (Part Two) After you’ve rev ewed a the re evant nformat on n the prev ous sect ons and are at ast ready to perform an n t a nsta at on of SQL Server, fo ow these steps 1. On the Insta at on page of the SQL Server Insta at on Center, c ck the nk for New In-

sta at on or Add Features To An Ex st ng Insta at on SQL Server 2008 Setup aunches 2. The Setup Support Ru es are run C ck See Deta s to see the st of ru es, as shown n

F gure 25-6 C ck OK f a ru es show as Passed Rev ew any warn ngs to determ ne the r re evance to your network Correct the re evant warn ngs and a Fa ed ru es before proceed ng

Figure 25-6 SQL Server checks for prob ems that cou d h nder nsta at on

3. On the Product Key page, type the product key for SQL Server 2008 Standard Ed t on

for Sma Bus ness C ck Next

Installing SQL Server (Part Two)

CHAPTER 25 665

4. Read the cense terms (shown n F gure 25-7), se ect the box to accept the cense

terms, and then c ck Next

Figure 25-7 L cense terms for SQL Server 2008 R2

5. C ck Insta on the Setup Support F es, and the support fi es are nsta ed 6. Another set of Setup Support Ru es run C ck See Deta s to see the st of ru es C ck

OK f a ru es show as Passed Rev ew any warn ngs to determ ne the r re evance to your network Correct the re evant warn ngs and a Fa ed ru es before proceed ng 7. On the Setup Ro e page, there are two opt ons

• SQL Server Feature Installation

Choose th s opt on and you can choose on the next page the features you want nsta ed

• All Features With Defaults

Th s opt on w

nsta a features of SQL Server

2008 R2 w th defau t sett ngs

8. On the Feature Se ect on page, se ect the features to nsta

A descr pt on for each component group appears n the Descr pt on pane when you se ect t See Tab e 25-1 for add t ona descr pt ons of the ava ab e features Ver fy the ocat on for shared features C ck Next

666 CHAPTER 25


Figure 25-8 The f na set of nsta at on ru es

Figure 25-9 The st of components ready to nsta

14. The Insta at on Progress page fo ows the nsta at on performance (See F gure 25-10 )

Installing SQL Server (Part Two)

CHAPTER 25 669

Figure 25-10 nsta at on progress s tracked

15. At the comp et on of nsta at on, the Insta at on Progress page d sp ays the features

and the r status (Success or Fa ure) C ck Next 16. On the Comp ete page (shown n F gure 25-11), rev ew the nformat on about your

setup and notes that app y to your nsta at on

Figure 25-11 The Comp ete page show ng the successfu nsta at on and any notes that app y.

670 CHAPTER 25


CHAPTER 26

Adding a Terminal Server O

ne of the potent a uses for the second server that the M crosoft W ndows Sma Bus ness Server (SBS) Prem um Add-on nc udes s to configure t as a Term na Server Or, more proper y, a Remote Desktop Sess on Host (RD Sess on Host) W th the new RD Sess on Host features that are ava ab e n W ndows Server 2008 R2, we th nk th s s a very compe ng opt on, and one that we’ve a ready mp emented n our office Note Throughout this chapter, we’ll refer to terminal server (lowercase) when we

want to talk about the general functionality but will use the formal new name, RD Session Host, when we’re explicitly talking about enabling or configuring the role in Windows Server 2008 R2.

Add ng a term na server to SBS 2011 doesn’t requ re purchas ng the Prem um Add-on—any copy of W ndows Server 2008 or W ndows Server 2008 R2 w do, though we strong y recommend W ndows Server 2008 R2 The add t ona features and secur ty n W ndows Server 2008 R2 are compe ng, espec a y those for a term na server

New Remote Desktop Services Features W ndows Server 2008 R2 Remote Desktop Serv ces (RDS) s a s gn ficant update from the Term na Serv ces n W ndows Server 2008 or W ndows Server 2003 Not on y has the name changed, but some s gn ficant new capab t es were added as we The three major new features (when compared to W ndows Server 2003) are Remote Desktop (RD) Gateway, RemoteApps, and RD Web Access For most SBS env ronments, the first two of these are the most mportant RD Gateway s used by the new Remote Web Access (RWA), and RemoteApps g ves you the ab ty to use spec fic app cat ons runn ng on a term na server as f they were oca RD Web Access s a so usefu , but rather than sett ng up a trad t ona web server to prov de access to app cat ons, we’ ntegrate them d rect y onto Companyweb, the SBS ntranet For more on that, see Chapter 23, “Custom z ng a SharePo nt S te ”

673

RD Gateway The RD Gateway ro e serv ce s not nsta ed on the ma n SBS 2011 server, but the funct ona ty s enab ed to support RWA In SBS 2003, Remote Web Workp ace (RWW) acted as a proxy for the Remote Desktop Protoco , us ng port 4125 as the ncom ng port to connect remote users to c ents n the SBS doma n Th s worked we and was the b g app cat on n SBS 2003 In fact, t was so successfu that a ot of enterpr se networks were env ous of the techno ogy W ndows Server 2008 R2 uses RD Gateway to a ow a s m ar funct ona ty, but nstead of us ng an RDP proxy across port 4125, RD Gateway tunne s traffic over HTTPS to he p form a secure, encrypted connect on between remote users on the Internet and the remote computers on wh ch the r product v ty app cat ons run, even f the r use s ocated beh nd a Network Address Trans at on (NAT) Traversa –based router The SBS team chose to use the RD Gateway funct ona ty of W ndows Server 2008 R2 for Remote Web Access Wh ch a ows us to do some rea y coo th ngs w th RWA, nc ud ng addng nks to app cat ons that can be run d rect y from RWA across the Internet

RemoteApps RemoteApps was the s ng e best feature added to W ndows Server 2008, except for Hyper-V But Hyper-V sn’t exc t ng— t just makes our jobs eas er RemoteApps s actua y exc t ng, and t g ves us a way to g ve our users a better exper ence Term na Serv ces has a ways enab ed us to a ow users to run ent re desktops as f they were oca wh e actua y us ng the power of the server But RemoteApps takes th s to a who e new eve , a ow ng us to run just spec fic app cat ons on the RemoteApp server and have them behave just as f they were oca app cat ons Th s makes the ent re process transparent to the user The app cat on runs on the server, us ng the server’s memory, CPU, and resources, but t d sp ays on the user’s computer just as f t were runn ng oca y It’s uncanny how natura t fee s We use t here n our office a the t me Because we’re constant y bu d ng and rebu d ng new computers and v rtua mach nes, t’s a nu sance to try to have a s ng e, pred ctab e and access b e ocat on for data fi es—espec a y when we have mu t p e doma ns here But by enab ng RemoteApps, we a ways have the same v ew of our env ronment Because RemoteApps ets you create ms fi es for dep oyment, you can use Group Po cy to dep oy the remote app cat ons The app cat ons can even be configured to take over the fi e assoc at on for a fi e type, just as f they were oca app cat ons—aga n mak ng the user exper ence comp ete y natura

RD Web Access RD Web Access prov des a web-based front end that a ows you to pub sh app cat ons to a web page for eas er user access In SBS 2011, you can use RD Web Access to pub sh the app cat on nks d rect y n the SharePo nt Companyweb s te We covered how to do th s n Chapter 23

674 CHAPTER 26


Concepts Remote Desktop Serv ces s a new concept for many system adm n strators who expect systems to be essent a y s ng e-user It br ngs true mu t user capab ty to W ndows Each user who connects to a W ndows Server 2008 R2 server us ng Remote Desktop or a RemoteApp s actua y us ng the resources of the server tse f, not the part cu ar workstat on at wh ch he or she s seated The user’s exper ence doesn’t depend on the speed of the workstat on—the user’s workstat on s actua y shar ng the processor, RAM, and hard d sks of the server tse f Each user gets h s or her RDS sess on, and each sess on s comp ete y so ated from other sess ons on the same server An errant program n one sess on can cause that sess on’s user to have a prob em, but other users are unaffected Each user who connects to a W ndows Server 2008 R2 server us ng Remote Desktop s actua y funct on ng as a term na on that server RDS supports a w de var ety of computers as term na s—from d sk ess d sp ay stat ons runn ng a vers on of W ndows ent re y n memory, w th no hard d sk at a , to egacy W ndows desktop computers that are otherw se too underpowered for sat sfactory use Because the term na s respons b e so e y for the conso e funct ons—that s, the keyboard, mouse, and actua d sp ay—the process ng and RAM requ rements for the term na are m n ma A other funct on ng res des on and s part of the server, a though the d sks, pr nters, and ser a ports of your oca workstat on can be connected to the remote sess on Important Versions of Windows prior to Windows XP SP3 can’t install the latest ver-

sion of the Remote Desktop Client software. All client workstations should be updated to Windows XP SP3 or later to take full advantage of the features of Windows Server 2008 R2 Remote Desktop Services, and to protect the security of the network.

Remote Access RDS prov des an dea so ut on for the mob e user who needs to be ab e to run networkntens ve or processor- ntens ve app cat ons even over a d a -up connect on Because the oca computer s respons b e on y for the actua conso e, the respons veness and bandw dth requ rements are substant a y better compared to try ng to run app cat ons across a s ow connect on The actua bandw dth used for Remote Desktop Serv ces can be tuned by enab ng or d sab ng certa n graph cs features to mprove respons veness over a s ow connect on

Concepts

CHAPTER 26 675

CPU Predicting exactly how much CPU power will be required per user is difficult because each user has a different mix of applications and expectations. A physical server with a single quad-core processor Windows Server 2008 R2 with sufficient RAM present to avoid swapping can realistically host somewhere between 100 and 150 users—in other words, more than an SBS network has to worry about. Even when that server is a virtual machine, the numbers are quite similar if the CPU supports Second Level Address Translation (SLAT). Without SLAT, the maximum number of users drops to roughly 50–70 users for a four-processor virtual machine—still enough to handle the vast majority of SBS environments. One factor that affects the number of users per CPU core is the color depth used for each RDS session. Limiting the maximum color depth to 16-bits per pixel (bpp) significantly improves the capacity of the RD Session Host server. However, if your RD Session Host is supporting no more than 50 users, enabling Desktop Composition (Aero) and 32-bit color should not be an issue.

Network A typical SBS network with 1 Gbps networking has more than sufficient network bandwidth to support as many Remote Desktop clients as necessary. If your network is limited to older 100 Mbps networking, you might end up with network bandwidth issues if your RDS users run graphics-intensive applications, even on an SBS-sized network. Remote users can tailor their RDP settings to limit bandwidth use over slow connections.

RemoteApps The maximum number of RemoteApp users that a given server can support is actually slightly fewer than if the users were running full sessions with the same application mix. But the difference is small and is caused by higher CPU usage for RemoteApp scenarios.

Licensing Remote Desktop Serv ces use requ res spec a cens ng cons derat ons In add t on to norma C ent Access L censes (CALs), wh ch are covered by your SBS cens ng, you a so need to have an RDS CAL for each user or dev ce that uses RDS funct ona ty Note that th s nc udes RD Gateway or RD Web funct ona ty beyond that nc uded n W ndows Sma Bus ness Server 2011 Standard Unfortunate y, RDS CALs are not nc uded as part of e ther SBS or the Prem um Add-on

Concepts

CHAPTER 26 677

You’ need to nsta an RD L cens ng server n the SBS 2011 network w th n 120 days of n t a y enab ng the RD Sess on Host ro e, and you’ need to choose e ther per user or per dev ce cens ng mode for that RD Sess on Host server The RD L cens ng ro e serv ce can be enab ed on the same server as the RD Sess on Host ro e serv ce It shou d not be enab ed on the ma n SBS server

Installing the Remote Desktop Services Role Insta ng the Remote Desktop Serv ces ro e and ts support ng ro e serv ce shou d be one of the very first th ngs you do on any server you p an to use as an RD Sess on Host Important changes to how app cat ons are nsta ed happen automat ca y when you’re n App cat on Mode on a W ndows Server computer, and there can be prob ems f app cat ons are nsta ed before the server s converted to an app cat on server Our genera preference s to run through the tasks on the In t a Configurat on Tasks W zard (ICTW), sk pp ng on y the Add Ro es tasks, but jo n ng the server to the doma n, g v ng t a name, sett ng a fixed IP address, and nsta ng the bas c features we want on a servers After that s done and a the requ red restarts have been comp eted, t’s t me to nsta the RD Sess on Host ro e You’ a so need to move the server from the SBSComputers OU to the SBSServers OU Note If you’ve followed the installation steps in Chapter 24, “Installing the Second

Server,” and have already moved the server to the SBSServers OU, you can skip steps 1–5 in the following list of steps.

To nsta the Remote Desktop Serv ces ro e, fo ow these steps 1. On the SBS server, open the Act ve D rectory Users And Computers conso e, shown n

F gure 26-1, from the Adm n strat ve Too s menu, or by typ ng dsa.msc at a command prompt 2. Nav gate to the SBSComputers OU, as shown n F gure 26-1 Se ect the server that w

be the RD Sess on Host server, and drag t to the SBSServers OU 3. You’ be warned about mov ng objects n Act ve D rectory, as shown n F gure 26-2

C ck Yes to confirm you want to move the object 4. Log on to the server that you want to add the RD Sess on Host ro e to 5. Open a W ndows PowerShe or command w ndow as adm n strator 6. Force a group po cy update, as shown n F gure 26-3 Th s m ght cause Remote Desk-

top to be d sab ed, so you shou d avo d do ng th s from a Remote Desktop sess on A ternate y, you can s mp y reboot the server 7. Log on to the server that you want to add the RD Sess on Host ro e to, and open the

Server Manager conso e f t doesn’t open automat ca y (If the In t a Configurat on And Tasks W zard opens, you can c ose t and the Server Manager conso e w open automat ca y ) 678 CHAPTER 26


Figure 26-1 The Act ve D rectory Users And Computers conso e

Figure 26-2 Mov ng the RD Sess on Host server object to the SBSServers OU

Figure 26-3 Forc ng a Group Po cy update after chang ng the server s organ zat ona un t

Installing the Remote Desktop Services Role

CHAPTER 26 679

8. In the eft pane of the Server Manager conso e, se ect Ro es, as shown n F gure 26-4

Figure 26-4 The ma n Server Manager conso e, w th Ro es se ected n the eft (tree v ew) pane

9. Se ect Add Ro es from the act on menu to open the Add Ro es W zard 10. The Before You Beg n page of the Add Ro es W zard conta ns some genera nforma-

t on and recommended configurat on sett ngs After you’ve seen th s once and have read t, you can se ect the Sk p Th s Page By Defau t check box Once s qu te enough 11. C ck Next to open the Se ect Server Ro es page Se ect Remote Desktop Serv ces, as

shown n F gure 26-5


680 CHAPTER 26


12. C ck Next to open the Remote Desktop Serv ces page Read the br ef Introduct on

To Remote Desktop Serv ces, and f you want more nformat on on Remote Desktop Serv ces ro es and ro e serv ces, c ck the Overv ew Of Remote Desktop Serv ces nk 13. C ck Next to open the Se ect Ro e Serv ces page, as shown n F gure 26-6 Se ect at

east the Remote Desktop Sess on Host ro e serv ce Note You’ll need to install an RD Licensing server in your SBS domain within 120 days

of enabling Remote Desktop Services. This can be installed on any Windows Server 2008 R2 computer in the domain, and it can be installed at any point in that 120-day period.

Figure 26-6 The Se ect Ro e Serv ces page of the Add Ro es W zard for add ng the Remote Desk

top Serv ces ro e


CHAPTER 26 681

14. C ck Next to open the Un nsta And Re nsta App cat ons For Compat b ty page of

the Add Ro es W zard, shown n F gure 26-7 Th s s a good rem nder that app cat ons that have a ready been nsta ed shou d be un nsta ed and re nsta ed so that they are proper y mu t user-aware

Figure 26-7 The Un nsta And Re nsta App cat ons For Compat b ty page of the Add Ro es

W zard

15. C ck Next to open the Spec fy Authent cat on Method For Remote Desktop Sess on

Host page, shown n F gure 26-8 There are two cho ces for authent cat on

• Require Network Level Authentication

Choose th s f a your c ents w be runn ng at east W ndows XP SP3 or W ndows V sta Th s opt on s more secure and shou d be used when poss b e

• Do Not Require Network Level Authentication

Choose th s opt on f you have c ents that can’t be upgraded to at east W ndows XP SP3 C ents w st requ re RDP 6 or ater to use RemoteApps

682 CHAPTER 26


Figure 26-8 Sett ng the authent cat on eve for the Remote Desktop Sess on Host

16. C ck Next to open the Spec fy L cens ng Mode page, shown n F gure 26-9 Here you

can choose between per-dev ce or per-user cens ng, or you can de ay the dec s on In most cases, un ess you’ve a ready bought your CALs, postpone th s for now, unt you’ve had a chance to dec de how your users w actua y use the term na server Th s w a ow you to make the most cost-effic ent cho ce for cens ng

Figure 26-9 You can postpone the dec s on about wh ch Remote Desktop L cens ng mode to use.


CHAPTER 26 683

17. C ck Next to open the Se ect User Groups A owed Access To Th s RD Sess on Host

Server page, shown n F gure 26-10 The defau t s on y Adm n strators, so you’ want to change that We suggest creat ng a Secur ty Group spec fica y to contro RemoteApps access, but you can a so just g ve a users access or spec fy each nd v dua user

Figure 26-10 The Se ect User Groups A owed Access To Th s RD Sess on Host Server page of the

Add Ro es W zard

18. C ck Add to spec fy add t ona users and groups that w

be ab e to use the term na server To add the same group of users who are a owed access to Remote Web Access (RWA), enter Windows SBS Remote Web Access Users n the Se ect Users, Computers, Or Groups d a og box, as shown n F gure 26-11 C ck Check Names to make sure you’ve typed the group name correct y, and then c ck OK to return to the Add Ro es W zard

Figure 26-11 Se ect ng users and groups

684 CHAPTER 26


19. C ck Next to open the Configure C ent Exper ence page shown n F gure 26-12 Here

you can enab e add t ona aud o and d sp ay capab t es to prov de the user w th a r cher exper ence The cho ces are

• Audio And Video Playback

Choose th s to enab e users to p ay aud o and v deo from the RD Sess on Host to the r desktop Th s w automat ca y nsta the Desktop Exper ence feature on the RD Sess on Host

• Audio Recording Redirection

Se ect th s to enab e users to record aud o on the r c ent and have t ava ab e to the RD Sess on Host

• Desktop Composition (Provides The User Interface Elements Of Windows Aero) Se ect th s to enab e fu Aero g ass to the RD Sess on Host c ent Th s w automat ca y nsta the Desktop Exper ence feature on the RD Sess on Host

Figure 26-12 Enab ng a r ch mu t med a exper ence for the RDS c ent

20. C ck Next to open the confirmat on page, and then c ck Insta to beg n the

nsta at on 21. Before the nsta at on s comp ete, you’ need to reboot the server C ck C ose on the

Insta at on Resu ts page, and c ck Yes to beg n the reboot 22. When the server has restarted, og on w th the same account as you used to add the

Remote Desktop Serv ces ro e The Insta at on Resu ts page w t on w comp ete

open and the nsta a-


CHAPTER 26 685

11 . Right-click Windows Audio and select Properties, change the Startup Type to Automatic, and then click Start to start the service.

12. Click OK and then close the Services console. Making these changes improves the overall user experience for end users but also increases the amount of resources used per connection. That’s probably not a big issue in most SBS environments, and we think it’s worthwhile. Adding the Desktop Experience doesn’t, however, install the games that are normally included with Windows 7. This probably improves productivity, but we think there should at least be an option for them.

Configuring RD Licensing W ndows Server 2008 R2 requ res that at east one Remote Desktop L cens ng (RD L cens ng) server be nsta ed and runn ng on any network that has an RD Sess on Host If a cense server s not nsta ed w th n 120 days, a RD Sess on Host connect ons w be d sab ed Remote Desktop Serv ces requ res a separate W ndows Server 2008 R2 Remote Desktop Serv ces CAL or W ndows Server 2008 Term na Serv ce CAL for each user or dev ce n add t on to any W ndows Server CALs you m ght need The RD L cens ng server does not enforce per-user cens ng, but t does track usage n Act ve D rectory aga nst the nsta ed per-user censes Per-dev ce censes are enforced by the RD L cens ng server

Installing Remote Desktop Licensing In SBS, nsta ng the RD L cens ng ro e serv ce on the same server that s runn ng RD Sess on Host s the preferred cho ce, but you can a so nsta t on the ma n SBS server, though t sn’t recommended If you’re go ng to have more than a s ng e RD Sess on Host, you can nsta t on any of the RD Sess on Host servers To nsta RD L cens ng on the computer runn ng Remote Desktop Serv ces, fo ow these steps 1. Open Server Manager on the server runn ng Remote Desktop Serv ces f t sn’t a ready

open 2. Se ect Ro es, se ect Remote Desktop Serv ces n the eft pane, and then se ect Add Ro e

Serv ces from the act on menu 3. On the Se ect Ro e Serv ces page, se ect Remote Desktop L cens ng

688 CHAPTER 26


4. C ck Next to open the Configure D scovery Scope For RD L cens ng page, shown

n F gure 26-16 Leave the Configure A D scovery Scope For Th s L cense Server box c eared

Figure 26-16 The RD L cens ng Conf gurat on page of the Add Ro e Serv ces W zard

5. C ck Next to open the Confirm Insta at on Se ect ons page If everyth ng ooks correct,

c ck Insta to beg n the nsta at on 6. C ck C ose when the nsta at on comp etes

After the RD L cens ng ro e serv ce s added, you need to act vate the server before t w actua y do anyth ng To act vate the cense server, fo ow these steps 1. Open the RD L cens ng Manager ( cmgr exe) 2. Se ect the RD L cens ng server n the eft pane, and se ect Act vate Server from the

Act on menu 3. The Act vate Server W zard opens C ck Next to open the Connect on Method page


Configuring RD Licensing

CHAPTER 26 689

Figure 26-17 The Connect on Method page of the Act vate Server W zard

4. Se ect a connect on method from the drop-down st The cho ces are Automat c Con-

nect on (Recommended), Web Browser, or Te ephone Automat c Connect on requ res an Internet connect on from the server you are act vat ng Web Browser a so requ res an Internet connect on, but t can be run from any workstat on C ck Next 5. If you’ve chosen Automat c Connect on, the connect on w

be made, and then the first Company Informat on page s d sp ayed, as shown n F gure 26-18 F n a the fie ds on th s page—they are requ red C ck Next

690 CHAPTER 26


Figure 26-18 The requ red f e ds on the Company nformat on page of the Act vate Server

W zard

6. The second page of company nformat on s d sp ayed A

nformat on on th s page s opt ona —fi t n on y f you want to C ck Next, and f your connect on s good, your server w act vate and you’ be presented w th the comp et on page You can cont nue to add CALs by se ect ng the Start Insta L censes W zard Now box

7. C ck Next unt you get to the L cense Program page of the Act vate Server W zard, as



CHAPTER 26 691

Figure 26-19 Choose the type of RDS CALs you ve purchased

8. Se ect the type of cense you’re enter ng from the L cense Program drop-down st 9. C ck Next and fi

n the cense code C ck Next aga n, and the act vat on w

comp ete Note Additional steps are required for either web browser or telephone methods. If you

need to reactivate your server and reinstall licenses, you’ll be required to use the telephone method.

Assigning the Licensing Server and Licensing Mode Pr or to W ndows Server 2008 R2, the recommended method for term na servers to dent fy and connect to a cens ng server was by d scovery Th s ended up be ng one of the most frequent causes of Customer Support Serv ces (CSS) cases for Term na Serv ces, and w th the ntroduct on of Remote Desktop Serv ces n W ndows Server 2008 R2 the ent re cens ng server process has been s gn ficant y mproved In W ndows Server 2008 R2, the recommended method for ass gn ng a cense server s to exp c t y ass gn one (or more) servers Th s gets around many of the ssues that the d scovery

692 CHAPTER 26


process caused To further mprove the process, you can now move censes from one server to another w thout hav ng to ca n to the M crosoft C ear nghouse, even f the server they are current y ass gned to s offl ne These changes shou d reduce the major ty of the frustrat on and support ca s that term na server cens ng caused The one source of cens ng frustrat on that hasn’t changed s that an RD Sess on Host must choose between per-user or per-dev ce censes and can’t have both types enab ed on the same server Th s sn’t a b g dea n a arger enterpr se where there are mu t p e RD Sess on Hosts, but on an SBS network, you’ need to make a dec s on about wh ch type to use because most SBS networks w have at most a s ng e RD Sess on Host To ass gn a spec fic cens ng server for an RD Sess on Host and set the cens ng mode for that server, fo ow these steps 1. Open the Remote Desktop Sess on Host Configurat on conso e (tsconfig msc) f t sn’t

a ready open 2. Doub e-c ck Remote Desktop L cens ng Mode n the L cens ng sect on of the center

pane to open the Propert es d a og box w th the L cens ng tab act ve, as shown n F gure 26-20

Figure 26-20 The RD Sess on Host Propert es d a og box

3. Se ect Per Dev ce or Per User, and then c ck Add to open the Add L cense Server d a-

og box shown n F gure 26-21


CHAPTER 26 693

Figure 26-21 The Add L cense Server d a og box

4. Se ect the oca RD Sess on Host n the eft pane, and c ck Add to move t to the Spec -

fied L cense Servers pane If you have a secondary cense server (un ke y n an SBS env ronment), you can spec fy t here 5. C ck OK and then OK aga n to ass gn the cens ng mode and server (If you have open

Remote Desktop sess ons on the server, you’ see a warn ng that the changes won’t affect the act ve sess ons )

Configuring RemoteApps After you’ve nsta ed the Remote Desktop Serv ces ro e, a ong w th the RD Sess on Host ro e serv ce, you’re ready to configure RemoteApps If there s one th ng n W ndows Server 2008 R2 that we th nk s “coo ,” t has to be RemoteApps Instead of hav ng users connect to a remote term na server, open a fu desktop, and then run the app cat ons they need, RemoteApps a ows users to run remote app cat ons just as f they were runn ng them oca y, w thout open ng up a desktop The actua behav or s just ke a regu ar app cat on—when t needs to open an add t ona w ndow, such as when you go to save a fi e, t automat ca y opens up a new w ndow on your oca workstat on that has just the F e Save d a og box n t To the user, the app cat on behaves just as t wou d f the app cat on were runn ng oca y App cat ons can be pub shed as rdp fi es or as ms fi es, a ow ng dep oyment through Group Po cy When nsta ed w th an ms fi e, they can even be set to take over the defau t extens on of the app cat on on the user’s workstat on, enab ng automat c aunch

694 CHAPTER 26


RemoteApp Manager The RemoteApp Manager conso e (remoteprograms msc), shown n F gure 26-22, s used to manage remote app cat ons From here, you can define the var ous sett ngs that contro wh ch app cat ons are ava ab e, who can connect to them, and how they’re d str buted and pub shed

Figure 26-22 The RemoteApp Manager conso e

When you create a RemoteApp, you can set how t s d str buted and ava ab e You can create an rdp fi e for t or a W ndows Insta er Package ( ms ) fi e W ndows nsta er packages can be d str buted us ng Group Po cy and have add t ona opt ons as compared to rdp fi es To create a RemoteApp program, fo ow these steps 1. Open the RemoteApp Manager f t sn’t a ready open 2. C ck Add RemoteApp Programs n the Act ons pane to open the RemoteApp W zard 3. C ck Next to open the Choose Programs To Add To The RemoteApps Programs L st

page of the RemoteApp W zard, as shown n F gure 26-23

Configuring RemoteApps

CHAPTER 26 695

Figure 26-23 Choos ng programs to make ava ab e through RemoteApps

4. Se ect one or more programs to add to the RemoteApps programs st You can add

any programs you see n the st, or use the Browse button to ocate the program’s executab e 5. To change the run propert es of the app cat on you are add ng, se ect t from the st

of programs and c ck Propert es to open the Propert es d a og box for the program, as shown n F gure 26-24 for our ed tor of cho ce, gV m 6. Change any app cat on-spec fic propert es that you want to change 7. C ck the User Ass gnment tab to contro wh ch users have access to the RemoteApp

program, as shown n F gure 26-25 8. After you’ve made a your changes to User Ass gnment or app cat on propert es, c ck

OK to c ose the Propert es d a og box for the app cat on 9. C ck Next and then c ck F n sh to add the program to the st of ava ab e RemoteApps

696 CHAPTER 26


Figure 26-24 Sett ng the propert es for a RemoteApp program

Figure 26-25 You can contro wh ch users or groups are a owed to use a RemoteApp program

on the User Ass gnment tab


CHAPTER 26 697

Deploying with .rdp and .msi files You can eas y dep oy remote app cat ons to spec fic computers on your network by creat ng rdp or ms fi es Persona y, we prefer us ng ms fi es because they can be pushed out us ng Group Po cy and you can contro add t ona sett ngs w th them Or you can create a fi e share to save the fi es to, and users can nsta the fi es to the r computers To create a W ndows Insta er Package ( ms ) fi e, fo ow these steps 1. Open the RemoteApp Manager f t sn’t a ready open 2. Se ect the app cat on you want to create a package for n the RemoteApp Programs

pane 3. C ck Create W ndows Insta er Package n the Act ons pane to open the RemoteApp

W zard 4. C ck Next to open the Spec fy Package Sett ngs page, shown n F gure 26-26

Figure 26-26 The Spec fy Package Sett ngs page of the RemoteApp W zard

5. Enter a ocat on to save the package to The defau t s C \Program F es\Packaged

Programs, but we th nk a shared fo der makes more sense, so we create a RemoteApps fo der on the RD Sess on Host and share that 6. Change the RD Sess on Host or Cert ficate sett ngs that need to be d fferent for th s

app cat on There’s rea y no need to change e ther n an SBS env ronment

698 CHAPTER 26


7. C ck Change n the RD Gateway Sett ngs sect on to open the Configure RD Gateway

Sett ngs d a og box shown n F gure 26-27 Set th s to use the pub c DNS name of your SBS network f you expect to a ow any connect ons from remote users

Figure 26-27 Conf gure RemoteApps to use an RD Gateway f you want remote users to have access to the app cat on.

8. C ck OK to return to the Spec fy Package Sett ngs page, and then Next to open the

Configure D str but on Package page shown n F gure 26-28

Figure 26-28 The Conf gure D str but on Package page of the RemoteApp W zard


CHAPTER 26 699

The bas c process s ■

Create an rdp fi e for the app cat on

■

Save the rdp fi e to the path where Remote Web Access res des on your SBS server

■

Create a new MIME type n Internet Informat on Serv ces (IIS) for RDP

■

Add a nk to the rdp fi e to the RWA page us ng the SBS Conso e

Let’s go through the process to add a nk to M crosoft Word 2010 to the RWA page If you don’t have M crosoft Office nsta ed on your RD Sess on Host, you’ need to use a d fferent program n these steps, but the resu t w be the same F rst, fo ow these steps on the term na server to create an rdp fi e for M crosoft Word 2010 1. Open RemoteApp Manager f t sn’t a ready open (remoteprograms msc) 2. If you a ready have an entry n the RemoteApp Programs sect on for M crosoft Word

2010, sk p to step 6 If not, se ect Add RemoteApp Programs from the Act ons menu to open the RemoteApp W zard 3. C ck Next to open the Choose Programs To Add To The RemoteApp Programs L st

page 4. Scro down and se ect M crosoft Word 2010 from the st, as shown n F gure 26-29

Figure 26-29 Se ect ng Microsoft Word 2010 to add to the st of RemoteApps

5. C ck Next and then c ck F n sh to add Microsoft Word 2010 to the st of RemoteApp

programs

Adding a RemoteApp to Remote Web Workplace

CHAPTER 26 701

6. Se ect Microsoft Word 2010 n the st of RemoteApp Programs, and then c ck Create

RDP F e n the Act ons pane to open the RemoteApp W zard 7. C ck Next to open the Spec fy Package Sett ngs page of the RemoteApp W zard 8. Type n the UNC path to the Pub c share on your SBS server for the ocat on to save, as


Figure 26-30 Save the .rdp f e to the Pub c share of your SBS server

9. Ver fy that the RD Gateway Server Name s shown as the pub c DNS name of Remote

Web Access If t sn’t, c ck Change and adjust as requ red 10. C ck Next and then c ck F n sh to create the fi e

Next, et’s og on to the SBS server and move that rdp fi e over to where we need t by fo ow ng these steps 1. Log on to the ma n SBS server w th a Network Adm n strator account 2. Open W ndows Exp orer, and nav gate to \\ oca host\pub c, as shown n F gure 26-31 3. H gh ght the WINWORD rdp fi e, and copy t to the c pboard 4. Nav gate to the ma n d rectory for Remote Web Access The defau t ocat on s C \

Program F es\W ndows Sma Bus ness Server\B n\WebApp\RemoteAccess Paste the WINWORD rdp fi e You’ be prompted for perm ss on because th s s a protected fo der

702 CHAPTER 26


Figure 26-31 Locat ng the W NWORD .rdp f e

Next, we need to create a new MIME type for the rdp extens on by fo ow ng these steps 1. Open the Internet Informat on Serv ces (IIS) Manager from the Adm n strat ve Too s

menu 2. H gh ght the server name n the eft pane, nav gate to S tes, then to Defau t Web S te,

and fina y to Remote C ck MIME Types n the center pane, as shown n F gure 26-32

Figure 26-32 The S Manager conso e


CHAPTER 26 703

3. C ck Open Feature on the Act ons menu to open the MIME Types n the center pane,


Figure 26-33 The M ME Types feature n the S Manager conso e

4. C ck Add n the Act ons pane to open the Add MIME Type d a og box Type .rdp n the

F e Name Extens on fie d, and type application/x-remotedesktop n the MIME Type fie d, as shown n F gure 26-34 C ck OK

Figure 26-34 The Add M ME Type d a og box

5. R ght-c ck the server name n the eft pane and se ect Stop from the Act ons menu 6. R ght-c ck the server name aga n and se ect Start 7. C ose the Internet Informat on Serv ces (IIS) Manager conso e

704 CHAPTER 26


Note It doesn’t actually matter what Mime type you create here. We’ve chosen

application/x-remotedesktop for consistency with standard Mime naming conventions, but Windows and IIS are actually smart enough to make this work with pretty much any Mime type.

F na y, we need to add the M crosoft Word 2010 nk to the RWA page by fo ow ng these steps 1. Open the W ndows SBS Conso e f t sn’t a ready open 2. C ck Shared Fo ders And Web S tes n the nav gat on pane, and then c ck the Web

S tes tab as shown n F gure 26-35

Figure 26-35 The Web S tes page of the W ndows Sma Bus ness Server 2011 Standard Conso e

3. In the Remote Web Access Tasks sect on, c ck V ew S te Propert es to open the Remote

Web Access Propert es d a og box as shown n F gure 26-36


CHAPTER 26 705

Figure 26-36 The Remote Web Access Propert es d a og box

4. C ck Home Page L nks n the eft pane, and then c ck Manage L nks to open the Re-

mote Web Access L nk L st Propert es d a og box, shown n F gure 26-37 5. C ck Organ zat on L nks n the eft pane to open the Manage Organ zat on L nks page

n the r ght pane 6. Type Use Microsoft Word 2010 n the L nk Descr pt on fie d, and then type the nk to

the rdp fi e you added n the L nk Address fie d, as shown n F gure 26-38 (Th s shou d be https://remote.sbsexample.com/remote/winword.rdp, where sbsexample.com s rep aced by your DNS name ) 7. C ck Add and then c ck OK tw ce to c ose the Remote Web Access L nk L st Propert es

d a og box and return to the W ndows SBS Conso e 8. H gh ght Remote Web Access, c ck D sab e Th s S te n the Tasks pane, and then c ck

Enab e Th s S te n the Tasks pane 9. Log on to Remote Web Access, and you’ see the new nk, as shown n F gure 26-39

706 CHAPTER 26


Figure 26-37 The Remote Web Access L nk L st Propert es d a og box

Figure 26-38 Add ng an Organ zat on L nk to Remote Web Access


CHAPTER 26 707

Figure 26-39 Remote Web Access show ng the new nk to M crosoft Word 2010

10. The first t me you run th s or any other RemoteApp, you’ have mu t p e prompts to

prov de credent a s and confirm you rea y want to do th s You can save your se ect ons so that you’re not prompted aga n, f you choose M crosoft Word 2010 probab y sn’t the most mportant app cat on that you’ want to be ab e to run remote y, but t prov des a s mp e examp e for our purposes Each bus ness has a d fferent app cat on set that t needs to make ava ab e remote y, but any app cat on that current y requ res ogg ng on to a remote desktop or us ng a v rtua pr vate network (VPN) connect on s an obv ous cho ce

Summary W ndows Server 2008 R2 adds mportant new capab t es to Remote Desktop Serv ces (former y Term na Serv ces) When comb ned w th the new second server that s part of the Prem um Add-on, add ng an RD Sess on Host to an SBS network s a natura fit, enab ng add t ona app cat on dep oyment opt ons and g v ng the SBS adm n strator or consu tant the too s to rat ona ze resources n the SBS doma n In th s chapter, we covered the new features of Remote Desktop Serv ces n W ndows Server 2008 R2, the nsta at on and configurat on of the RD Sess on Host ro e serv ce, and the mp ementat on and dep oyment of RemoteApps In the next sect on, we move on to ma ntenance and troub eshoot ng of your SBS network, beg nn ng w th bas c mon tor ng and fine-tun ng of performance

708 CHAPTER 26


Part V I

Maintenance and Troubleshooting CHAPTER 27

Performance Mon tor ng 711

CHAPTER 28

D saster P ann ng 733

CHAPTER 27

Performance Monitoring F

or a network to operate at ts best, you must be ab e to recogn ze bott enecks and take act on to e m nate them Th s chapter covers the system and network mon tor ng too s n M crosoft W ndows Sma Bus ness Server (SBS) 2011 that enab e you to detect prob ems and tune your system to ts opt mum performance eve Performance Mon tor encompasses s mp e too s that can he p you track server oads, ocate pers stent errors, custom ze the data you want to co ect n ogs, define m ts for a erts and automat c act ons, generate reports, and v ew past performance data To open Performance Mon tor, c ck Start, type perfmon n the Start Search box, and press Enter Or you can se ect Performance Mon tor from the Adm n strat ve Too s menu

The n t a v ew of Performance Mon tor (shown n F gure 27-1) nc udes a br ef overv ew as we as a system summary

Figure 27-1 n t a v ew of Performance Mon tor

711

Note For virtually every procedure in this chapter, you need to be logged on with

administrative credentials.

Resource Monitor Overview C ck the Open Resource Mon tor nk n the Overv ew Of Performance Mon tor sect on to access Resource Mon tor, or c ck Start, type resmon n the Start Search box, and press Enter The Resource Mon tor page, shown n F gure 27-2, shows four scro ng graphs for rea t me mon tor ng of CPU, d sk, network, and memory usage

Figure 27-2 Resource Mon tor page

The four sect ons next to the graphs conta n deta s about each resource C ck the sect on to d sp ay the deta , as shown n F gure 27-3

712 CHAPTER 27


Note Click a row and the highlight will remain on that row, even when the application’s

position changes in the display.

Figure 27-3 D sp ay ng CPU usage n the resource overv ew

C ck the co umn header n the deta v ew to sort by ascend ng order C ck a second t me to sort n descend ng order On the CPU tab, you can see check boxes next to the Image header Se ect the mages that you are nterested n nvest gat ng An orange bar opens on each sect on show ng what s beng fi tered, as shown n F gure 27-4 W th fi ter ng turned on, Resource Mon tor now d sp ays any assoc ated modu es or assoc ated hand es

Resource Monitor Overview

CHAPTER 27 713

Figure 27-4 Resource Mon tor w th f ter ng enab ed

C ear the check boxes to remove fi ter ng The fo ow ng st defines the headers n each Resource Mon tor deta v ew ■

CPU Deta s

• Image The app cat on us ng the CPU • PID The process dent ficat on for the app cat on nstance • Description The name of the app cat on • Status Shows f the process s Runn ng, Suspended, or Term nated R ght-c ck to change the status

• Threads The number of act ve threads n th s nstance • CPU The number of current y act ve cyc es for th s nstance • Average CPU The average CPU oad over the past 60 seconds, expressed as a percentage of the tota capac ty of the CPU

■

D sk Deta s

• Image The app cat on us ng the d sk • PID The process dent ficat on for the app cat on nstance • File The fi e be ng read or wr tten • Read The speed ( n bytes per second) at wh ch the fi e was read

714 CHAPTER 27


n the ast m nute

• Write

The speed ( n bytes per second) at wh ch the fi e was wr tten n the ast

m nute

• Total

The average number of bytes per second read and wr tten to the d sk n the ast m nute

• I/O Priority The pr or ty of the IO task • Response Time The d sk response t me ■

n m seconds

Network Deta s

• Image The app cat on us ng the network resource • PID The Process ID of the app cat on nstance • Address The network address w th wh ch the oca computer

s exchang ng nformat on Th s can be an IP address, computer name, or fu y qua fied doma n name

• Send

Amount of data ( n bytes per second) sent n the ast m nute from the oca computer to the network address

• Receive

The amount of data ( n bytes per second) that the app cat on rece ved n the ast m nute from the network address

• Total

The tota bandw dth ( n bytes per second) of the data sent and rece ved n the ast m nute

■

Memory Deta s

• Image The app cat on us ng the memory resource • PID The Process ID of the app cat on nstance • Hard faults/min. The number of hard fau ts caused by the app cat on

nstance

n the ast m nute

Note A hard fault (also called a page fault) is not an error. It happens when a page

at the address referenced is no longer in physical memory and has been swapped out or placed on a hard drive. However, an application that causes a high number of hard faults will be slow to respond because it constantly has to read from a hard drive rather than from memory.

• Commit The amount of v rtua memory ( n k obytes) reserved for the process • Working Set (KB) The amount of memory ( n k obytes) current y used by the app cat on nstance

• Shareable (KB)

The amount of the work ng set memory ( n k obytes) that m ght be ava ab e for other use

• Private (KB)

The amount of the work ng set memory ( n k obytes) that cannot

be shared

Resource Monitor Overview

CHAPTER 27 715

Filtering Information from Resource Monitor Resource Mon tor produces a lot of data, so fi ter ng out the unessent a data s necessary f you’re not to drown n a sea of graphs To des gnate fi ters, start Resource Mon tor and fo ow these steps 1. Se ect a Resource Mon tor tab In the Image co umn, se ect the check box next to the

name of each process you want to mon tor As you se ect a process, t’s moved to the top of the co umn 2. After se ect ng a process for fi ter ng, the Assoc ated Hand es and Assoc ated Modu es

tab es on the CPU tab w

conta n data re ated to your se ect on

3. C ck another tab to v ew add t ona resource usage data for your se ect on Tab es that

conta n on y fi tered resu ts have an orange nformat on bar be ow the t t e bar of the tab e 4. To stop fi ter ng for a s ng e process or serv ce, c ear ts check box To stop a fi ter ng,

c ear the check box next to Image Note If the process is not using any of the resources displayed on the current tab, the

process name won’t appear in the key table.

Troubleshooting Troublesome Applications There can be many reasons for an app cat on to appear nonrespons ve—few of them obv ous to the naked eye W ndows Resource Mon tor a ows you to v ew a process wa t cha n and to end processes that are prevent ng a program from funct on ng proper y In Resource Mon tor, the entry for an unrespons ve process appears n red Important Take care when using Resource Monitor to end a process. If an open pro-

gram is dependent on the process, it will immediately close and unsaved data will be lost. Ending a system process can result in system instability and also cause data loss.

To exam ne a process, open Resource Mon tor and c ck any tab In the Image co umn, r ght-c ck the name of the process you want to ana yze and se ect Ana yze Wa t Cha n (See F gure 27-5 )

716 CHAPTER 27


Figure 27-5 Check ng for a process wa t cha n

If the process s runn ng norma y and s not wa t ng for any other processes, no wa t cha n nformat on w be d sp ayed If the process s wa t ng for another process, a tree organ zed by dependency on other processes w be d sp ayed To end one or more of the processes n the tree, se ect the check boxes next to the process names and c ck End Process

Using Performance Monitor Performance Mon tor can he p you v sua ze what s happen ng on your network and on nd v dua computers L ke Resource Mon tor, t d sp ays events n rea t me but can a so preserve data n ogs for ater v ew ng Insuffic ent memory or process ng power can cause bott enecks that severe y m t performance Unba anced network oads and s ow d sk-access t mes can a so prevent the network from operat ng opt ma y Bott enecks occur when one resource nterferes w th another resource’s funct on ng For examp e, f one app cat on monopo zes the system processor to the exc us on of a other operat ons, there s a bott eneck at the processor Bott enecks can occur n W ndows subsystems or at any e ement of the network, for many reasons, nc ud ng

■

Insuffic ent resources

■

A program or c ent monopo zes a resource

■

Fa ure of a program, serv ce, or dev ce

Using Performance Monitor

CHAPTER 27 717

■

Software ncorrect y nsta ed or configured

■

Incorrect configurat on of the system for the work oad

Performance Mon tor nc udes performance counters, event trace data, and configurat on nformat on, wh ch can be v ewed separate y and can a so be comb ned nto data co ector sets Performance counters are measurements of system state or act v ty They can be nc uded n the operat ng system or can be part of nd v dua app cat ons W ndows Performance Mon tor requests the current va ue of performance counters at spec fied t me nterva s Event trace data s gathered from trace prov ders that are part of the operat ng system or of app cat ons that report events Informat on from severa trace prov ders can be co ected as a trace sess on Configurat on nformat on s co ected from key va ues n the W ndows reg stry Performance Mon tor can document the va ue of a reg stry key at a spec fic t me nto a og fi e

Adding Performance Counters Performance counters w show you the state of an app cat on or a process n the operat ng system You can d sp ay any number of counters on Performance Mon tor S mp y r ght-c ck ns de the Performance Mon tor d sp ay and se ect Add Counters Th s opens the Add Counters d a og box, as shown n F gure 27-6

Figure 27-6 V ew ng ava ab e counters

718 CHAPTER 27


To add a counter to the Performance Mon tor, fo ow these steps 1. Se ect a computer from the drop-down st, or c ck Browse to find other computers 2. Ava ab e counters are sted be ow the computer se ect on box You can add a the

counters n a group or c ck the p us s gn to se ect nd v dua counters Note Select the Show Description check box in the lower left of the window for infor-

mation on what the selected counters are actually counting.

3. When you c ck a group or an nd v dua counter, the current nstances d sp ay n

the Instances Of Se ected Object w ndow Se ect a part cu ar nstance or se ect A Instances To search for a part cu ar nstance, type the process name n the drop-down box be ow the Instances Of Se ected Object pane and c ck Search If your search produces no returns, h gh ght another group to c ear the search The Search funct on s offered on y f mu t p e nstances are ava ab e 4. C ck Add to put the counter n the Added Counters st C ck OK when you’re fin shed

Changing the Performance Monitor Display After you add mu t p e counters, the Performance Mon tor screen can be d fficu t to dec pher To make the d sp ay more readab e, fo ow these steps 1. R ght-c ck the Performance Mon tor d sp ay and se ect Propert es to open the Perfor-

mance Mon tor Propert es d a og box as shown n F gure 27-7

Figure 27-7 Chang ng how the Performance Mon tor d sp ays

2. C ck the Data tab to se ect how you want the counters to d sp ay Change the co or,

w dth, or sty e of the counter nes

Using Performance Monitor

CHAPTER 27 719

3. Change other d sp ay e ements on the Genera , Graph, and Appearance tabs 4. C ck the Source tab to change the data source from Current Act v ty to a spec fied og

fi e For more nformat on on us ng performance ogs, see “Manag ng Co ected Data” ater n th s chapter

Saving the Performance Monitor Display The current d sp ay of Performance Mon tor can be saved as an mage or as a web page To save the d sp ay as an mage, fo ow these steps 1. R ght-c ck the Performance Mon tor d sp ay and se ect Save Image As 2. Se ect a ocat on, and type n a name for the saved mage The mage w

se saved as a

g f fi e 3. C ck Save

To save the Performance Mon tor d sp ay as a web page, fo ow these steps 1. R ght-c ck the Performance Mon tor d sp ay and se ect Save Sett ngs As 2. Se ect a ocat on, and type n a name for the saved d sp ay The d sp ay w

be saved as

an htm fi e 3. C ck Save

Using Reliability Monitor Re ab ty Mon tor prov des a System Stab ty Index that reflects whether unexpected probems are reduc ng system re ab ty A graph of the Stab ty Index over t me qu ck y dent fies dates when prob ems began to occur The accompany ng System Stab ty Report presents deta s to he p you ocate and fix the root cause of reduced re ab ty By ook ng at changes to the system (operat ng system updates or add ng and remov ng software) a ong w th fa ures (app cat on, operat ng system, or hardware fa ures), you can deve op a method for dea ng w th the prob ems To open Re ab ty Mon tor, fo ow these steps 1. Open Contro Pane , and se ect Act on Center 2. Expand Ma ntenance and V ew Re ab ty H story

C ck any tem on the graph to v ew ts deta s C ck events n the Act on co umn for more deta s Se ect e ther Days or Weeks to m t the report to spec fic t me per ods

720 CHAPTER 27


Viewing Reliability Monitor on a Remote Computer Informat on about the ocat on of Re ab ty Mon tor fi es s stored n the reg stry Therefore, remote reg stry access s requ red to open data on a remote computer To enab e the Remote Reg stry Serv ce, comp ete the fo ow ng steps 1. On the computer where you want to access Re ab ty Mon tor data, c ck Start, type

services.msc n the Start Search box, and press Enter 2. In the Serv ces st, r ght-c ck Remote Reg stry and se ect Start, as shown n F gure 27-8

Figure 27-8 Start ng the Remote Reg stry Serv ce

Creating a Data Collector Set Data co ector sets are a method of mon tor ng and report ng where n you can co ect on y nformat on that’s usefu to you, and you can create nd v dua data co ector sets that can be v ewed a one or comb ned w th other data co ector sets n Performance Mon tor Data co ector sets can be configured to generate a erts when thresho ds are reached, or you can assoc ate them w th schedu ng ru es to perform data co ect on at spec fic t mes

Building a Data Collector Set from a Template Performance Mon tor nc udes severa temp ates that concentrate on genera system d agnos s nformat on or co ect performance data spec fic to server ro es or app cat ons You can mport temp ates created on other computers and export data co ector sets that you create to use on other computers

Creating a Data Collector Set

CHAPTER 27 721

To create a data co ector set from a temp ate, fo ow these steps 1. C ck Start, type perfmon n the Start Search box, and then press Enter 2. In the nav gat on pane, expand Data Co ector Sets, r ght-c ck User Defined, po nt to

New, and c ck Data Co ector Set The Create New Data Co ector Set W zard starts 3. Enter a name for your data co ector set Se ect Create From A Temp ate, and c ck

Next 4. From the Temp ate Data Co ector Set menu, se ect the temp ate you want to use to

create your data co ector set A descr pt on of the data co ected appears as you h ghght each temp ate (See F gure 27-9 )

Figure 27-9 H gh ght a temp ate to read the descr pt on

5. The Root D rectory conta ns data co ected by the data co ector set If you want to

store your data co ector set data n a ocat on other than the defau t, c ck Browse or type n the d rectory name 6. C ck Next to choose a custom ocat on for the data co ector set or to define more op-

t ons C ck F n sh to save the current sett ngs and ex t Note If you type in a directory name, do not enter a backslash (\) at the end of the

directory name.

7. C ck Next to define a user for the data co ector set to run as, or c ck F n sh to save the

current sett ngs and ex t

722 CHAPTER 27


8. When you c ck Next, you can configure the data co ector set to run as a spec fic user

C ck Change to enter the user name and password for a user other than the defau t sted, or c ck F n sh to save the current sett ngs and ex t To start co ect ng data and stor ng t n the ocat on spec fied n step 6, r ght-c ck the data co ector set n the nav gat on pane and se ect Start To v ew the propert es of the data co ector set or make changes, r ght-c ck the data co ector set you created n steps 1 through 8 and se ect Propert es For more nformat on about the propert es of the data co ector set, see “Manag ng Co ected Data” ater n th s chapter

Importing Templates Data co ector set temp ates are stored as XML fi es, and you can mport them d rect y from a oca hard dr ve or from a network dr ve To mport a data co ector set temp ate, run the Create New Data Co ector Set W zard and c ck Browse when asked wh ch temp ate you’d ke to use Browse to the ocat on of the XML fi e you want to use, se ect t, and c ck Open

Exporting Templates To export a data co ector set for use on other computers, open Performance Mon tor, expand Data Co ector Sets, r ght-c ck the data co ector set you want to export, and c ck Save Temp ate Se ect a d rectory n wh ch to store the XML fi e, and c ck Save

Creating a Data Collector Set from Performance Monitor To use the counters n a Performance Mon tor d sp ay to create a data co ector set, fo ow these steps 1. Start Performance Mon tor, and add counters (as descr bed n the “Add ng Perfor-

mance Counters” sect on ear er n th s chapter) to create a custom v ew you want to save as a data co ector set 2. R ght-c ck Performance Mon tor n the nav gat on pane, po nt to New, and c ck Data

Co ector Set The Create New Data Co ector Set W zard starts The data co ector set you create w conta n a of the data co ectors se ected n the current Performance Mon tor v ew 3. Type n a name for the data co ector set, and c ck Next 4. The Root D rectory w

conta n data co ected by the data co ector set If you want to store your data co ector set data n a ocat on other than the defau t, c ck Browse to nav gate to the ocat on or type n the d rectory name

Note If you type in a directory name, do not enter a backslash (\) at the end of the

directory name.


CHAPTER 27 723

5. After c ck ng Next, you can configure the data co ector set to run as a spec fic user

C ck Change to enter a user name and password 6. C ck F n sh

To start co ect ng data and stor ng t n the ocat on spec fied n step 4, r ght-c ck the data co ector set n the nav gat on pane and se ect Start

Constructing a Data Collector Set Manually You can create a custom zed data co ector set made up of performance counters, configurat on data, or data from trace prov ders To make such a data co ector set, fo ow these steps 1. Open W ndows Performance Mon tor 2. In the nav gat on pane, expand Data Co ector Sets, r ght-c ck User Defined, po nt to

New, and c ck Data Co ector Set 3. Type n a name for your data co ector set Se ect Create Manua y, and c ck Next 4. Se ect Create Data Logs Se ect the check boxes next to the data co ector types you

want to use, wh ch are descr bed n the fo ow ng st, and c ck Next

Performance Counter Generates metr c data about the system’s performance

Event Trace Data Prov des nformat on about act v t es and system events

System Configuration Information Records the state of—and changes to— reg stry keys

5. Depend ng on the data co ector types you se ected, you w

be presented w th d a og

boxes to add data co ectors to your data co ector set

• C ck Add to open the Add Counters d a og box

When you are fin shed add ng performance counters, c ck OK Then c ck Next to cont nue the configurat on, or c ck F n sh to ex t and save the current configurat on

• You can

nsta event trace prov ders w th the operat ng system or as part of a nonM crosoft app cat on C ck Add to se ect from a st of ava ab e event trace prov ders, as shown n F gure 27-10 You can se ect mu t p e prov ders by ho d ng down the Ctr key and h gh ght ng the prov ders you want When you are fin shed add ng event trace prov ders, C ck OK and then c ck Next to cont nue the configurat on, or c ck F n sh to ex t and save the current configurat on

724 CHAPTER 27


Figure 27-10 Se ect ng trace prov ders for a data co ector set

6. To record system configurat on data, type n the reg stry keys you want to track You

must know the exact key 7. When you’ve fin shed add ng reg stry keys, c ck Next to cont nue the configurat on or

c ck F n sh to ex t and save the current configurat on 8. The Root D rectory w

conta n data co ected by the data co ector set If you want to store your data co ector set data n a ocat on other than the defau t, c ck Browse to nav gate to the ocat on or type n the d rectory name

Note If you type in a directory name, do not enter a backslash (\) at the end of the

directory name.

9. After c ck ng Next, you can configure the data co ector set to run as a spec fic user

C ck Change to type n the user name and password for a user other than the defau t sted 10. C ck F n sh

Creating a Data Collector Set to Monitor Performance Counters Another type of data co ector set that you can create mon tors performance counters and sends out a erts when the counters exceed or fa be ow thresho ds you set F rst create the data set, and then configure the a erts by fo ow ng these steps 1. Open Performance Mon tor In the nav gat on pane, expand Data Co ector Sets, r ght-

c ck User Defined, po nt to New, and c ck Data Co ector Set 2. Type n a name for your data co ector set Se ect Create Manua y, and c ck Next 3. Se ect the Performance Counter A ert opt on, and c ck Next


CHAPTER 27 725

4. C ck Add to open the Add Counters d a og box When you are fin shed add ng coun-

ters, c ck OK 5. H gh ght the counter you’d ke to mon tor From the A ert When drop-down st,

choose whether to a ert when the performance counter va ue s above or be ow the m t In the L m t box, enter the thresho d va ue 6. When you’ve fin shed defin ng a erts, c ck Next to cont nue the configurat on or c ck

F n sh to ex t and save the current configurat on 7. After c ck ng Next, you can configure the data co ector set to run as a spec fic user

C ck Change to type n a user name and password

Scheduling Data Collection Data co ect on can be schedu ed and og data managed us ng Data Co ector Sets You can store the reports after og data has been de eted so that you can st have performance stat st cs w thout stor ng masses of nd v dua counter va ues To schedu e when a data co ector set starts, fo ow these steps 1. After you create a data co ector set, r ght-c ck the name of the data co ector set n

the nav gat on pane and se ect Propert es 2. C ck the Schedu e tab 3. C ck Add to create a start date, t me, or day for data co ect on, as shown n F gure

27-11 If you are configur ng a new data co ector set, be sure that the start date s after the current date and t me

Figure 27-11 Schedu ng a start date and t me for a data co ector set

4. If you don’t want to co ect new data after a spec fic date, se ect the Exp rat on Date

check box and supp y the date 5. C ck OK when fin shed

726 CHAPTER 27


Note Specifying an expiration date will prevent new instances of data collection from

starting after the expiration date.

To schedu e when a data co ector set stops, fo ow these steps 1. After you create a data co ector set, r ght-c ck the name of the data co ector set n

the nav gat on pane and se ect Propert es 2. C ck the Stop Cond t on tab 3. To stop co ect ng data after a spec fied t me, se ect Overa Durat on and choose the

number and un ts of t me Note If your aim is to collect data indefinitely, don’t select Overall Duration.

4. In the L m ts sect on, you can se ect When A L m t Is Reached, Restart The Data Co ec-

tor Set to break the data co ect on nto separate, more manageab e ogs

• Se ect Durat on to configure a t me per od for data co ect on to wr te to a s ng e og fi e

• Se ect Max mum S ze to restart the data co ector set or to stop co ect ng data when the og fi e reaches the m t

Note If both limit types are selected, the collection of data will stop or restart when

the first limit is reached. If you configure Overall Duration, those settings will override limits.

5. If you have spec fied a va ue for Overa Durat on, you can se ect Stop When A Data

Co ectors Have F n shed so that a the counters can fin sh record ng the most recent va ues before the ent re data co ector set s stopped 6. C ck OK

Managing Collected Data Data co ector sets create og fi es and opt ona report fi es Data Manager a ows you to configure how og data, reports, and compressed data are stored for each data co ector set To configure Data Manager for a data co ector set, fo ow these steps 1. Open Performance Mon tor, expand Data Co ector Sets, and expand User Defined 2. R ght-c ck the name of the data co ector set that you want to configure and se ect

Data Manager

Managing Collected Data

CHAPTER 27 727

3. On the Data Manager tab, you can accept the defau t va ues or make changes accord-

ng to your data retent on po cy Tab e 27-1 descr bes each opt on

• Se ect M n mum Free D sk or Max mum Fo ders, and prev ous data w

be de eted when the m t s reached accord ng to the Resource Po cy you choose (e ther Deete Largest or De ete O dest)

• Se ect App y Po cy Before The Data Co ector Set Starts, and prev ous data w

be

de eted before the data co ector set creates ts next og fi e

• Se ect Max mum Root Path S ze, and prev ous data w

be de eted when the root

og fo der s ze m t s reached

4. C ck the Act ons tab You can accept the defau t va ues or make changes To make

changes, use the Add, Ed t, or Remove button Tab e 27-2 descr bes each opt on 5. C ck OK to fin sh Table 27-1 Data Manager opt ons

Option

Definition

M n mum Free D sk

Amount of free d sk space that must be ava ab e on the dr ve where og data s stored When the m t s reached, prev ous data w be de eted based on your Resource Po cy

Max mum Fo ders

Number of subfo ders a owed n the data d rectory When the m t s reached, prev ous data w be de eted accord ng to your Resource Po cy

Resource Po cy

Spec fies whether the argest or o dest og fi e or d rectory w be de eted when m ts are reached

Max mum Root Path S ze

Max mum s ze of the data co ector set data d rectory, nc udng a subfo ders When se ected, th s max mum path s ze overr des the M n mum Free D sk and Max mum Fo ders m ts When the m t of the Max mum Root Path S ze s reached, prev ous data w be de eted accord ng to your Resource Po cy

Table 27-2 Act ons propert es

Option

Definition

Age/Un ts

The age of the data fi e n days or weeks If the va ue s set to zero, the age s not cons dered

Fo der S ze

The s ze, n megabytes, of the og data fo der If the va ue s set to zero, the s ze s not cons dered

Save, Create Or De ete A Cab F e

Cab net fi es are arch ves that are created from raw og data that can be extracted ater

728 CHAPTER 27


The -o {OutputFile | DSN!CounterLog} parameter specifies the path name of the output file or SQL database where the counters will be written. The -b <M/D/YYYY HH:MM:SS[AM|PM]> parameter specifies begin time for copying first record from the input file. Date and time must be in this exact format: M/D/YYYY H:MM:SS. The -e <M/D/YYYY HH:MM:SS[AM|PM]> parameter specifies end time for copying last record from the input file. Date and time must be in this exact format: M/D/YYYY HH:MM:SS. The -config {FileName | i} parameter specifies the path name of the settings file that contains command-line parameters. Use -i in the configuration file as a placeholder for a list of input files that can be placed on the command line. On the command line, however, you do not need to use i. You can also use wildcards such as *.blg to specify many input filenames. The –q parameter displays the performance counters and time ranges of log files specified in the input file. The –y parameter bypasses prompting by answering “yes” to all questions. The /? parameter displays help at the command prompt.

Viewing Reports To he p ana yze co ected data and dent fy trends, Performance Mon tor generates reports from data co ector sets To v ew a data co ector set report, fo ow these steps 1. Open W ndows Performance Mon tor 2. Expand Reports, and c ck User Defined or System 3. Se ect the data co ector set that you want to v ew as a report The report opens n the

conso e pane, as shown n F gure 27-12

730 CHAPTER 27


Figure 27-12 V ew ng a data co ector report

To create a new report for a data co ector set, type perfmon / report “Data Collector Set name” at a command prompt Type perfmon /report w thout any other parameters to generate the System D agnost cs report

Summary In th s chapter, we covered the ava ab e too s for keep ng track of your network’s hea th and performance The next chapter offers strateg es for protect ng your network from potent a d sasters

Summary

CHAPTER 27 731

CHAPTER 28

Disaster Planning S

mart SCUBA d vers d ve w th a buddy and carry an a ternate a r source, even though they’ve tra ned extens ve y and checked the r equ pment thorough y Schoo s and bus nesses have fire dr s even though the vast major ty of bu d ngs never burn down System adm n strators are no d fferent—we do ver fied backups and wr te up d saster recovery p ans we hope never to use But we do them because there are on y two types of networks those that have exper enced d saster and those that haven’t—yet D saster can take many forms, from the se f- nfl cted pa n of a user or adm n strator do ng someth ng rea y, rea y unw se to the uncontro ab e, unpreventab e resu ts of a natura d saster such as a flood or an earthquake In any case, your bus ness w depend on how we you were prepared for the d saster, and how we you and your team respond to t and recoverfrom t Th s chapter covers emergency preparedness It d scusses creat ng a d saster recovery p an, w th standard zed procedures to fo ow n the event of a catastrophe It a so descr bes how to prepare for a d saster so that f (or when) one happens, you have the too s to recover We’ a so cover some of the spec a zed, and n some ways eas er, recovery scenar os that v rtua zat on uses

Planning for Disaster Some peop e seem to operate on the assumpt on that f they don’t th nk about a d saster, one won’t happen Th s s s m ar to the dea that f you don’t wr te a w , you’ never d e—and just about as rea st c No bus ness owner or system adm n strator shou d fee comfortab e about the r degree of preparedness w thout a c ear d saster recovery p an that has been thorough y tested Even then, you shou d cont nua y ook for ways to mprove the p an— t shou d on y be your start ng po nt A good d saster recovery p an s one that you are constant y exam n ng, mprov ng, updat ng, and test ng But understand your d saster p an’s m tat ons t sn’t perfect, and even the best d saster recovery p an needs to be constant y exam ned and adjusted or t qu ck y gets out of date P ann ng for d saster or emergenc es s not a s ng e step, but an terat ve, ongong process Systems are not mounta ns, but r vers, constant y mov ng and chang ng, and your d saster recovery p an needs to change as your env ronment changes To put

733

Identifying the Risks The first step n creat ng a d saster recovery p an s to dent fy the r sks to your bus ness and the costs assoc ated w th those r sks The r sks vary from the s mp e de et on of a cr t ca fi e to the tota destruct on of your p ace of bus ness and ts computers To proper y prepare for a d saster, you need to perform a rea st c assessment of the r sks, the potent a costs and consequences of each d saster scenar o, the ke hood of any g ven d saster scenar o, and the resources ava ab e to address the r sks R sks that seemed van sh ng y remote a few years ago are now part of our everyday ves Th s sn’t a job for a s ng e person As w th a the tasks assoc ated w th a d saster recovery p an, a concerned part es must part c pate There are two mportant reasons for th s you want to make sure that you have comm tment and buy- n from the part es concerned, and you a so want to make sure you don’t m ss anyth ng mportant No matter how carefu y and thorough y you try to dent fy the r sks, you’ m ss at east one You can account for that m ss ng r sk by nc ud ng an “unknown r sk” tem n your st Treat t just ke any other r sk dent fy the resources ava ab e to address t, and deve op countermeasures to take shou d t occur The d fference w th th s r sk, of course, s that your resources and countermeasures are somewhat more gener c, and you can’t rea y test your response to the r sk, because you don’t yet know what t s Start by try ng to st a the poss b e ways that your network cou d fa So c t he p from everyone w th a stake n the process The more peop e nvo ved n the bra nstorm ng, the more deas you’ get, and the more prevent on and recovery procedures you can deve op and pract ce Be carefu at th s stage n the process to not d sm ss any dea or concern as tr v a , un mportant, or un ke y Next, ook at a the ways that some externa event cou d affect your system (The current buzz word for th s s threat modeling, f you care ) The team of peop e respons b e for dent fy ng poss b e externa prob ems s probab y s m ar to a team ook ng at nterna fa ures, but w th some mportant d fferences For examp e, f your bus ness s housed n a arge commerc a office bu d ng, you’ want to nvo ve that bu d ng’s secur ty and fac t es groups even though they aren’t emp oyees of your bus ness They w not on y have mportant nput nto the poss b e threats to the bus ness, but a so they’ a so have nformat on on the resources and preventat ve measures a ready n p ace The r sk dent ficat on phase s rea y made up of two parts dent ficat on and assessment They are d fferent tasks Dur ng the dent ficat on port on of the phase, you need to dent fy every poss b e r sk, no matter how remote or un ke y No r sk suggested shou d be regarded as s y—don’t m t the suggest ons n any way You want to dent fy every poss b e r sk that anyone can th nk of Then, when you have as comp ete a st as you can create, move on to the assessment task In the r sk-assessment task, you w try to understand and quant fy just how ke y a part cu ar r sk s If you’re ocated n a flood p a n, for examp e, you’re much more ke y to th nk flood nsurance s a good nvestment

Planning for Disaster

CHAPTER 28 735

Note Even in a very small business, where there might be only one person involved in

disaster planning, it’s a really good idea to get others involved somehow in at least the risk-identification task. Different people think up different scenarios and risk factors, and soliciting more and different viewpoints will improve the overall result of the process.

Identifying the Resources After you’ve dent fied the r sks to your network, you need to dent fy what the resources are to address those r sks These resources can be nterna or externa , peop e or systems, hardware or software When you’re dent fy ng the resources ava ab e to dea w th a spec fic r sk, be as comp ete as you can, but a so be spec fic Ident fy ng everyone n the company as a resource to so ve a crashed server m ght ook good, but rea st ca y on y one or two peop e are ke y to actua y be ab e to rebu d the server Make sure you dent fy those key peop e for each r sk, as we as the more genera secondary resources they have to ca on, such as M crosoft Customer Support Serv ces (CSS) and oca M crosoft partners For examp e, the pr mary resource ava ab e to recover a crashed server m ght cons st of your hardware vendor to recover the fa ed hardware and your own IT person or pr mary system consu tant to restore the software and database Genera secondary resources cou d nc ude M crosoft Support (http://support. microsoft.com/oas/default.aspx?gprid=3208), M crosoft Partners n your area, and the TechNet Forum for SBS (http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/threads) An mportant step n dent fy ng resources n your d saster recovery p an s to spec fy both the first- ne respons b ty and the back-end or superv sory respons b ty Make sure everyone knows who to go to when the prob em s more than they can hand e or when they need add t ona resources A so, c ear y define when they shou d esca ate The best d saster recovery p ans nc ude c ear, unamb guous esca at on po c es Th s takes the burden off nd v dua s to dec de when to not fy someone and whom to not fy, and t makes esca at on s mp y part of the procedure

Developing the Responses An o d but re evant adage comes to m nd when d scuss ng d saster recovery scenar os When you’re up to your e bows n a gators, t’s d fficu t to remember that your or g na object ve was to dra n the swamp Th s s another way of say ng that peop e ose track of what’s mportant when they are over oaded by too many prob ems that requ re mmed ate attent on To ensure that your swamp s dra ned and your network gets back on ne, you need to take those carefu y researched r sks and resources and deve op a d saster recovery p an There are two mportant parts of any good d saster recovery p an ■

Standard operat ng procedures (SOPs)

■

Standard esca at on procedures (SEPs)

736 CHAPTER 28

Disaster Planning

Mak ng sure these procedures are n p ace and c ear y understood by everyone nvo ved, before a d saster str kes, puts you n a far better pos t on to recover gracefu y and w th a m n mum of ost product v ty and data

Standard Operating Procedures Emergenc es br ng out both the best and worst n peop e If you’re prepared for the emergency, you can be one of those who come out sme ng ke a rose, but f you’re not prepared and et yourse f get flustered or ose track of what you’re try ng to accomp sh, you can make the who e s tuat on worse than t needs to be It’s just p a n hard to stay ca m and focused when you’re n the m dd e of an emergency and there’s a ot of extra stress be ng app ed by everyone around you A though no one s ever as prepared for a system emergency as they’d ke to be, carefu p ann ng and preparat on can g ve you an edge n recover ng exped t ous y and w th a m n ma oss of data It’s a ot eas er to dea w th the s tuat on ca m y when you know you’ve prepared for th s prob em and you have a we -organ zed, tested SOP to fo ow Because the very nature of emergenc es s that you can’t pred ct exact y wh ch one s gong to str ke, you need to p an and prepare for as many poss b t es as you can The t me to dec de how to recover from a d saster s before the d saster happens, not n the m dd e of t when users are scream ng and bosses are stand ng around ook ng ser ous and concerned If you’re ucky (We seem to have been b essed by those who fo ow the more common adage, “When n troub e or n doubt, run n c rc es, scream and shout ”) Your r sk-assessment phase nvo ved dent fy ng as many poss b e d saster scenar os and r sks as you cou d; the resource-assessment phase dent fied the resources for those r sks Now you need to create SOPs for recover ng the system from each of the scenar os Hav ng an SOP that deta s how to recover from a fa ed server makes that recovery a ot eas er Reduce your stress and prevent m stakes by p ann ng for d sasters before they occur Pract ce recover ng from each of your d saster scenar os Wr te down each of the steps, and work through quest onab e or unc ear areas unt you can dent fy exact y what t takes to recover from the prob em Th s s ke a fire dr , and you shou d do t for the same reasons—not because a fire s nev tab e, but because fires do happen, and the stat st cs demonstrate rrefutab y that those who prepare for a fire and pract ce what to do n a fire are far more ke y to surv ve the fire Even f you know you’re the on y resource the company has to recover from a d saster scenar o, wr te down the bas c steps to do t You don’t need to go nto m nute deta , but at the very east, out ne the key steps Th s m ght be someth ng you do for rea on y once n your fe, so don’t count on be ng ab e to remember everyth ng D sasters, by the r very nature, ra se the overa stress eve and cause peop e to forget mportant steps Your job as a system adm n strator s to prepare for d sasters and pract ce what to do n those d sasters—not because you expect the d saster, but because f you do have one, you want to be the hero, not the goat After a , t sn’t often that the system adm n strator or IT consu tant gets to be a hero, so be ready when your t me comes Planning for Disaster

CHAPTER 28 737

Every good server room should have a large binder, prominently visible and clearly identified, that contains all the SOPs. Each responsible person should also have one or more copies of at least the procedures he or she is either a resource for or likely to become a resource for. We like to keep copies of all our procedures in several places so that we can get at them no matter what the source of the emergency or where we happen to be when one of our pagers goes off. Even if you’re the only resource, keep multiple copies of your procedures and key phone numbers of external resources. Don’t rely entirely on electronic storage, because even external electronic storage might be difficult to access if the disaster is major. But don’t ignore electronic storage, either. Most of the time, it’s the fastest and easiest to get to, and the most likely to be completely up to date.

After you have created the SOPs, your job has on y begun You need to keep them up to date and make sure that they don’t become sta e It’s no good hav ng an SOP to recover your ISDN connect on to the Internet when you r pped the ISDN ne out three years ago and put n a DSL ne w th five t mes the bandw dth at ha f the cost You a so need to make sure that a your cop es of an SOP are updated E ectron c ones shou d probab y be stored n a database or n a fo der on SBS that s ava ab e offl ne However, hard-copy documents are notor ous y tr cky to ma nta n A good method s to make yet another SOP that deta s who updates what SOPs, how often that person updates t, and who gets fresh cop es whenever a change s made Then put a vers on contro system nto p ace and make sure everyone understands h s or her ro e n the process Bu d rewards nto the system for t me y and cons stent updat ng of SOPs— f 10 or 20 percent of someone’s bonus s dependent on keep ng those SOPs up to date and d str buted, you can be sure they’ be current at east as often as the rev ew process

Standard Escalation Procedures No matter how carefu y you’ve dent fied potent a r sks, and how deta ed your procedures to recover from them are, you’re st ke y to have s tuat ons you d dn’t ant c pate An mportant part of any d saster recovery p an s a standard zed esca at on procedure Not on y shou d each nd v dua SOP have ts own procedure-spec fic SEP, but you shou d a so have an overa esca at on procedure that covers everyth ng you haven’t thought of—because t’s certa n you haven’t thought of everyth ng An esca at on procedure has two funct ons—resource esca at on and not ficat on esca at on Both have the same purpose to make sure that everyone who needs to know about the prob em s up to date and nvo ved as appropr ate, and to keep the overa no se eve down so that the work of reso v ng the prob em can go forward as qu ck y as poss b e The resource escalation procedure deta s the resources that are ava ab e to the peop e who are try ng to recover from the current d saster so that these peop e don’t have to try to guess who (or Planning for Disaster

CHAPTER 28 739

what) the appropr ate resource m ght be when they run nto someth ng they can’t hand e or someth ng doesn’t go as p anned Th s procedure he ps them stay ca m and focused They know that f they run nto a prob em, they aren’t on the r own, and they know exact y who to ca when they do need he p The notification escalation procedure deta s who s to be not fied of ser ous prob ems Even more mportant, t shou d prov de spec fics regard ng when not ficat on s to be made If a part cu ar pr nt queue crashes but comes r ght back up, you m ght want to send a genera message on y to the users of that part cu ar pr nter ett ng them know what happened However, f your ema has been down for more than ha f an hour, a ot of fo ks are go ng to be concerned The SEP for ema shou d deta who needs to be not fied when the server s unava ab e for onger than some spec fied amount of t me, and t shou d probab y deta what happens and who gets not fied when t’s st down some s gn ficant amount of t me after that Th s not ficat on has two purposes to make sure that the necessary resources are made ava ab e as requ red, and to keep everyone nformed and aware of the s tuat on If you et peop e know that you’ve had a server hardware fa ure and that the vendor has been ca ed and w be ons te w th n an hour, you’ cut down the number of phone ca s exponent a y, free ng you to do whatever you need to do to ensure that you’re ready when the vendor arr ves

Testing the Responses A d saster recovery p an s n ce to have, but t rea y sn’t worth a who e ot unt t has actua y been tested Need ess to say, the t me to test the p an s at your conven ence and under contro ed cond t ons, rather than n the m dst of an actua d saster It’s a nu sance to d scover that your deta ed d saster recovery p an has a fata flaw n t when you’re test ng t under contro ed cond t ons It’s a b t more than a nu sance to d scover t when every second counts You won’t be ab e to test everyth ng n your d saster recovery p ans Even most arge organ zat ons don’t have the resources to create fu y rea st c s mu ated natura d sasters and test the r response to each of them under contro ed cond t ons, and even fewer sma bus nesses have those k nds of resources Neverthe ess, there are th ngs you can do to test your response p ans The deta s of how you test them depend on your env ronment, but they shou d nc ude as rea st c a test as feas b e and shou d, as much as poss b e, cover a aspects of the response p an The other reason to test the d saster recovery p an s that t prov des a va uab e tra n ng ground If you’ve dent fied pr mary and backup resources, as you shou d, chances are that the peop e you’ve dent fied as backup resources are not as sk ed or know edgeab e n a part cu ar area as the pr mary resource Test ng the procedures g ves you a chance to tra n the backup resources at the same t me You shou d a so cons der us ng the test ng to cross-tra n peop e who are not necessar y n the pr mary response group Not on y w they get va uab e tra n ng, but you’ a so create a know edgeab e poo of peop e who m ght not be d rect y needed when the procedure has to be used for rea , but who can act as key commun cators w th the rest of the commun ty

740 CHAPTER 28

Disaster Planning

so c t suggest ons for how the process cou d be mproved Then make the changes and test them You’ not on y mprove your respons veness to th s part cu ar type of d saster, but you’ a so mprove your overa respons veness by gett ng peop e nvo ved n the process and enab ng them to be part of the so ut on Important Do not use this post-disaster recovery discussion to assign blame or look

for the cause of the disaster. This is about how to respond to, and recover from, a disaster better. And to do that, you need to learn from the experience so that you can do a better job planning for the next one. If everyone is trying to avoid blame, they won’t have any energy for improving the process.

Preparing for a Disaster As Ben Frank n was known to say, “Fa ure to prepare s prepar ng to fa ” Th s s truer than ever w th modern operat ng systems, and a though SBS nc udes a number of except ona y usefu recovery modes and too s, you st need to prepare for potent a prob ems Some of these techn ques are covered n deta n other chapters and are d scussed here on y br efly, whereas others are covered here at ength

Setting Up A Fault-Tolerant System A fau t-to erant system s one that s prepared to cont nue operat ng n the event of key component fa ures It’s very usefu for servers runn ng cr t ca app cat ons Here are a few of the many ways to ensure fau t to erance n a system ■

Use one or more RAID arrays for system and data storage, protect ng you from hardd sk fa ure If a hard d sk n the array fa s, on y that d sk needs to be rep aced—and no data s ost See Chapter 11, “D sk Management,” for nformat on about us ng RAID, both software and hardware, to prov de fau t to erance for your d sk subsystem

■

Use mu t p e d sk array contro ers to prov de redundancy f a contro er fa s

■

Use an un nterrupt b e power supp y (UPS) to a ow the server to shut down gracefu y n the event of a power fa ure

■

Use mu t p es of everyth ng that s ke y to fa , nc ud ng power supp es and network cards

■

Keep key spares ava ab e to qu ck y recover by rep ac ng a fa ed part If you have on y a s ng e power supp y and t fa s, you’ be back on ne a lot faster f you swap out a fa ed power supp y yourse f and then ca your hardware vendor for a rep acement for the fa ed one

742 CHAPTER 28

Disaster Planning

Backups We’ve got a who e chapter on backups—Chapter 16, “Configur ng Backup”—but t’s mportant to ta k br efly about them here under d saster recovery because they’re the backbone of any d saster recovery scenar o Hav ng a backup of your cr t ca system fi es s n ce Havng backups of your data s n ce But hav ng a tested backup of both of them s cr t ca to a successfu restore exper ence By tested, we mean that you’ve actua y restored the fi es n the backup and that you were ab e to read and use them Not every s ng e backup w get tested for your ab ty to restore That’s not rea st c, and there’s no po nt even pretend ng t’s go ng to happen But you shou d have a regu ar schedu e of test ng backups to know you can restore from them We ke to do ours at east once a week We p ck a coup e of key subd rector es and restore them to a temporary ocat on on the server Image backups, such as those done by W ndows Server Backup, pose add t ona test ng ssues It’s a rea y good dea to test fu system restores to ensure that your recovery scenar o for a fu hardware fa ure s v ab e—espec a y f you ntend to do restores to d ss m ar hardware, wh ch s someth ng not d rect y contemp ated by W ndows Server 2008 R2 Backup If you want to be ab e to do a restore to d ss m ar hardware, you’re probab y go ng to need to use a th rd-party backup ut ty, such as Acron s True Image for M crosoft W ndows Sma Bus ness Server (http://www.acronis.com) or StorageCraft ShadowProtect Server (http://www. storagecraft.com) Both of these products are des gned to a ow you to do backup and restore to d ss m ar hardware, nc ud ng phys ca to v rtua (P2V)

Restoring from Backup The process of restor ng your SBS server from backup s someth ng you shou d test and do before you find yourse f n the m dd e of a d saster And yes, we know, we’re repeat ng ourse ves But t’s rea y mportant One ast t me and then we’ et t go The on y good backup s a fu y tested backup And the on y re ab e way to test a backup s to restore t When d saster str kes your SBS network and you have to restore an ent re server, you’ need the fo ow ng

■

Your backup

■

Hardware to restore the backup to If you’re us ng the nat ve W ndows Server 2008 R2 Backup that s part of SBS, t needs to be qu te s m ar hardware to the server you’re rep ac ng

■

The or g na d sk 1 from your SBS 2011 nsta at on med a, or another W ndows Server 2008 R2 Standard DVD

■

Any dr vers requ red for W ndows Server 2008 R2 to “see” your hard d sks, or your backup med a These shou d be on a USB key or other med a that the target server can read

Restoring from Backup

CHAPTER 28 743

After you have a the requ rements together, you’re ready to restore your server by fo owng these steps 1. Insert the first d sk of the SBS 2011 nsta at on med a, and turn on the server 2. If the BIOS needs to be changed to a ow the DVD dr ve to be the first boot dev ce, go

nto the server’s BIOS and make the change, and then restart the server 3. If prompted, press any key to boot from the DVD dr ve to br ng up the n t a oca za-

t on page of the W ndows Sma Bus ness Server 2011 Standard nsta at on, as shown n F gure 28-1

Figure 28-1 The oca zat on page of the SBS 2011 nsta at on

4. Set the oca zat on opt ons, and then c ck Next to open the Insta Now page 5. C ck Repa r Your Computer to open the System Recovery Opt ons d a og box shown

n F gure 28-2 If you’re restor ng to a bare system, no operat ng system s shown, as n the figure

Figure 28-2 When restor ng to a new server, no ex st ng operat ng systems are present

744 CHAPTER 28

Disaster Planning

6. C ck Load Dr vers f you need to oad dr vers for your hard d sks, and fo ow the

prompts to prov de the necessary dr vers 7. C ck Next to open the System Recovery Opt ons d a og box shown n F gure 28-3

Figure 28-3 The System Recovery Opt ons d a og box

8. C ck System Image Recovery W ndows w

search for attached backups and present the Se ect A System Image Backup page of the Re-Image Your Computer W zard f t ocates a backup, as shown n F gure 28-4 The most recent backup dent fied on the backup d sk w be h gh ghted

Figure 28-4 The most recent backup found s se ected for restorat on

Note If a backup isn’t located, you will be offered an opportunity to attach a USB

disk, or to point to the location of the backup.

Restoring from Backup

CHAPTER 28 745

9. C ck Next to open the Choose Add t ona Restore Opt ons page, shown n F gure 28-5

If your d sks are dent ca y s zed and not yet part t oned, you won’t have an opt on to format them and repart t on

Figure 28-5 The Choose Add t ona Restore Opt ons page of the Re mage Your Computer

W zard

10. Se ect Format And Repart t on D sks to comp ete y remove any ex st ng part t ons and

create new part t ons that match those on the or g na server 11. C ck Exc ude D sks to not reformat and repart t on d sks that you want to protect, as

shown n F gure 28-6

Figure 28-6 You can exc ude d sks to protect ex st ng data

746 CHAPTER 28

Disaster Planning

12. C ck OK when you have se ected d sks to exc ude, c ck Next to move to the confirma-

t on page, and then c ck F n sh 13. Re-Image Your Computer requ res a fina confirmat on before restor ng, as shown n

F gure 28-7 Se ect the confirmat on check box, and c ck OK

Figure 28-7 F na conf rmat on before formatt ng d sks and restor ng your computer

14. After the restore s comp ete, you’ be prompted to restart the server

Virtualization and Disaster Planning The core of d saster p ann ng s the same whether you’re runn ng SBS v rtua zed or on phys ca hardware The five steps descr bed at the beg nn ng of th s chapter are a most exact y the same But there are d fferences when dea ng w th v rtua zed SBS The two b ggest d fferences to address are ■

No USB dr ve support ns de the ch d part t on

■

Hardware ndependence

What do these d fferences mean for d saster p ann ng? A few d fferences n the mechan cs of backups and restores, pr mar y, w th a poss b e change n the products used

No USB Support SBS 2011 s des gned to back up to an attached USB hard d sk, but Hyper-V doesn’t support USB d sks ns de v rtua mach nes (VMs) As d scussed n Chapter 16, however, the nat ve W ndows Server Backup n W ndows Server 2008 R2 supports add t ona backup target opt ons, nc ud ng remote shares and oca hard d sks You can use these opt ons w thout caus ng ssues n the W ndows SBS Conso e One mportant advantage to USB hard d sks as a backup target s that you can remove a d sk for off-s te storage and attach another, someth ng you can’t do eas y w th a VM backup A v ab e workaround, however, s to create a v rtua hard d sk on the USB hard d sk and attach the VHD to the SCSI contro er of SBS VM The SCSI contro er a ows you to dynam ca y attach and unattach VHDs, and you can automate the ent re process w th W ndows PowerShe

Virtualization and Disaster Planning

CHAPTER 28 747

Hardware Independence The second d fference w th runn ng SBS v rtua zed s a pos t ve—hardware ndependence V rtua zat on a ows you to move VMs to d fferent phys ca hardware a most transparent y Even when you haven’t fu y exported a VM, the rest s easy as ong as you have cop es of the VHD fi es—a b t of configurat on of the v rtua zat on sett ngs, and then create the v rtua networks After SBS s up and runn ng, you shou d rerun the Connect To The Internet W zard and the F x My Network W zard to comp ete the restore Th s hardware ndependence g ves you a ot of opt ons as you p an for how you’ hand e a d saster Even f you don’t mmed ate y have an dent ca or even equ va ent server ava ab e, most SBS networks cou d run n a somewhat reduced mode on a workstat on c ass computer w th 10–12 g gabytes (GB) of RAM and a quad-core processor You wou dn’t have the eve of redundancy ava ab e as you wou d n a good server, and t’s not a configurat on we recommend us ng for any ength of t me, but t s more than adequate to get out of a d saster s tuat on and get the bus ness up and runn ng

Summary Assume that a d saster w eventua y occur, and p an accord ng y Create standard zed recovery procedures, and keep them up to date When there’s a ot of turmo , as a ways happens n the case of a major fa ure, peop e forget mportant steps and can make poor dec s ons Standard zed procedures prov de a course of act on w thout the need for on-the-spot dec s ons If you’ve p anned for a d saster and pract ced what to do n the event of one, you’ be ab e to recover much more qu ck y than f you haven’t And recover ng qu ck y n the event of a major d saster can be a s gn ficant compet t ve advantage

748 CHAPTER 28

Disaster Planning

Part V II

Appendices APPENDIX A

Introduct on to Networks 751

APPENDIX B

Automat ng Insta at on 757

APPENDIX C

Add t ona Resources 759

APPENDIX A

Introduction to Networks If you’ ve ever made a phone ca or used a bank ATM, you’ve a ready exper enced us ng a network After a , a network s s mp y a co ect on of computers and per phera dev ces that can share fi es and other resources The connect on can be a cab e, a te ephone ne, or even a w re ess channe The Internet tse f s a network—a g oba network made up of a the computers, hardware, and per phera s connected to t

Your bank’s ATM cons sts of hardware and software connected to centra computers that know, among other th ngs, how much money you have n your account When you ca cross-country or just across town, te ephone company software makes the connect on from your phone to the phone you’re ca ng through mu t p e sw tch ng dev ces It’s someth ng we do every day, w thout th nk ng about the comp cated processes beh nd the scenes Both the te ephone networks and the ATM networks are ma nta ned by techn c ans and eng neers who p an, set up, and ma nta n a the software and hardware; however, the assumpt on under y ng M crosoft W ndows Sma Bus ness Server (SBS) s that there sn’t anyone ded cated fu t me to ma nta n ng the network and ts operat ng system Instead, W ndows Sma Bus ness Server prov des the W ndows SBS Conso e —a un fied adm n strat ve nterface des gned to meet the needs of sma bus nesses and s mp fy your cho ces

Servers A server s a computer that prov des serv ces It’s rea y just that s mp e The d fficu ty comes when peop e confuse the phys ca box that prov des the serv ce w th the actua serv ce Any computer or dev ce on a network can be a server for a part cu ar serv ce A server doesn’t even need to be a computer n the trad t ona sense For examp e, you m ght have a pr nt server that s noth ng more comp cated than a dev ce connected to the network on one s de and connected to a pr nter on the other The dev ce has a t ny tt e bra n w th just enough nte gence to understand when a part cu ar network packet s ntended for t and trans ate those packets nto someth ng that the pr nter can understand

751

In W ndows Sma Bus ness Server 2011 Standard, usua y a s ng e computer acts as the phys ca server box (though you can have secondary servers), but that box prov des a var ety of serv ces to the network beyond the usua fi e and pr nt serv ces These serv ces meet your core bus ness needs, nc ud ng authent cat on and secur ty, ema and co aborat on, an Internet connect on, shar ng, fax ng, and even database serv ces and a fu -featured firewa n the Prem um Add-on

Clients A client s anyth ng on the network that ava s tse f of a server’s serv ces C ents are usua y the other computers on the network The c ent computers typ ca y pr nt to network pr nters, read ema , work on shared documents, connect to the Internet, and genera y use serv ces that aren’t ava ab e on the c ent computer tse f C ents aren’t usua y as powerfu as servers, but they’re perfect y capab e computers on the r own

Media Connecting Servers and Clients Another port on of a network s the actua network med a that connects the var ous servers and c ents to each other Th s med a nc udes both the network cards that are part of the server or c ent and the phys ca w re (or w re ess connect on) between them and the var ous other components nvo ved, such as hubs, routers, and sw tches When a these med a components work as they shou d, we pretty much forget about th s port on of the network and take t for granted But when a fa ure of one component of the network med a occurs, we face troub eshoot ng and repa rs that can be both frustrat ng and expens ve—a good reason to buy on y h gh-qua ty network components from vendors and dea ers who support the r products

Features of the Windows Operating System The W ndows Server 2008 R2 operat ng system that under es W ndows Sma Bus ness Server s a proven, re ab e, and secure operat ng system w th the features to run a bus ness of v rtua y any s ze W th SBS 2011, the operat ng system and server components have been spec fica y tuned to support from 5 to 75 users n a sma bus ness env ronment, w th a the server funct ons res d ng on a s ng e computer

752 APPENDIX A


Some of the features that make W ndows Server 2008 R2 dea for a sma bus ness server nc ude ■

Easy nsta at on that s a most fu y automated n W ndows Sma Bus ness Server

■

A robust yet easy-to-adm n ster secur ty mode us ng Act ve D rectory

■

The NTFS fi e system, wh ch fu y supports ong fi e names, dynam c error recovery, shadow cop es, user space m tat ons, and secur ty

■

Support for a broad range of hardware and software

Domains and Workgroups M crosoft prov des for two d fferent network ng mode s n ts operat ng systems workgroups and doma ns W ndows Sma Bus ness Server supports on y the doma n mode of M crosoft network ng, but t’s worthwh e to go over why th s dec s on makes sense, even n a very sma bus ness

Do Workgroups Work? M crosoft ntroduced the concept of the workgroup n 1992 w th W ndows for Workgroups The workgroup s a og ca group ng of severa computers whose work or users are connected and who want to share the r resources w th each other Usua y, a the computers n a workgroup are equa , wh ch s why such setups are referred to as peer-to-peer networks Workgroup networks are appea ng because they’re easy to set up and ma nta n Ind v dua users manage the shar ng of the r resources by determ n ng what w be shared and who w have access A user can a ow other users to use a pr nter, a CD-ROM dr ve, an ent re hard dr ve, or on y certa n fi es The d fficu ty ar ses when t’s necessary to g ve d fferent eve s of access to d fferent users Passwords can be used for th s purpose n a m ted way, but as the network gets arger, passwords pro ferate, and the s tuat on becomes ncreas ng y comp cated Users who are requ red to have numerous passwords start us ng the same one over and over or choose passwords that are easy to remember and therefore easy to guess, and there s no way to enforce a m n mum password qua ty eve If someone eaves the company to work for the company’s b ggest compet tor, passwords have to be changed and everyone n the workgroup has to be not fied of the new passwords Secur ty, such as t s, fa s apart Another prob em that occurs when a workgroup becomes too arge s that users have d fficu ty ocat ng the resources they need The nforma nature of workgroups a so means that centra zed adm n strat on or contro s nonex stent Everyth ng has to be configured computer by computer Th s ack of centra adm n strat on and contro , a ong w th the m ted secur ty, makes the workgroup mode a bad cho ce for a but the home network

Domains and Workgroups

APPENDIX A 753

Defining Domains To prov de a secure and easy-to-manage env ronment that takes fu advantage of Act ve D rectory and the co aborat ve features of M crosoft Exchange 2010 and the other components of SBS, M crosoft made the dec s on to use a doma n-based network ng env ronment Management s s mp fied and centra zed on the server, reduc ng the comp ex ty and secur ty prob ems caused by hav ng to manage users, resources, and passwords across mu t p e c ents A domain s rea y just a type of workgroup that nc udes a server—but a server that manages and adm n sters a of the users and computers n the network It s a og ca group ng of users who are connected by more than the cab es between the r computers The goa of a doma n s to et users share resources w th n the group and to make t eas er for the group to work However, the key d fference s that Act ve D rectory—and the server t runs on— manages, cata ogs, and secures the users, groups, computers, and resources for the ent re network, prov d ng a s ng e po nt of adm n strat on and contro

Additional Users When add ng a new user to the doma n, you won’t need to go around to each computer and enter a the nformat on As the adm n strator, you can s mp y connect to the server and add the new user, us ng the W ndows SBS Conso e You can create the user’s ma box, set up a home fo der, add the user to secur ty and d str but on groups, configure h s or her SharePo nt access, set up d sk quotas, and even configure a c ent computer—a w th on y a few c cks and the enter ng of the user name and password The change w be mmed ate y seen across the ent re doma n A users, nc ud ng the newest, can get at the r resources no matter wh ch computer s be ng used Perm ss on to access resources s granted to nd v dua users (or a group of users), not to nd v dua computers And when you need to restr ct access to a sens t ve document or d rectory, you need to og on to on y a s ng e workstat on to make the change across the ent re doma n You can eas y and qu ck y grant or restr ct access by nd v dua user or by groups of users

754 APPENDIX A


Access Control In a workgroup, there are m tat ons on shar ng your computer’s resources w th the rest of the workgroup At the s mp est eve , you can e ther share the resource or not share t Beyond that, you can requ re a password for a part cu ar eve of access to the resource Th s enab es on y a very m ted ab ty to contro access to the resource, and v rtua y none f your computer s phys ca y access b e to anyone but yourse f W ndows Sma Bus ness Server prov des discretionary access control, wh ch a ows, for examp e, some users to create a document or make changes to an ex st ng one wh e other users can on y read the document and st other users can’t even see t You can set access for ■

An nd v dua fi e or fi es w th n a d rectory

■

The ent re d rectory

W ndows Sma Bus ness Server ets you make se ect ons as fine or as coarse as needed and makes the adm n strat on of secur ty easy to manage

Domain Components An SBS doma n has at east two ma n components and an opt ona th rd component ■

Doma n contro er

■

Member server (opt ona )

■

Workstat ons or c ents

Let’s take a ook at these components

Domain Controller The ma n computer n the SBS doma n s the domain controller In many f not most SBS doma ns, the doma n contro er s the on y server It hosts Act ve D rectory and a the components of SBS, as we as act ng as the fi e and pr nt server for the doma n A computers n the doma n must authent cate to the doma n contro er, and a doma n secur ty s contro ed by t

Member Servers In some arger SBS doma ns, add t ona W ndows Server 2008 R2 computers m ght be n the doma n SBS 2011 nc udes a second server as part of the Prem um Add-On These computers can be used to spread some of the network’s resource oad around so that the doma n contro er doesn’t carry the who e oad, and the Prem um Add-On nc udes SQL Server 2008 R2 Standard for Sma Bus ness, wh ch can be nsta ed on e ther the second serve, or the ma n SBS server

Domains and Workgroups

APPENDIX A 755

Another reason you m ght have an add t ona member server n your SBS doma n s to host W ndows Remote Desktop Serv ces Remote Desktop Serv ces a ows you to use nexpens ve, eas y managed desktop computers and term na s whose on y funct on s to run app cat ons d rect y on the Remote Desktop (RD) Sess on Host computer The RD Sess on Host prov des the d sk space and a the app cat ons that the user has, wh e the term na or computer of the user s mere y a d sp ay and conso e (keyboard and mouse) Centra z ng app cat ons onto an RD Sess on Host can dramat ca y reduce costs and s mp fy adm n strat on n some scenar os However, for secur ty reasons, Remote Desktop Serv ces cannot be run from the ma n SBS server, so f you use Remote Desktop Serv ces, you’ need at east one add t ona server on your network

Workstations or Clients A the W ndows c ents of an SBS network must be runn ng W ndows XP SP3 or ater, but n most networks they w be runn ng W ndows 7 If you have any workstat ons runn ng ear er vers ons of W ndows, they are no onger supported and shou d be upgraded You can a so have Mac and even UNIX or L nux c ents, but the r ab ty to ntegrate fu y w th the SBS network w be m ted W ndows c ents must be runn ng a bus ness-c ass vers on of W ndows Spec fica y, W ndows XP Profess ona , W ndows XP Tab et PC Ed t on, W ndows V sta Bus ness, W ndows V sta Enterpr se, W ndows V sta U t mate, W ndows 7 Profess ona , W ndows 7 Enterpr se, and W ndows 7 U t mate

756 APPENDIX A


APPENDIX B

Automating Installation You can almost completely automate the nsta at on of M crosoft W ndows

Sma Bus ness Server (SBS) 2011 Standard Th s s a defin te change from Sma Bus ness Server 2003, where the eve of automat on was m ted to the base operat ng system on y But w th SBS 2011, you can use the SBS Answer F e Generator (d scussed n Chapter 5, “Insta ng W ndows Sma Bus ness Server 2011,” and Chapter 7, ”M grat ng to W ndows Sma Bus ness Server 2011 Standard”) to comp ete y automate the SBS port on of the nsta at on For automat ng the base W ndows Server 2008 R2 nsta at on, you need to use the W ndows 7 Automated Insta at on K t (AIK), wh ch you can down oad from http:// www.microsoft.com/downloads/details.aspx?FamilyID=c7d4bc6d-15f3-4284-9123679830d629f2&DisplayLang=en For comp ete y automat ng the nsta , you’ need a server runn ng W ndows Dep oyment Serv ces, and your network card n the target server w need to support Preboot Execut on Env ronment (PXE) boot (Th s means that you’ need to use a Legacy Network Adapter f bu d ng SBS 2011 n a v rtua env ronment because the h gh-speed synthet c NIC n Hyper-V doesn’t support PXE ) You’ use an unattend xm fi e to define what s actua y nsta ed The creat on of th s fi e and the deta s n t are covered at ength n the W ndows Automated Insta at on K t documentat on ava ab e at http://www.microsoft.com/downloads/en/details. aspx?FamilyID=F1BAE135-4190-4D7C-B193-19123141EDAA But un ess you’re do ng a ot of dent ca SBS nsta at ons, we rea y th nk th s s overk The cr t ca nsta at on features and steps—the ones that take up your t me—are a ready hand ed as part of the norma SBS nsta at on n SBS 2011, and you can comp ete y automate that process us ng the SBS Answer F e Generator The actua operat ng system nsta at on s a matter of a few c cks After you’ve done that and se ected the hard d sk to nsta on, you’re done The nsta at on w proceed automat ca y If you’ve put your sbsanswerfi e xm where t can be found, the SBS port on of the nsta at on w take over automat ca y and cont nue as soon as W ndows Server 2008 R2 s nsta ed

757

Our overa op n on s that automat ng the nsta at on beyond what the SBS Answer F e Generator does s probab y go ng to cost more t me than t saves un ess you’re n a ab env ronment or a host ng env ronment where you are dep oy ng at east dozens of SBS servers to make t worth the effort Where you can save t me and effort, however, s automat ng the dep oyment of c ent computers Us ng the M crosoft Dep oyment Too k t (MDT) 2010 (http://www.microsoft.com/ downloads/en/details.aspx?FamilyID=3BD8561F-77AC-4400-A0C1-FE871C461A89), you can comp ete y automate the dep oyment of new, ready-to-use W ndows 7 workstat ons comp ete w th app cat ons, or automate the upgrade of ex st ng W ndows computers to W ndows 7 and M crosoft Office 2010

758 APPENDIX B

Automating Installation

APPENDIX C

Additional Resources Book s are great. They ’re easy to use and very portab e We ove books They are,

however, comp ete y stat c and when you need nformat on on the atest secur ty threat or he p w th new app cat ons, there’s noth ng ke the Internet Th s append x sts webs tes and b ogs of use to M crosoft W ndows Sma Bus ness Server (SBS) 2011 users and consu tants F rst we prov de nks to M crosoft resources, fo owed by webs tes and b ogs ma nta ned by other compan es and know edgeab e nd v dua s

Microsoft Resources http://blogs.technet.com/msrc — M crosoft Secur ty Response Center http://blogs.technet.com/sbs — Offic a SBS b og http://blogs.technet.com/wsus — Latest nformat on on W ndows Server Update Serv ces (WSUS) http://blogs.technet.com/mu — M crosoft Update Product Team nformat on http://blogs.technet.com/sus — The WSUS Support Team b og http://blogs.msdn.com/ie — IEB og The W ndows Internet Exp orer Web og http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory — M crosoft TechNet Secur ty TechCenter http://feeds.feedburner.com/MicrosoftDownloadCenter — M crosoft Down oad Center http://www.microsoft.com/mscorp/execmail — M crosoft Execut ve E-Ma Ins ghts from M crosoft execut ves about techno ogy and pub c-po cy ssues mportant to computer users http://blogs.msdn.com/MainFeed.aspx — M crosoft MSDN b ogs http://windowsteamblog.com — W ndows Team b og http://msexchangeteam.com — The M crosoft Exchange Team b og http://blogs.msdn.com/sqlblog — M crosoft SQL Server Support B og

759

Other Resources for SBS Users and Consultants A the s tes sted here have been found to be nformat ve and usefu However, as w th a Internet resources, you must use your judgment and th nk cr t ca y about what adv ce to fo ow http://msmvps.com/bradley — The SBS D va The first p ace we go for answers (and often the ast) http://www.eventid.net — Event deta s and genera techn ca he p http://feeds.feedburner.com/smbitprosposts — SMBITPro Sma and Med um Bus ness (SMB) IT profess ona s http://blogs.msdn.com/aaron margosis — Aaron Margos s’ Web Log The Non-Adm n b og runn ng w th east pr v ege on the desktop http://msmvps.com/blogs/donna/rss.aspx — Donna’s Secur tyF ash PC and Internet secur ty b og http://blogs.iss.net/rss.php — Frequency X Stra ght dope on the vu nerab ty du jour from IBM Internet Secur ty Systems http://computer.forensikblog.de/en/atom.xml — Int for(ens c) b og Notes on computer forens cs, nternat ona ed t on http://msinfluentials.com/blogs/jesper/rss.aspx — Jesper’s B og by Jesper Johansson, the author of Windows Server 2008 Security Resource Kit (M crosoft Press, 2008) http://www.smallbizserver.net — Frequent y asked quest ons about SBS Server http://www.loglogic.com/blog — Everyth ng about keep ng and us ng secur ty ogs http://www.viruslist.com/en/rss/latestanalysis — A about Internet secur ty http://msmvps.com/blogs/mainfeed.aspx — B ogs by current and former M crosoft Most Va uab e Profess ona s http://sbs.seandaniel.com/rss.xml — Informat on about SBS and re ated techno ogy http://www.symantec.com/content/en/us/enterprise/rss/securityresponse/srblogs.xml — Symantec Secur ty Response b ogs http://smallbizthoughts.blogspot.com/feeds/posts/default?alt=rss — Sma B z Thoughts; ntended pr mar y for sma bus ness consu tants http://feeds.trendmicro.com/MalwareAdvisories — TrendM cro’s Newest Ma ware Adv sor es http://www.smallbiztrends.com — Sma Bus ness Trends, an on ne pub cat on for sma bus ness owners, entrepreneurs, and the peop e who nteract w th them http://blogs.msmvps.com/russel — Char e’s b og Devoted to server ssues n genera , w th a hea thy dose of PowerShe thrown n http://social.technet.microsoft.com/wiki/contents/articles/windows-powershell-survival-guide.aspx — The W ndows PowerShe Surv va Gu de

760 APPENDIX C

Additional Resources

Index

Symbols $ (do ar s gn) appended to shares, 235, 238 16 b t app cat ons, not supported, 17 32 b t app cat ons, support for, 16 17 32 b t arch tecture, 2 for c ent computers, 17 18 m ted RAM access w th, 2, 10 12 64 b t arch tecture, 2, 9 18 32 b t app cat on support w th, 16 17 for c ent computers, 17 18 dr ver requ rements for, 15 hardware requ rements for, 15 ncreased RAM access w th, 2, 10 12 egacy software, potent a prob ems w th, 16 17 reg sters w th, 12 secur ty w th, 13 14 trans t on ng to, 9 10 v rtua zat on w th, 14 15, 82 100BaseT (Fast Ethernet), 25, 26 500 account, 77, 139 142 802.1X standard (RAD US authent cat on), 31, 34, 510 802.11a standard, 28 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 802.11b standard, 27 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 802.11g standard, 28 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 802.11 standard (WPA2 encrypt on), 31, 43, 508 509, 510

802.11n standard, 28 for nternet connect on, 24 for network, 26 range and nterference ssues, 32

A acceptab e use po cy, 307 308 access contro , 755. See also perm ss ons; secur ty; shared resources access po nt (AP), w re ess, 31 33 antennas for, 31 authent cat on for, 31 br dges and, 31 bu t n to firewa , 34 bu t n to router, 31 channe s for, 33 nterference of, 32 p acement of, 32 33 range of, 32 requ rements for, 31 secur ty for, 31, 509 supp ement ng w red network, 25 Access Th s Computer From The Network, ogon r ght, 240 Account Operators doma n oca group, 210 accounts adm n strator accounts, 76, 77, 139 142 computer accounts, 338 POP3 ema accounts, 474 478 serv ce accounts, SQL Server, 668 Standard User doma n accounts, 348 349 user accounts add ng, 217 221, 338, 754 computer access, grant ng, 221 m grat ng, 166 170

761

Active Directory

Act ve D rectory configur ng, for m grat on, 127 129 pub sh ng software to, 561 562 Act ve D rectory Doma ns and Trusts, 465 Act ve D rectory Serv ces nterface (ADS ) Ed tor, 465 Act ve D rectory S tes and Serv ces, 465 Act ve D rectory Users and Computers, 465 Act veX contro s, 32 and 64 b t, 16 Addftroot command, Dfsut , 284 285 Add Hardware W zard. Contro Pane , 466 addresses DHCP addresses eased, v ew ng, 497 498 ema addresses for add t ona doma n name, 486 492 for d str but on groups, 205 for secur ty groups, 207, 423 for user account, 217 P address range for, sett ng for m grat on, 119, 123 124 stat c, 25, 498 499 Addstdroot command, Dfsut , 284 285 addtarget parameter, Wbadm n, 417 Add WBBackupTarget cmd et, PowerShe , 413 Add WBBareMeta Recovery cmd et, PowerShe , 414 Add WBF eSpec cmd et, PowerShe , 413 Add WBSystemState cmd et, PowerShe , 414 Add WBVo ume cmd et, PowerShe , 413 Add W ndowsFeature cmd et, PowerShe , 86, 456 ADM N$ spec a share, 235 adm n strat ve shares, 235 236 Adm n strator 500 account, 77, 139 142 adm n strator accounts, 76, 77, 139 142. See also Stan dard User doma n accounts Adm n strators doma n oca group, 210 Adm n Too s Group un versa group, 209 ADS (Act ve D rectory Serv ces nterface) Ed tor, 465 Ads ed t.msc too , 465 ADSL (Asynchronous D g ta Subscr ber L ne) nternet connect on, 24 ADUC (Act ve D rectory Users and Computers) conso e, 458 Advanced Encrypt on Standard. See AES Advanced Techno ogy Attachment. See ATA AES (Advanced Encrypt on Standard), 509 A K (Automated nsta at on K t), 757 758 a erts, 585 588 custom, creat ng, 588 595

762

for backup fa ure, 594 595 event assoc ated w th, 590 GU D for, 589 590, 594 595 report for, generat ng, 592 593 for stopped serv ce, 589 593 v ew ng, 593 .xm fi e for, 591 593, 594 595 Event Log Error a erts, 588 Performance Counter a ert, 587 serv ces a erts, 586 587 a Cr t ca parameter, Wbadm n, 417 a ocat on un t, 244, 261 A owed RODC Password Rep cat on Group doma n oca group, 210 A ow Logon Loca y, ogon r ght, 240 A ow Logon Through Term na Serv ces, ogon r ght, 240 AMD processors, compat b ty w th nte , 15 Ana ys s Serv ces, SQL Server, 667 answer fi e for c ean nsta , 78 79 for m grat on, 142 145 ant spyware software, 41 ant v rus software, 41 AP (access po nt), w re ess. See access po nt (AP), w re ess AP C ent br dges, 31 Append Data fi e perm ss on, 226, 227 app cat on buffer overflow, 13 14 app cat ons 16 b t app cat ons, not supported, 16 17 32 b t app cat ons, support for, 16 17 dep oy ng, w th Group Po cy, 560 568 add ng to GPO, 567 568 ass gn ng to users, 561 562 creat ng GPO for, 563 564 d str but on po nt for, 562 563 nsta at on opt ons for, 564 566 pub sh ng to Act ve D rectory, 561 562 dep oy ng w th RemoteApp Manager, 695 700 egacy software, potent a prob ems w th, 16 17 recover ng from backups, 404 406 runn ng remote y. See RemoteApps unrespons ve, hand ng, 716 717 updates to a erts regard ng, on SBS Conso e, 199 assess ng vu nerab t es and pr or ty for, 366 ava ab ty of, determ n ng, 367 368

Business Intelligence Development Studio, SQL Server

configur ng for second server, 644 648 cyc e for, 365 370 dec ned, dep oy ng after, 378 379 dec n ng, 376 dep oy ng, 369 370, 376 380 dep oyment reports for, 379 EULA (End User L cense Agreement) for, 376 eva uat ng need for, 368 369 mportance of, 364 managed by WSUS, 115, 370, 381 M crosoft s schedu e for, 365 for SQL Server, 662 synchron zat on of, 380 types of, 363 364 VPN for, 538 Appw z.cp too , 466 Asynchronous D g ta Subscr ber L ne. See ADSL nternet connect on aud o capab t es, for RDS, 685, 686 688 aud o fi es, contro ng use of, 307 308 AuthAnv OTP tokens, 42 AuthAnv RWA agent, 532 533 authent cat on Password Po c es for, 41 passwords for adm n strator account, 77, 140, 143 for bu t n doma n oca groups, 210 OTP (one t me password), 42 43, 353, 532 for POP3 ema accounts, 475 for SQL Server serv ce accounts, 668 for Standard User doma n account, 349 for trusted cert ficate, 197 for user account, 218 219 for W ndows Server, 635 for workgroups, 753 for RDS (Remote Desktop Serv ces), 682 TFA (Two Factor Authent cat on), 34, 508 for RWA (Remote Web Access), 352 353, 531 533 mp ement ng, 42 43 for w re ess access po nts, 31 Author zat on Manager, 465 Automated nsta at on K t. See A K auto quotas, 300, 301 302 aux ary generator, 53 54 ava ab ty, ma nta n ng. See d saster p ann ng; fau t to erance Azman.msc too , 465

B Backup Once W zard, 395 399 Backup Operators doma n oca group, 210 backups, 4 a erts regard ng, on SBS Conso e, 199 cata og for, restor ng, 411 412 configur ng chang ng configurat on, 388 391, 395 for c ent computers, 422 434 for second server, 649 w th Configure Server Backup W zard, 383 384, 385 391 w th Wbadm n command, 416 422 w th W ndows Server Backup conso e, 391 395 w th W ndows.Serverbackup PowerShe snap n, 413 416 for d saster p ann ng, 743 of ex st ng server, before m grat on, 115 fa ure of, custom a ert for, 594 595 of GPOs (Group Po cy objects), 559 560 hardware requ rements for, 35 h story for, v ew ng, 391 one backup, perform ng, 395 399 recover ng app cat ons and data, 404 406 fi es and fo ders, 401 404 operat ng system, 406 411 server, 400 vo umes, 400 401 schedu e for, 387, 390, 392 393 storage ocat ons for, 386, 388 389, 393 too s for, 383 384, 412 backupTarget parameter, Wbadm n, 417 bandw dth, of nternet connect on, 22 23 Base ne Configurat on Ana yzer 2.0, 114 bas c d sks, 245, 250, 252 Best Pract ces Ana yzer. See BPA B gF x, 381 B ND, vu nerab t es n, 506 B OS, for VM (v rtua mach ne), 101 B tLocker, 41 BPA (Best Pract ces Ana yzer), 114, 130 133 br dges, w re ess, 31, 33 browser, secur ty of, 41 buffer overflow, 13 14 Bus ness nte gence Deve opment Stud o, SQL Server, 667

763

cable, for network

C cab e, for network, 27 cab e nternet connect on, 24 cab e modem, 29 cache corrupt on attack, 506 CAL (C ent Access L cense) for SBS 2011, max mum number of, 70 for RDS (Remote Desktop Serv ces), 677 678 Cat 5 cab e, 26, 27 Cat 5e cab e, 26, 27 Cat 6 cab e, 26, 27 Cata og Recovery W zard, 400, 411 412 CE CW (Configure E Ma and nternet Connect v ty W zard), 495, 519, 543. See also FMNW (F x My Network W zard) CE P (Customer Exper ence mprovement Program), 646 647 Cert ficate Author ty Manager, 465 Cert ficate Serv ce DCOM Access doma n oca group, 210 Cert ficates Manager, 465 cert ficates, trusted, 193 198 export ng, 195 197 mport ng, 197 198 for m grat on, 143 purchas ng, 194 195 Cert ficat on Temp ates Conso e, 465 Certmgr.msc too , 465 Cert Pub shers doma n oca group, 210 Certsrv.msc too , 465 Certtmp .msc too , 465 Change Perm ss ons fi e perm ss on, 226, 227 Change share perm ss on, 224 ch d (guest) part t on, for Hyper V, 15, 83 C ent Access L cense. See CAL c ent computers, 752 accounts for, creat ng, 338 automat ng dep oyment of, 758 backups for, 422 434 configur ng for DHCP, 338 341 connect ng to network, 337 351 w th Connect Computer W zard, 342 349 manua y, 349 351 exc ud ng from automat c software updates, 374 375 hardware requ rements for, 36 oca access to, contro ng, 357 358 manag ng, 354 361

764

nam ng, 39 operat ng system for, 17 18, 21, 36, 337, 349, 350 remote access to. See also RWA (Remote Web Access) connect ng remote y, 360 361 contro ng, 356 357 Remote Ass stance on, prov d ng, 358 359 remov ng from network, 361 requ rements for, 756 secur ty for, 41 status of, v ew ng, 354 356 user access to, sett ng, 524 526 c ent/server based network, 20 c ents, W ndows. See also W ndows Server 2003; W ndows Server 2008 R2 Standard for c ent computers, 17 18, 36, 756 DFS namespace requ rements for, 278 279 secur ty of, 41 W ndows 7 for c ent computers, 18 configur ng for DHCP, 339 341 connect ng to network, 342 349 shar ng pr nter connected to, 325 trans t on ng to, 9 W ndows 2000, connect ng to network, 349 350 W ndows V sta for c ent computers, 18 configur ng for DHCP, 339 341 connect ng to network, 342 349 shar ng pr nter connected to, 324 W ndows XP for c ent computers, 18 configur ng for DHCP, 341 connect ng to network, 342 349 shar ng pr nter connected to, 325 C ent Too s Backwards Compat b ty, SQL Server, 667 C ent Too s Connect v ty, SQL Server, 667 C ent Too s SDK, SQL Server, 667 c pboard, for VM (v rtua mach ne), 106 107 c ock sett ngs, 74 c usters, 261. See also a ocat on un t fa over c uster ng, 661, 662, 663, 664 Hyper V Server support ng, 86 server c uster, stand a one namespace on, 277, 283 Code Red worm, 13 co aborat on DFS rep cat on for, 280 FRS for, 280 SharePo nt Foundat on 2010 for, 280, 597 606

data execution bit. See DEP bit

COM (Common Object Mode ), 16 Comexp.msc too , 465 command ne shortcuts, 465 Comma Separated Va ues (CSV), storage reports n, 296 Common Object Mode . See COM company nformat on, sett ng at nsta at on, 75 Companyweb SharePo nt s te, 111, 597 598 chang ng perm ss ons for sect on of, 602 606 m grat ng, 165 RemoteApps nks on, 613 624 workspace, add ng, 606 613 Compmgmt.msc too , 465 Component Serv ces Conso e, 465 COM ports, for VM (v rtua mach ne), 102, 105 compress on, 262 Computer Management Conso e, 465 computers. See c ent computers; servers Configure E ma and nternet Connect v ty W zard (CE CW), 495, 519, 543. See also FXMN (F x My Network W zard) Configure Server Backup W zard configur ng server, 385 391 requ rements for, 383 384 confl ct fo der, DFS rep cat on, 295 Connect Computer W zard, 342 349 connect v ty to nternet, 22 25, 182 184 oca , 495 DHCP for, 496 503 DNS for, 503 507 W ndows F rewa for, 511 519 w re ess, 508 510 remote. See RDS (Remote Desktop Serv ces); Remote Apps; RWA (Remote Web Access); VPN (v rtua pr vate network) troub eshoot ng, w th FMNW, 519 520, 542 546 conso es, command ne shortcuts for, 465 constant vo tage transformer. See CVT contacts n Act ve D rectory, enab ng, 480 484 add ng, 484 486 creat ng, 458 461 OU (organ zat ona un t) for, 459, 486 Contr bute perm ss on, SharePo nt, 600 601 cost of NAS (Network Attached Storage), 248 of OTP (one t me password), 353, 532

of pr nters, 315, 316 317 of RA D, 61 of WMS as a ternat ve to Prem um Add on, 655 CPU cores, m ts of, 11 CPU sockets, m ts of, 11 CPUs (processors) c ent requ rements for, 36 nte and AMD, compat b ty between, 15 mon tor ng, 712 714 performance of, 6 reg sters on, 12 13 requ rements for, 6, 7 server requ rements for, 35 for VM (v rtua mach ne), 101, 102 103 Create F e fi e perm ss on, 226 Create Fo ders fi e perm ss on, 226, 227 cr t ca updates, 363 CryptoCard OTP tokens, 42 Cryptograph c Operators doma n oca group, 210 Cscr pt command, 327 CSV (Comma Separated Va ues), storage reports n, 296 Customer Exper ence mprovement Program. See CE P Customer Feedback Opt ons, 184 custom topo ogy, 281 CVT (constant vo tage transformer), 51, 52

D data app cat on data, recover ng from backup, 404 406 back ng up. See backups n fi es and fo ders, recover ng from backup, 401 404 m grat ng to SBS 2011, 146 178 Database Eng ne Serv ces, SQL Server, 667 data co ector sets, 721 727 creat ng from a temp ate, 721 723 creat ng from performance counters, 723 724 creat ng manua y, 724 725 export ng temp ates for, 723 mport ng temp ates for, 723 og fi es from, 729 730 manag ng data co ected by, 727 730 for mon tor ng performance counters, 725 726 reports from, 730 731 schedu ng data co ect on for, 726 727 data execut on b t. See DEP b t

765

Data Manager, configuring for data collector sets

Data Manager, configur ng for data co ector sets, 727 729 Date and T me, Contro Pane , 466 Dcpromo.exe app cat on, 127 De ete fi e perm ss on, 226, 227 De ete Subfo ders and F es fi e perm ss on, 226, 227 De Remote Access Card. See DRAC den a of serv ce (DoS) attack, 33 Den ed RODC Password Rep cat on Group doma n oca group, 210 DEP (data execut on protect on) b t, 13 Des gn perm ss on, SharePo nt, 599 Desk.cp too , 466 Deta ed Network Report, 580, 582 584 Dev ce Manager, 465 Devmgmt.msc too , 465 dfsAuth parameter, Wbadm n, 417 Dfscmd ut ty back ng up fo der targets, 289 creat ng a fo der, 286 DFS (D str buted F e System), 275 277 fo ders, 276 add ng, 285 287 for software d str but on po nt, 562 563 rep cat ng, 291 fo der targets, 276 277, 289 manag ng. See FSRM (F e Server Resource Manager) namespace root, 276 creat ng or open ng, 283 285 namespaces, 275, 276 cache durat on, chang ng, 287 288 c ent requ rements for, 278 279 doma n based, 277 fa back sett ngs, chang ng, 287 288 perm ss ons, chang ng, 288 289 po ng sett ngs, chang ng, 289 pub sh ng shared fo der to, 233 referra sett ngs, chang ng, 287 288 server requ rements for, 278 stand a one, 277 namespace server, 276, 285 rep cat on, 275 276, 290 296 compared to FRS, 279 280 confl ct fo der, 295 confl ct reso ut on, 290 hea th report for, 295 of fo ders, 291 requ rements for, 279

766

stag ng fo der, 295 topo og es for, 280 topo ogy for, ver fy ng, 295 rep cat on groups creat ng, 290, 292 294 for branch office, creat ng, 292 293 manag ng, 288 289 mu t purpose, creat ng, 293 294 DFS Management creat ng a rep cat on group, 292 294 fo ders, add ng, 285 287 nsta ng, 281 283 manag ng rep cat on groups, 294 296 namespace root, creat ng or open ng, 283 285 namespace server, add ng, 285 rep cat ng a fo der, 291 rep cat on groups, creat ng, 290 DFS Rep cat on ro e serv ce, 279 Dfsut ut ty add ng a namespace server, 285 creat ng namespaces, 284 285 opt m z ng namespace for sca ab ty, 289 DHCP conso e, 465 DNS updates, enab ng, 502 503 exc us ons, creat ng, 498 499 eased addresses, v ew ng, 497 498 opt ons, sett ng, 501 502 reservat ons, creat ng, 500 501 DHCP (Dynam c Host Contro Protoco ), 496 503 addresses eased, v ew ng, 497 498 configur ng computers for, 338 341 DNS updates, enab ng, 502 503 exc us ons creat ng, 498 499 opt ons scope of, 497 sett ng, 501 502 reconfigur ng, for m grat on, 117 118 reservat ons add ng, 462 464 creat ng, 499 501 scope of, 497 Dhcpmgmt.msc too , 117, 465 DHCP servers, 496, 497 DHTML (Dynam c HTML), storage reports n, 296 d a up nternet connect on, 24 d fferenc ng d sks, 104

DNS (Domain Name Service)

d rectory quotas, 300 306 creat ng, 301 302 quota temp ates, 300 creat ng and ed t ng, 303 306 for shared fo ders, sett ng, 232 types of, 300 v ew ng and manag ng, 302 303 d sab e backup subcommand, Wbadm n, 420 d saster p ann ng, 733 734. See also fau t to erance backups for, 743 esca at on procedures, 739 740 fau t to erance, ensur ng, 742 generators, 53 54 hard cop es of procedures for, 738 739 terat ve process of, 733 734, 741 742 recover ng from backups, 743 747 resources for, dent fy ng, 736 responses deve op ng, 736 740 test ng, 740 r sks, dent fy ng, 735 736 s ze of bus ness affect ng, 734 SOPs (standard operat ng procedures) for, 737 739 v rtua zat on, cons derat ons for, 747 748 d scuss ons, SharePo nt, 599 d sk management, 243 246. See also backups; DFS; fi e system; FSRM; hard d sks; SharePo nt Founda t on Serv ces 2010 part t ons, 244 add ng, 253 263 compared to vo umes, 252 de et ng, 262 extended part t on, 244, 250, 263 GPT (GU D Part t on Tab e) for, 244 for Hyper V v rtua zat on, 14 15, 83 84, 107 109 og ca dr ves on, 245 MBR (Master Boot Record) for, 244 p ann ng, 67 68 pr mary part t on, 244, 250 storage so ut on techno og es, 246 249, 251 252, 253 254, 271 272 types of d sks, choos ng, 252 v rtua hard d sk mount ng, 272 273 vo umes, 244, 250 add ng, 253 263 compared to part t ons, 252 de et ng, 262

extended vo ume, 245 og ca dr ve/vo ume, 245 m rror vo ume, 267 271 mount ng, 273 274, 274 nam ng, 272 RA D 0 (str p ng), 245, 250 RA D 1 vo ume, 250, 259 262 RA D 5 vo ume, 246, 250, 259 262, 271 272 recover ng from backup, 271 272 shr nk ng, 263 264 s mp e vo ume, 244, 255 259 spanned vo ume, 245, 250 spec a shares for, 235 236 D sk Management conso e, 250, 465 m rror add ng, 267 268 break ng, 271 remov ng, 269 271 part t ons, creat ng, 255 259 v rtua hard d sk mount ng, 272 273 vo ume mount ng, 274 RA D 1 or RA D 5, creat ng, 259 262 shr nk ng, 263 264 s mp e, creat ng, 255 259 D skmgmt.msc too , 250, 465 D skpart.exe app cat on, 250, 258, 259, 262, 635 d sk quotas, 300 d sk space c ent requ rements for, 36 server requ rements for, 6, 7, 35 d sp ay c ent requ rements for, 36 server requ rements for, 6, 7 D sp ay Sett ngs, Contro Pane , 466 D str buted COM Users doma n oca group, 210 D str buted F e System ro e serv ce, 281 d str but on groups, 203, 204, 205 206 DLLs, 32 and 64 b t, 16 DnsAdm ns doma n oca group, 210 DNS (Doma n Name Serv ce), 503 507 automat c management of, 503 504 ema rout ng, 470 471, 473 474 ookup zones for, 503 sp t DNS, 503 updates of enab ng from DHCP, 502 503

767

DNS forwarding

DNS forward ng m grat ng to SBS 2011, 157 root servers as defau t for, 505 sett ng to SP servers, 506 507 DNS Manager conso e, 465 DNS forward ng, sett ng, 506 507 DNS records, add ng, 504 505 Dnsmgmt.msc too , 465, 504 DNS po son ng attacks, 506 DNS records add ng, 191, 504 505 for nternet doma n name, 191 updates of, enab ng from DHCP, 502 503 DnsUpdateProxy g oba group, 212 do ar s gn ($) appended to shares, 235, 238 Doma n Adm ns g oba group, 212 doma n based namespaces, 277 Doma n Computers g oba group, 213 doma n contro ers, 755 mu t p e, 337 338 second server as, 627 Doma n Contro ers g oba group, 213 Doma n Guests g oba group, 213 doma n eve , for Act ve D rectory, 127 129 doma n oca scope, 208, 209 212 Doma n.msc too , 127, 465 doma n name ema add ng, 486 492 reg ster ng, 185 188 sett ng up, 188 193 nterna for network, 37 39, 75, 76 for second server, 641 644 nternet doma n name choos ng, 38, 185 DNS records for, 191 ex st ng, us ng, 188 191 manag ng, 190, 192 new, reg ster ng, 185 188 manag ng, 190 191 Doma n Profi e, for W ndows F rewa , 512 doma ns, compared to workgroups, 753 756 Doma n Users g oba group, 213 DoS (den a of serv ce) attack, 33 DRAC (De Remote Access Card), 62 dr vers nsta ng, 637

768

for pr nters, 325 326 requ rements for, 15, 628 s gned for authent c ty, 15, 628 Dsa.msc too , 465, 650, 678 DSL modem, 29 DSL over SDN. See SDL nternet connect on DSRM Adm n strator account, 77 Dss te.msc too , 465 dua WAN router, 62 Due , Char es H. (U.S. Patent Office), 1 dup ex ng, 246. See also m rror ng (RA D 1) DVD ROM dr ve, requ rements for, 6 dynam c d sks, 104, 245, 250 compared to fixed s ze d sks, 99 for software RA D, 55 when to use, 253 Dynam c Host Contro Protoco . See DHCP (Dynam c Host Contro Protoco ) Dynam c HTML (DHTML), storage reports n, 296 dynam c memory a ocat on, 102 103

E EFS (Encrypt ng F e System), 41 802.11a standard, 28 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 802.11b standard, 27 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 802.11g standard, 28 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 802.11 standard (WPA2 encrypt on), 31, 43, 508 509, 510 802.11n standard, 28 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 802.1X standard (RAD US authent cat on), 31, 34, 510 ema contacts add ng, 484 486 n Act ve D rectory, enab ng, 480 484

file system. See DFS (Distributed File System); FSRM (File Server Resource Manager)

DNS rout ng for, 470 471, 473 474 doma n name for reg ster ng, 185 188 sett ng up, 188 193 ema doma ns, add ng, 486 492 max mum message s ze, 493 494 POP3 ema accounts for, 474 478 SMTP forward ng w th Smart Host, 470, 471 473 ema addresses for add t ona doma n name, 486 492 for d str but on groups, 205 for secur ty groups, 207, 423 for user account, 217 ema d str but on groups. See d str but on groups emu at on v rtua zat on, 83 84 enab e backup subcommand, Wbadm n, 419 420 error report ng (feedback), 644 647 eSATA (Externa SATA), 249 Essent a s ed t on of SBS 2011, 1 Ethernet nternet connect on, 24 EULA (End User L cense Agreement), 376 Event Log Error a erts, 588 Event Log Readers doma n oca group, 210 Event V ewer, 465, 590 Eventvwr.msc too , 465 ExchangeDefender, 470 Exchange ma boxes, m grat ng, 133 134, 158 164 Exchange Management Conso e contacts add ng, 484 486 n Act ve D rectory, enab ng, 480 484 ema doma ns, add ng, 487 492 Exchange Server 2010, 5, 469 exc udeD sks parameter, Wbadm n, 417 Execute F e fi e perm ss on, 226 Extended Markup Language. See XML extended part t on, 244, 250, 263 extended vo ume, 245, 264 267 externa v rtua network, 91

F fa over c uster ng, 661, 662, 663, 664 Fast Ethernet (100BaseT), 25, 26 FAT32 fi e system format, 261 FAT fi e system format, 261 fau t to erance, 45. See also d saster p ann ng

dev ce hea th, not ficat on of, 50 for nternet connect on, 62 metr cs for, 46 47 power supp y, protect ng, 47 54 RA D for, 55 61 redundant network ng, 62 spare parts for, 48 49, 62 Fax Adm n strators un versa group, 209 fax data, m grat ng, 166 fax serv ce, 333 336 adm n strators of, sett ng, 336 configur ng, 334 336 modem for, nsta ng, 333 334 start ng, 334 users of, sett ng, 336 Fax Users un versa group, 209 features for W ndows Server 2008 R2, 441 add ng, 455 456 remov ng, 456 457 feedback (error report ng), 644 647 F bre Channe , 249 fi e groups, 311 313 fi e perm ss ons, NTFS, 41, 224 229 app ed to shared fo ders, 230 effect ve, v ew ng, 238 239 how app ed, 227 228 nher ted, 228 229 recommended sett ngs for, 223 for software d str but on po nt, 562 563 types of, 226 227 F e Rep cat on Serv ce. See FRS fi es. See also data compress on of, 262 Group Po cy Preferences for, 573 574 ownersh p of, 236 238 recover ng from backup, 401 404 fi e screens, 306 313 acceptab e use po cy and, 307 308 creat ng, 307 308 except ons to, 308 309 fi e groups and, 311 313 temp ates for, 309 311 F e Server Resource Manager. See FSRM F e Serv ces Manager, 465 F e Serv ces ro e, 279, 281, 296, 441 fi e storage. See d sk management; hard d sks fi e system. See DFS (D str buted F e System); FSRM (F e Server Resource Manager)

769

filtering. See also file screens

fi ter ng. See also fi e screens MAC address, 509 packets, 33 Resource Mon tor, 716 of webs tes, by firewa , 34 firewa access po nt bu t n to, 34 add ng, for m grat on, 111, 116 117, 124 125 d agramm ng, 30 requ rements for, 33 34 secur ng, 43 W ndows F rewa , 511 519 configur ng, for second server, 654 po c es, sett ng w th Group Po cy, 512 519 profi es for, 511 512 ru es for, 513 F rewa .cp too , 466 F reW re, 249 500 account, 77, 139 142 fixed s ze d sks, 99, 104 F x My Network W zard (FMNW), 519 520, 542 546 F ex b e S ng e Master Operat on ro es. See FSMO ro es float ng po nt operat ons, performance of, 12 FMNW (F x My Network W zard), 519 520, 542 546 Fo der Red rect on Accounts un versa group, 209 fo ders. See also data compress on of, 262 DFS, 276 add ng, 285 287 rep cat ng, 291 ownersh p of, 236 238 perm ss ons for. See NTFS fi e perm ss ons quotas for. See d rectory quotas recover ng from backup, 401 404 red rect on, re enab ng after m grat on, 176 178 shared add ng, 229 233 fi e screen for, 232 for software d str but on po nt, 562 563 NTFS fi e perm ss ons app ed to, 230 perm ss ons on. See share perm ss ons protoco for, 230 pub sh ng to DFS namespaces, 233 quotas for, 232 remov ng, 233 share perm ss ons for, chang ng, 234 235 spec a shares, 235 238 storage for, 230

770

fo der targets, DFS, 276 277, 289 forest funct ona eve , for Act ve D rectory, 127 129 forward ookup zones, DNS, 503 frame re ay/T1 nternet connect on, 24 FRS (F e Rep cat on Serv ce), 279 280 Fsmgmt.msc too , 465 FSMO (F ex b e S ng e Master Operat on) ro es, 70, 337 FSRM (F e Server Resource Manager), 296 313 command ne shortcut for, 465 creat ng quotas, 301 302 creat ng quota temp ates, 303 306 screen ng fi es, 306 313 storage reports, schedu ng, 296 300 Fsrm.msc too , 465 Fu Contro fi e perm ss on, 226 227 Fu Contro perm ss on, SharePo nt, 599 Fu Contro share perm ss on, 224 fu mesh topo ogy, 280 Fu Text Search, SQL Server, 667

G GDT (g oba descr ptor tab e), 14 generators, 53 54 geosynchronous sate te nternet connect on, 24 Get Excommand command, PowerShe , 492 getmac command, 500 get status subcommand, Wbadm n, 422 get vers ons subcommand, Wbadm n, 422 Get WBBackupSet cmd et, PowerShe , 413 Get WBBackupTarget cmd et, PowerShe , 413 Get WBBareMeta Recovery cmd et, PowerShe , 414 Get WBD sk cmd et, PowerShe , 413 Get WBF eSpec cmd et, PowerShe , 414 Get WBJob cmd et, PowerShe , 413 Get WBPo cy cmd et, PowerShe , 413 Get WBSchedu e cmd et, PowerShe , 413 Get WBSummary cmd et, PowerShe , 413 Get WBSystemState cmd et, PowerShe , 414 Get WBVo ume cmd et, PowerShe , 413 Get WBVssBackupOpt ons cmd et, PowerShe , 414 G gE (G gab t Ethernet), 25, 26 g oba descr ptor tab e. See GDT g oba scope, 208, 212 213 GPC (Group Po cy Conta ner), 548 Gped t.msc too , 465

GUID Partition Table. See GPT

GPMC (Group Po cy Management conso e) B ock nher tance, sett ng, 552 command ne shortcut for, 465 firewa po c es, creat ng, 515 519 GPO (Group Po cy object) add ng software package to, 567 568 back ng up, 559 560 creat ng, 553 554 creat ng, for software deve opment, 563 564 de et ng, 554 node of, d sab ng, 557 refresh ng after changes, 558 559 restor ng, 560 scope of, sett ng, 555 556 software nsta at on opt ons for, 564 566 v ew ng or ed t ng, 549 550 GPO nk d sab ng, 556 enab ng, 556 enforc ng, 551 v ew ng, 555 Group Po cy Preferences dev ces, sett ngs for, 575 576 fi es, sett ngs for, 573 574 mapped dr ves, sett ngs for, 571 573 v ew ng, 570 Gpmc.msc too , 465 Gpme.msc too , 465 GPO (Group Po cy Object). See Group Po cy, GPO Gpted t.msc too , 465 GPT (Group Po cy Temp ate), 548 549 GPT (GU D Part t on Tab e), 244 Group Po cy, 547 549 compared to Group Po cy Preferences, 569 GPO (Group Po cy Object), 548 549 back ng up, 559 560 components of, 548 549 computer re ated po c es n, 548 creat ng, 553 554 creat ng, for app cat ons, 560 568 creat ng, for firewa po c es, 515 519 de et ng, 554 d sab ng po cy branch of, 557 nher tance of, 551 552 order of mp ementat on for, 552 553 refresh ng after changes, 557 559 restor ng, 560 scope of, sett ng, 555 556

user re ated po c es n, 548 v ew ng or ed t ng, 549 550 GPO nk d sab ng, 556 enab ng, 556 enforc ng, 551 manag ng, 555 557 RemoteApps dep oyed w th, 694, 695, 698, 700 Group Po cy Creator Owners g oba group, 213 Group Po cy Ed tor, 465 Group Po cy Management conso e. See GPMC (Group Po cy Management conso e) Group Po cy Management Ed tor, 465 Group Po cy Object. See Group Po cy, GPO Group Po cy Object Ed tor, 554 Group Po cy Preferences, 568 576 common opt ons for, 574 575 compared to Group Po cy, 569 dev ces, sett ngs for, 575 576 fi es, sett ngs for, 573 574 mapped dr ves, sett ngs for, 571 573 resu ts of, v ew ng, 576 577 v ew ng, 570 Group Po cy Resu ts W zard, 576 577 Group Po cy Starter GPO Ed tor, 465 Group Po cy Temp ate. See GPT groups, 203 204. See also user accounts benefits of, 204 bu t n doma n oca groups, 209 212 bu t n g oba groups, 212 213 bu t n un versa groups, 209 d str but on groups, 203, 204, 205 206 m grat ng, 166 170 secur ty groups, 203 creat ng, 206 207 group scope for, 203 securab e objects n, 203 user r ghts for, 204 SharePo nt. See also secur ty groups, SharePo nt guest (ch d) part t on, for Hyper V, 15, 83 Guests doma n oca group, 210 GU D (g oba y un que dent fier), 139 for adm n strator account, 77 for custom a ert, acqu r ng, 589 590, 594 595 GU D Part t on Tab e. See GPT

771

hackers

H hackers, 40 hard d sks. See also d sk management add ng, 254 255 a ocat on un t of, 244, 261 backups stored on, 386, 388 389, 393 bas c d sks, 245, 250, 252 compress on of, 262 dynam c d sks, 245. See dynam c d sks formatt ng opt ons for, 261 262 mon tor ng, 712, 714 715 part t ons on, 244 add ng, 253 263 compared to vo umes, 252 de et ng, 262 extended part t on, 244, 250, 263 GPT (GU D Part t on Tab e) for, 244 for Hyper V v rtua zat on, 14 15, 83 84, 107 109 og ca dr ves on, 245 MBR (Master Boot Record) for, 244 p ann ng, 67 68 pr mary part t on, 244, 250 re ab ty of, 47 space requ red on. See d sk space v rtua . See VHD (v rtua hard d sk) vo umes on, 244, 250 add ng, 253 263 compared to part t ons, 252 de et ng, 262 extended vo ume, 264 267 og ca dr ve/vo ume, 245 m rror vo ume. See m rror vo ume mount ng, 273 274 nam ng, 272 RA D 0 (str p ng), 245, 250 RA D 1 vo ume, 250, 259 262 RA D 5 vo ume, 246, 250, 259 262, 271 272 recover ng from backup, 271 272 shr nk ng, 263 264 s mp e vo ume, 244, 255 259 spanned vo ume, 245, 250 spec a shares for, 235 236 hardware RA D, 55, 61, 251 252, 253 254 hardware requ rements, 6 7, 15 for backups, 35 for c ent computers, 36

772

for firewa , 33 34 for Hyper V v rtua zat on, 84 85 for pr nters, 316 317 for RD Sess on Host ro e, 676 677 for router, 33 34 for SBS on Hyper V ch d part t on, 108 109 for second server, 627 629 for server, 34 36 for SQL Server, 659 for w re ess access po nts, 31 Hdww z.cp too , 466 hea th reports. See also mon tor ng; troub eshoot ng for dev ces, us ng SNMP, 50 for DFS rep cat on, 295 for network, 199 He p command, PowerShe , 492 host (parent) part t on, for Hyper V, 14, 83 84 hotfixes, 364 hot spare RA D, 61 hot swap RA D, 61 HTML (Hypertext Markup Language), storage reports n, 296 hub and spoke network topo ogy, 30, 280 hubs, 30 HyperSnap ut ty, 107 Hypertext Markup Language (HTML), storage reports n, 296 Hyper V ch d part t on, SBS on, 107 109 configurat on for, 108 109 cens ng for, 108 hyperv sor v rtua zat on. See Hyper V v rtua zat on Hyper V Manager conso e, 91, 466 network configurat on, 92 93 server configurat on, 93 95 VM (v rtua mach ne) mach ne sett ngs for, 101 105 Hyper V ro e, 82 nsta ng, 89 90 on ma n SBS server, 107 108 other ro es m ted by, 86, 108 requ rements for, 84 85 support for, 17 Hyper V Server 2008 R2, 84, 86 configur ng, 93 95 nsta ng, 87 88 Hyper V v rtua zat on, 14 15, 81 85 configur ng, 91 95

Internet Address Management Wizard

d saster p ann ng ssues for, 747 748 on Hyper V Server 2008 R2, 86, 87 88 nsta ng, 86 90 network configurat on, 91 93 network, types of, 91 part t ons for, 14 15, 83 84, 107 109 RA D eve for, 85 reasons for, 82 requ rements for, 84 85 second server as, 627 server configurat on, 93 95 vers on of, choos ng, 86 VM (v rtua mach ne) creat ng, 95 100 mach ne sett ngs for, 101 105 us ng, 105 106 on W ndows Server 2008 R2, 86, 89 90

I CT ( n t a Configurat on Tasks) W zard, 635 636, 637 c os ng, 654 computer name and doma n, sett ng, 642 644 ro es and features, add ng, 648 653 t me zone, sett ng, 637 638 updates and feedback, enab ng, 644 647 updates, down oad ng and nsta ng, 647 648 DE contro ers, for VM (v rtua mach ne), 101, 103 DE ( ntegrated Dev ce E ectron cs), 246, 249 DSL (DSL over SDN) nternet connect on, 24 DT ( nterrupt descr ptor tab e), 14 EEE 802.1X standard, 31, 34, 510 EEE 802.11a standard, 28 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 EEE 802.11b standard, 27 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 EEE 802.11g standard, 28 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 EEE 802.11 standard (WPA2 encrypt on), 43, 508 509, 510

EEE 802.11n standard, 28 for nternet connect on, 24 for network, 26 range and nterference ssues, 32 S USRS doma n oca group, 210 LO ( ntegrated L ghts Out) port, 62 63 nc ude parameter, Wbadm n, 417 ncom ng Forest Trust Bu ders doma n oca group, 210 netcp .cp too , 466 nher tance of fi e perm ss ons, 228 229 of Group Po cy, 551 552 n t a ze D sk W zard, 254 255 nkjet pr nters, 317 nsta ng DFS Management, 281 283 nsta ng dr vers, 637 nsta ng Hyper V v rtua zat on, 86 90 nsta ng pr nters, 319 325 nsta ng SBS 2011, 4, 67 80 answer fi e for, 78 79 automat ng, 757 758 d sks, part t on ng, 67 68 ayout, p ann ng, 68 prob ems w th, reso v ng, 182 process for, 70 77 server, prepar ng, 69 70 when m grat ng to, 145 146 nsta ng SQL Server 2008 R2 for Sma Bus ness he p for, 661 opt ons for, 657, 662, 664 665 p ann ng for, 659 665 process for, 658, 665 671 restr ct ons on, 658 nsta ng W ndows Server 2008 R2 Standard, 70 73, 630 636 ntegrated Dev ce E ectron cs. See DE ntegrated ghts out port. See LO port ntegrated Serv ces D g ta Network. See SDN nternet connect on ntegrat on Serv ces, SQL Server, 667 nte processor, compat b ty w th AMD, 15 nterference of w re ess networks, 32 nterna v rtua network, 91 nternet address configur ng, for m grat on, 152 157 sett ng up, 185 198 nternet Address Management W zard, 469 470 doma n name, reg ster ng, 185 188 doma n name, sett ng up, 188 193 773

Internet connection

nternet connect on, 22 25. See also ema backup for, 25 bandw dth needs for, 22 23 connect ng to, 182 184 d agramm ng, 29 fau t to erance for, 62 SPs for, 25 requ rements for, 7 speed of, 23 24 types of, 23 24 nternet doma n name, 37 39 choos ng, 38, 185 DNS records for, 191 ex st ng, us ng, 188 191 manag ng, 190 193 new, reg ster ng, 185 188 nternet Exp orer, 32 and 64 b t vers ons of, 16 nternet hackers, 40 nternet Propert es ( nternet Exp orer), Contro Pane , 466 nternet Protoco vers on 6. See Pv6 nternet Secur ty and Acce erat on. See SA nternet Sma Computer Systems nterface. See SCS nterrupt descr ptor tab e. See DT nt .cp too , 466 /O performance of, 12 13 v rtua zat on and, 85 P address range for, sett ng for m grat on, 119, 123 124 stat c, 25 DHCP exc us ons for, 498 499 PC$ spec a share, 235 pconfig command, 499 P spoofing, 33 Pv6 ( nternet Protoco vers on 6), 33 SA ( nternet Secur ty and Acce erat on) server m grat ng from, 111, 125 remov ng from SBS 2003, 125 SCS ( nternet SCS ), 245, 249 n t ator for, 245 target for, 245 SDN ( ntegrated Serv ces D g ta Network) nternet connect on, 24 SP servers, sett ng DNS forward ng to, 506 507 SPs ( nternet Serv ce Prov ders), 25 tems parameter, Wbadm n, 418 temtype parameter, Wbadm n, 418

774

J JBOD (just a bunch of d sks), 246

K ka zen, 741 Kaseya, 381 Kbps (k ob ts per second), 23 KBps (k obytes per second), 23 kerne , secur ty for, 14 keycode ocks, 69

L LAND attack, 33 aser pr nters, 316 317 Launcher.exe app cat on, 338, 343 brar es, SharePo nt, 598 cens ng CAL (C ent Access L cense), 70, 677 678 EULA (End User L cense Agreement), for updates, 376 for RDS (Remote Desktop Serv ces), 677 678, 683 for W ndows Server, 108 cmgr.exe app cat on, 689 L m ted Access perm ss on, SharePo nt, 599 L ne Pr nter Daemon. See LPD L nk Users un versa group, 209 L st Fo der Contents fi e perm ss on, 226 L st Fo der fi e perm ss on, 226 sts, SharePo nt, 599 oca adm n strator accounts. See Standard User doma n accounts oca connect v ty, 495 DHCP for, 496 503 DNS for, 503 507 W ndows F rewa for, 511 519 w re ess, 508 510 oca power supp y, fa ure of, 48 50 Loca Secur ty Po cy Conso e, 465 Loca Users and Groups Manager, 465 ocat on name, for pr nters, 318 og fi es, from data co ector sets, 729 730 og ca dr ve/vo ume, 245. See also part t ons og ca pr nters, 316 configur ng usage of, 329 330

migrating to SBS 2011

creat ng, 329 v ew ng n SBS Conso e, 330 331 Log ca Un t Number. See LUN ogon r ghts, 240 242 ong term power outages, 53 54. See also d saster p ann ng ookup zones, DNS, 503 LPD (L ne Pr nter Daemon), 315 316 Lpq command, 327 Lpr command, 327 Lumens on Endpo nt Management and Secur ty Su te, 381 LUN (Log ca Un t Number), 245 Lusrmgr.msc too , 465, 616

M mach ne parameter, Wbadm n, 418 MAC (Med a Access Contro ) address determ n ng for a dev ce, 499 500 fi ter ng, 509 Mac OS/X c ents, 350 351 Ma n.cp too , 466 Manage Documents perm ss on, 328 managed sw tches, 30 Management Framework Core, 114 Management Too s, SQL Server, 667 Manage Pr nters perm ss on, 328 Map command, Dfscmd, 286 mapped dr ves, Group Po cy Preferences for, 571 573 Master Boot Record. See MBR Mbps (megab ts per second), 23 MBps (megabytes per second), 23 MBR (Master Boot Record), 244 MDT (M crosoft Dep oyment Too k t), 758 mean t me to fa ure. See MTTF mean t me to recover. See MTTR Med a Access Contro address. See MAC address megab ts per second. See Mbps megabytes per second. See MBps member server. See second server Members group, SharePo nt, 599, 600 602 memory dynam c memory a ocat on, 102 103 phys ca memory (RAM) access to, w th 32 and 64 b t arch tectures, 2, 10 11

c ent requ rements for, 36 for VM (v rtua mach ne), 101, 102 103 server requ rements for, 6, 7, 35 usage, mon tor ng, 712, 715 v rtua memory address space, 10, 11, 12 MFM (Mod fied F e d Mod ficat on), 246 M crosoft Base ne Configurat on Ana yzer 2.0. See Base ne Configurat on Ana yzer 2.0 M crosoft Dep oyment Too k t. See MDT M crosoft Exchange Server 2010. See Exchange Server 2010 M crosoft Hyper V Server 2008 R2. See Hyper V Server 2008 R2 M crosoft nternet Exp orer. See nternet Exp orer M crosoft .NET Framework 2.0 SP1. See .NET Framework 2.0 SP1 M crosoft pr nt server. See W ndows pr nt server M crosoft SBS 2003 Best Pract ces Ana yzer. See SBS 2003 Best Pract ces Ana yzer M crosoft SharePo nt Foundat on Serv ces 2010. See SharePo nt Foundat on 2010 M crosoft SQL Server 2008 R2 for Sma Bus ness. See SQL Server 2008 R2 for Sma Bus ness M crosoft Sync Framework, SQL Server, 667 M crosoft V rtua Server 2005 R2. See V rtua Server 2005 R2 m crowave w re ess nternet connect on, 24 M dd eton, Jeff (M crosoft MVP for SBS), 113 m grat ng to SBS 2011, 4, 111 113 answer fi e, creat ng, 142 145 data and sett ngs, m grat ng, 147 176 Companyweb SharePo nt s te, 165 fax data, 166 Group Po c es, remov ng, 164 165 nternet address configurat on, 152 157 ogon sett ngs, remov ng, 164 165 network configurat on, 150 152 network sett ngs, 157 158 shared data, 165 users and groups, 166 170 Exchange ma boxes, 133 134, 158 164 ex st ng server Act ve D rectory, configur ng, 127 129 back ng up, 115 BPA, runn ng for, 130 133 demot ng and remov ng, 170 176 DHCP reconfigurat on, 117 118 P address range for, 119, 123 124

775

migrating to SBS 2011 (cont.)

m grat ng to SBS 2011 (cont.) ex st ng server (cont.) M grat on Preparat on Too , runn ng, 134 139 network configurat on for, 116 124 prepar ng, 114 139 synchron z ng to externa t me source, 138 updat ng, 115 firewa for, 116 117, 124 125 fo der red rect on, configur ng, 176 178 nsta ng SBS 2011, 145 146 M crosoft m grat on gu des for, 112 router for, 116 117, 124 125 Sw ng M grat on, 113 t me to comp ete, m t for, 111, 146 VPNs, d sab ng, 126 M grat on Preparat on Too , 114, 134 139 M grat on W zard, 147 171 m rrored str ped d sks, 57 m rror ng (RA D 1), 56, 60, 61 m rror ng (RA D 1), 250, 259 262 m rror vo ume, 246 break ng, 271 fa ure of, recover ng from, 268 271 Mmsys.cp too , 466 Mod fied F e d Mod ficat on. See MFM Mod fy fi e perm ss on, 226 227 mon tor. See d sp ay mon tor ng. See also troub eshoot ng hea th reports for dev ces, us ng SNMP, 50 for DFS rep cat on, 295 for network, 199 performance counters add ng, 718 719 creat ng data co ector sets from, 723 724 mon tored by data co ector sets, 725 726 Performance Mon tor, 465, 711, 717 718 data co ector sets, 721 727 d sp ay, custom z ng, 719 720 Re ab ty Mon tor, 720 721 Resource Mon tor, 712 717 Mouse Propert es, Contro Pane , 466 MS DOS app cat ons, not supported, 17 .ms fi es, 698 700 mstsc.exe app cat on, 360 MTTF (mean t me to fa ure), 46 47 MTTR (mean t me to recover), 46 47

776

N namespace root, DFS, 276 creat ng or open ng, 283 285 namespaces, DFS, 275, 276 cache durat on, chang ng, 287 288 c ent requ rements for, 278 279 doma n based, 277 fa back sett ngs, chang ng, 287 288 perm ss ons, chang ng, 288 289 po ng sett ngs, chang ng, 289 pub sh ng shared fo der to, 233 referra sett ngs, chang ng, 287 288 server requ rements for, 278 standa one, 277 namespace server, DFS, 276, 285 nam ng convent ons, 37 39 for c ent computers, 39 for doma n name, 37 39, 76, 185 for pr nter ocat ons, 318 for pr nters, 318 for second server, 641 644 for server, 39 for vo umes, 272 Napc cfg.msc too , 465 NAP (Network Access Protect on) C ent Configurat on Conso e, 465 NAS (Network Attached Storage), 248, 249, 251 nat ve conso es d rect access to, 464 466 from Nat ve Too s Management conso e, 457 from SBS Conso e, 457 458 from Server Manager conso e, 461 462 Nat ve Too s Management conso e, 457 NAT (Network Address Trans at on), 33 Ncpa.cp too , 466 .NET Framework 2.0 SP1, 114 NETLOGON spec a share, 235 Net pr nt command, 327 Net start command, 327 network, 751 756 cab e for, 27 c ent hardware and software for, 36 c ent/server based, 20 configur ng, for Hyper V, 91 93 configur ng, for m grat on, 116 124, 150 152, 157 158 connect ng computers to, 337 351

OU (organizational unit)

connect ons used n, 752 d agramm ng, 29 30 doma n contro ers for, 337 338, 627, 755 doma n name for, 37 39, 75, 76 firewa for, 33 34 hea th of, from SBS Conso e, 199 nternet connect on for, 22 25, 182 184 ayout for, p ann ng, 68 mon tor ng. See mon tor ng needs of, determ n ng, 21 22 peer to peer, 20 ports for, 30, 62 63 redundant network ng, 62 remov ng computers from, 361 router for, 33 34 server hardware for, 34 36 speed requ rements for, 30 sw tch (hub) for, 30 topo ogy for, 30 troub eshoot ng w th FMNW, 519 520, 542 546 types of, 25 28 w re ess access po nts for. See w re ess access po nts Network Access Protect on (NAP) C ent Configurat on Conso e, 465 network adapters c ent requ rements for, 36 for VM (v rtua mach ne), 102, 105 server requ rements for, 6, 35 Network Address Trans at on. See NAT Network Adm n strator ro e, 215 Network Attached Storage. See NAS network card team ng, 62 Network Configurat on Operators doma n oca group, 211 Network Connect ons, Contro Pane , 466 network dev ces. See firewa ; router; w re ess access po nt Network F e System. See NFS network nterface card. See N C network operat ng systems, 19 21 Network Po cy And Access Serv ces ro e, 447 Network Po cy Server Conso e, 465 network reports creat ng, 584 585 Deta ed Network Report, 580, 582 584 Summary Network Report, 579 582 New Ma Contact cmd et, PowerShe , 479 New WBBackupTarget cmd et, PowerShe , 413

New WBF eSpec cmd et, PowerShe , 413 New WBPo cy cmd et, PowerShe , 413 NFS (Network F e System) for shared fo ders, 230 mounted vo umes not supported w th, 273 N C (network nterface card) DRAC (De Remote Access Card), 62 number of m grat on ssues w th, 111, 116 117, 118 spare, n case of fa ure, 62 team ng, 62 no nher tAc parameter, Wbadm n, 417 Non Un form Memory Arch tecture. See NUMA notrestoreac parameter, Wbadm n, 418 noVer fy parameter, Wbadm n, 418 Nps.msc too , 465 Ntbackup ut ty, 384, 416 NTFS fi e perm ss ons, 41, 224 229 app ed to shared fo ders, 230 effect ve, v ew ng, 238 239 how app ed, 227 228 nher ted, 228 229 recommended sett ngs for, 223 for software d str but on po nt, 562 563 types of, 226 227 NTFS fi e system format, 261

O OCA (On ne Crash Ana ys s), 647 100BaseT (Fast Ethernet), 25, 26 one t me password. See OTP On ne Crash Ana ys s. See OCA oobe.exe app cat on, 652, 654 operat ng system. See also Mac OS/X c ents; W ndows c ents for c ent computers, 17 18, 21, 36, 337, 349, 350 for server, 19 21 recover ng from backup, 406 411 OTP (one t me password), 42 43, 353, 532 OU (organ zat ona un t) for contacts, 459, 486 for GPO (Group Po cy object), 552, 553 554, 558, 563 SBSComputers OU, 428 429, 527 SBSServers OU, 515 516, 527 SBSUsers OU, 141 142, 486 for W ndows Server, 650, 678

777

Outlook Anywhere

Out ook Anywhere DNS records for, 191 RWA (Remote Web Access) for, 522 sp t DNS for, 503 overwr te parameter, Wbadm n, 418 Owners group, SharePo nt, 599 ownersh p of fi es or fo ders, 236 238

P packet fi ter ng, 33 PAE (Phys ca Address Extens on), 12 parent (host) part t on, for Hyper V, 14, 83 84 part t ons, 244 add ng, 253 263 compared to vo umes, 252 de et ng, 262 extended part t on, 244, 250, 263 GPT (GU D Part t on Tab e) for, 244 for Hyper V v rtua zat on, 14 15, 83 84, 107 109 og ca dr ves on, 245 MBR (Master Boot Record) for, 244 p ann ng, 67 68 pr mary part t on, 244, 250 pass through d sks, 104 password parameter, Wbadm n, 418 Password Po c es, 41 passwords. See also authent cat on; secur ty for adm n strator account, 77, 140, 143 for bu t n doma n oca groups, 210 OTP (one t me password), 42 43, 353, 532 for POP3 ema accounts, 475 for SQL Server serv ce accounts, 668 for Standard User doma n account, 349 for trusted cert ficate, 197 for user account, 218 219 for W ndows Server, 635 for workgroups, 753 patches. See software updates PatchGuard techno ogy, 14 pattern match ng, defin ng fi e groups us ng, 313 314 peer to peer network, 20 Perfmon.msc too , 465 performance of float ng po nt operat ons, 12 of /O operat ons, 12 13 of processors, 6

778

of RA D eve s, 60 storage reports affect ng, 299 300 Performance Counter a ert, 587 Performance Log Users doma n oca group, 211 Performance Mon tor, 465, 711, 717 718 data co ector sets, 721 727 d sp ay, custom z ng, 719 720 performance counters add ng, 718 719 creat ng data co ector sets from, 723 724 mon tored by data co ector sets, 725 726 Re ab ty Mon tor, 720 721 Resource Mon tor, 712 717 Performance Mon tor Users doma n oca group, 211 per meter network, 30 perm ss ons effect ve, v ew ng, 238 239 for pr nters, 328 for VPN, 541 542 NTFS fi e perm ss ons, 41, 224 229 app ed to shared fo ders, 230 effect ve, v ew ng, 238 239 how app ed, 227 228 nher ted, 228 229 recommended sett ngs for, 223 for software d str but on po nt, 562 563 types of, 226 227 share perm ss ons, 223 224, 237 238 chang ng, 234 235 h d ng, 238 recommended sett ngs for, 223 sett ng, 231 232 users app ed to, 224 SharePo nt, 599 606 user r ghts and, 204, 240 242 PFM (Pu se Frequency Modu at on), 246 .pfx fi es, 197 Phone and Modem Opt ons, Contro Pane , 466 Phys ca Address Extens on. See PAE phys ca dr ve, 244. See also hard d sks phys ca memory (RAM) access to, w th 32 and 64 b t arch tectures, 2, 10 12 c ent requ rements for, 36 server requ rements for, 6, 7, 35 for VM (v rtua mach ne), 101, 102 103 phys ca secur ty, 40, 68 P D (process dent ficat on), 714 715 P D (Product D), 629

process identification. See PID

P ng of Death attack, 33 p ngs, d sab ng, 43 PK (Pr vate Key nfrastructure) V ewer, 465 Pk v ew.msc too , 465 PM (prevent ve ma ntenance), for generators, 54 Po nt to Po nt br dges, 31 poo s non paged, 11, 12 paged, 10 pr nter poo s, 316, 331 332 POP3 ema accounts, 474 478 add ng, 475 477 retr eva frequency for, 477 478 ports COM ports, for VM (v rtua mach ne), 102, 105 firewa ports, scann ng, 43 LO ( ntegrated L ghts Out) port, 62 63 number of, for network, 30 Powercfg.cp too , 466 Power Opt ons, Contro Pane , 466 PowerP vot for SharePo nt, 662 PowerShe 2.0, 114 for contro ng oca access to a computer, 357 358 for Exchange Management, 492 for manag ng backups, 413 416 for open ng mu t p e Remote Desktop sess ons, 361 for open ng nat ve conso es, 464 power str ps, 50 power supp y. See also d saster p ann ng; fau t to erance fa ure, types of, 47 oca (for server) fa ure of, 48 50 rep ac ng, 49 ong term outages, 53 54 short term outages, 53 vo tage sags, 52 vo tage var at ons, 50 51 Preboot Execut on Env ronment. See PXE Prem um Add on for SBS 2011, 1, 6 7 a ternat ve to, 654 655 hardware requ rements for, 7 Hyper V v rtua zat on and, 86 SQL Server nc uded w th. See SQL Server 2008 R2 for Sma Bus ness W ndows Server nc uded w th. See W ndows Server 2008 R2 Standard Pre Shared Key. See PSK

prevent ve ma ntenance (PM), for generators, 54 Pre W ndows 2000 Compat b e Access doma n oca group, 211 pr mary part t on, 244, 250 PR NT$ spec a share, 235 Pr nt command, 327 pr nter poo s, 316, 331 332 pr nters ava ab ty of, sett ng, 328 331 cost of, 315, 316 317 dr vers for, 325 326 nsta ng, 319 325 oca , 319, 324 325 ocat on name for, 318 ocat on of, 49 og ca pr nter for, 316 configur ng usage of, 329 330 creat ng, 329 v ew ng n SBS Conso e, 330 331 manag ng from command ne, 327 328 from SBS Conso e, 326 327 nam ng, 318 network attached, 319 add ng and shar ng, 320 323 v ew ng n SBS Conso e, 322 323 perm ss ons for, 328 p acement of, 317 318 requ rements for, determ n ng, 316 317 secur ty for, 328 331 server grade, 15 16 shared dr vers for, 325 326 oca pr nters, 324 325 network attached pr nters, 320 323 share name for, 318 share name for, 318 Pr nt Operators doma n oca group, 211 Pr nt perm ss on, 328 pr nt servers, 315 316 pr nt spoo ng, 332 333 Pr vate Key nfrastructure (PK ) V ewer, 465 Pr vate Profi e, for W ndows F rewa , 512 pr vate v rtua network, 91 pr v eges, 240 processes, unrespons ve, 716 717 process dent ficat on. See P D

779

processors (CPUs)

processors (CPUs) c ent requ rements for, 36 nte and AMD, compat b ty between, 15 mon tor ng, 712 714 performance of, 6 reg sters on, 12 requ rements for, 6, 7 server requ rements for, 35 for VM (v rtua mach ne), 101, 102 103 Product D. See P D profi es, for W ndows F rewa , 511 512 Programs and Features, Contro Pane , 466 PSK (Pre Shared Key), 508, 509 PTE. See system PTE Pub c Profi e, for W ndows F rewa , 512 Pu se Frequency Modu at on. See PFM PXE (Preboot Execut on Env ronment), 757

Q qu et parameter, Wbadm n, 419 quotas d rectory quotas, 300 306 creat ng, 301 302 for shared fo ders, sett ng, 232 types of, 300 v ew ng and manag ng, 302 303 d sk quotas, 300 quota temp ates, 300 creat ng and ed t ng, 303 306

R RAD US (802.1X standard), 31, 34, 510 RA D 0+1, 57, 59, 60, 251 RA D 0 (str p ng), 56, 250 RA D 1 (m rror ng), 56, 60, 61, 250, 259 262 RA D 3, 56, 58 RA D 4, 56, 58 RA D 5, 56, 60, 246, 250, 259 262, 271 272 RA D 6, 56, 58, 59, 60 RA D 10, 57, 59, 60, 251 RA D (redundant array of ndependent d sks), 55 61, 245 hardware RA D, 55, 61, 251 252, 253 254

780

eve of, choos ng, 57 61, 85 eve s of, 55 58 software RA D, 55, 58 RAM (random access memory). See phys ca memory access to, w th 32 and 64 b t arch tectures, 2, 10 12 c ent requ rements for, 36 server requ rements for, 6, 7, 35 for VM (v rtua mach ne), 101, 102 103 range of w re ess networks, 32 RAS And AS Servers doma n oca group, 211 RDC (Remote D fferent a Compress on), 275 effic ency of, 295 RD L cens ng ro e serv ce, 450, 453, 678 ass gn ng to RD Sess on Host, 692 694 nsta ng, 688 692 .rdp fi es, 698 700, 701 RD (Remote Desktop) Gateway ro e serv ce, 673, 674, 700 RD (Remote Desktop) Web Access, 673, 674, 700 RD Sess on Host ro e, 37, 673. See also term na server add ng, 678 688 ass gn ng cens ng server to, 692 694 enab ng for RWA, 526 requ rements for, 676 677 RDS (Remote Desktop Serv ces), 37, 360 361, 673 678 aud o and v deo capab t es for, 685, 686 688 authent cat on for, 682 nsta ng ro e and ro e serv ce for, 678 688 cens ng for, 677 678, 683 ogon r ghts through, 240 for second server, 650 653 users a owed to access, sett ng, 683 684 W ndows Mu t Po nt Server 2011 for, 654 655 RD V rtua zat on Host ro e, 37 Read Attr butes fi e perm ss on, 226 Read Data fi e perm ss on, 226 Read & Execute fi e perm ss on, 226 227 Read Extended Attr butes fi e perm ss on, 226 Read fi e perm ss on, 226 227 Read On y Doma n Contro ers g oba group, 213 Read Perm ss ons fi e perm ss on, 226, 227 Read perm ss on, SharePo nt, 599 Read share perm ss on, 224 recover ng from backups app cat ons, 404 406 fi es and fo ders, 403 404 for d saster p ann ng, 743 747 GPOs (Group Po cy objects), 560

replication, DFS

operat ng system, 406 411 server, 400 vo umes, 400 401 w th Wbadm n command, 416 422 recoveryTarget parameter, Wbadm n, 418 Recovery W zard, 400 for app cat ons and data, 404 406 for fi es and fo ders, 401 404 for vo umes, 400 401 recreateD sks parameter, Wbadm n, 418 recurs ve parameter, Wbadm n, 419 redundant array of ndependent d sks. See RA D (redun dant array of ndependent d sks) redundant network ng, 62 redundant power supp y, 48 Reg ona and Language Opt ons, Contro Pane , 466 reg sters, 12 Re ab ty Mon tor, 720 721 re og command, 729 remote access RDS (Remote Desktop Serv ces), 37, 360 361, 673 678 aud o and v deo capab t es for, 685, 686 688 authent cat on for, 682 nsta ng ro e and ro e serv ce for, 678 688 cens ng for, 677 678, 683 ogon r ghts through, 240 for second server, 650 653 users a owed to access, sett ng, 683 684 W ndows Mu t Po nt Server 2011 for, 654 655 RemoteApps, 673, 674 add ng to RWA and ng page, 700 708 configur ng, 694 700 nks for, add ng to Companyweb, 613 624 number of s mu taneous users, 677 RWA (Remote Web Access), 4, 521 523, 674 as a ternat ve to VPN, 126 computer st for, configur ng, 523 526 connect ng to, 351 354 nks on home page, custom z ng, 533 537 RemoteApps added to and ng page, 700 708 term na server, access ng, 526 529 TFA (Two Factor Authent cat on) for, 531 533 users a owed to access, sett ng, 530 531 when to use, 538 VPN (v rtua pr vate network), 510, 538 542 d sab ng, for m grat on, 126

enab ng, 539 541 perm ss ons for, 541 542 when to use, 538 RemoteApp Manager conso e, 695 700 RemoteApps, 673, 674 add ng to RWA and ng page, 700 708 configur ng, 694 700 nks for, add ng to Companyweb, 613 624 number of s mu taneous users, 677 Remote Ass stance, 358 359 Remote Desktop Connect on C ent, 351 Remote Desktop Gateway. See RD Gateway ro e serv ce Remote Desktops Conso e, 466 Remote Desktop Serv ces. See RDS Remote Desktop Serv ces ro e, 441, 447, 450, 453 Remote Desktop Users doma n oca group, 211 Remote Desktop Web Access. See RD Web Access Remote D fferent a Compress on. See RDC remote procedure ca . See RPC Remoteprograms.msc too , 465, 695, 701 Remote Reg stry Serv ce, 721 Remote Web Access. See RWA Remote Web Workp ace. See RWW Remote Web Workp ace Users un versa group, 209 removetarget parameter, Wbadm n, 419 Remove WBBackupTarget cmd et, PowerShe , 413 Remove WBBareMeta Recovery cmd et, Power She , 414 Remove WBF eSpec cmd et, PowerShe , 413 Remove WBPo cy cmd et, PowerShe , 413 Remove WBSystemState cmd et, PowerShe , 414 Remove WBVo ume cmd et, PowerShe , 413 Remove W ndowsFeature cmd et, PowerShe , 447 rep cat on, DFS, 275 276, 290 296 compared to FRS, 279 280 confl ct fo der, 295 confl ct reso ut on, 290 hea th report for, 295 of fo ders, 291 rep cat on groups branch office, creat ng, 292 293 creat ng, 290 manag ng, 288 289, 294 296 mu t purpose, creat ng, 293 294 requ rements for, 279 stag ng fo der, 295 topo og es for, 280, 295

781

replication groups, DFS

rep cat on groups, DFS creat ng, 292 294 manag ng, 294 296 Rep cator doma n oca group, 211 Report ng Serv ces, SQL Server, 667 reports, 579 585 creat ng, 584 585 dep oyment reports for updates, 379 Deta ed Network Report, 580, 582 584 for custom a erts, 592 593 from data co ector sets, 730 731 network reports, 579 585 Summary Network Report, 579 582 reservat ons, DHCP creat ng, 499 501 scope of, 497 Resource Mon tor, 712 717 fi ter ng, 716 unrespons ve app cat ons n, hand ng, 716 717 resources, shared data, m grat ng, 165 fo ders add ng, 229 233 fi e screen for, 232 protoco for, 230 pub sh ng to DFS namespaces, 233 quotas for, 232 remov ng, 233 share perm ss ons for, chang ng, 234 235 for software d str but on po nt, 562 563 spec a shares, 235 238 storage for, 230 PC$ spec a share for, 235 NTFS fi e perm ss ons for, 237 pr nters dr vers for, 325 326 oca pr nters, 324 325 network attached pr nters, 320 323 share name for, 318 resources (webs tes and b ogs), 759 760 Restartab e AD DS, 77 restoreA Vo umes parameter, Wbadm n, 419 restor ng from backups. See recover ng from backups Resu t ng Set of Po c es Conso e, 465 reverse ookup zones, DNS, 503 r ghts cens ng r ghts for W ndows Server, 108 user r ghts, 204, 240 242

782

ro es server ro es. See server ro es SharePo nt ro es, 599 606 user ro es, 213 217 creat ng, 215 217 Network Adm n strator ro e, 215 Standard User ro e, 214 215 Standard User w th Adm n strat on L nks ro e, 215 ro e serv ces, 441 add ng, 444 445, 450 452 remov ng, 452 454 Rootsca ab ty command, Dfsut , 289 root servers, for DNS forward ng, 505 routers access po nts bu t n to, 31 add ng, for m grat on, 116 117, 124 125 dua WAN router, 62 requ rements for, 33 34 Rout ng and Remote Access Manager, 465 RPC (remote procedure ca ), 16 Rrasmgmt.msc too , 465 RSA Secure D OTP tokens, 42 Rsop.msc too , 465 ru es, for firewa po c es, 513 RWA (Remote Web Access), 4, 521 523, 674 as a ternat ve to VPN, 126 computer st for, configur ng, 523 526 connect ng to, 351 354 nks on home page, custom z ng, 533 537 RemoteApps added to and ng page, 700 708 term na server, access ng, 526 529 TFA (Two Factor Authent cat on) for, 531 533 users a owed to access, sett ng, 530 531 when to use, 538 RWW (Remote Web Workp ace), 4, 674. See also RWA (Remote Web Access)

S sags, power, 52 SAN (storage area network), 230, 249, 252 SAS (Ser a y Attached SCS ), 247, 249 SATA RA D contro ers, 247 SATA (Ser a Advanced Techno ogy Attachment), 247, 249 sate te, geosynchronous, nternet connect on, 24

security

SBS 2011. See Sma Bus ness Server (SBS) 2011 SBSAfg.exe app cat on, 78 SBS Answer F e Generator, 78 79, 142 145 SBSAnswerF e.xm fi e, 79, 145 SBS Backup. See W ndows Server Backup SBSComputers OU, 428 429, 527 SBS Conso e, 3, 181 182. See also Adm n strat ve Too s menu Advanced Mode of, 458 461 a erts, v ew ng, 585 588 c ent computers remote access to, contro ng, 356 357 remov ng from network, 361 status of, v ew ng, 354 356 user access to, sett ng, 524 526 compared to Server Manager conso e, 439 DNS ema rout ng, enab ng, 473 474 og ca pr nters, v ew ng, 330 331 network hea th summary, 199 POP3 ema accounts add ng, 475 477 retr eva frequency for, 477 478 pr nters manag ng, 326 327 v ew ng, 322 323 Remote Ass stance, prov d ng, 358 359 reports creat ng, 584 585 Deta ed Network Report, 582 584 Summary Network Report, 580 RWA nks, custom z ng, 533 537 Smart Host, enab ng, 471 473 software updates dep oy ng or dec n ng, 377 379 dep oyment reports, v ew ng, 379 exc ud ng computers from, 374 375 synchron z ng, 380 update groups, chang ng, 375 376 update eve , sett ng, 371 372 update schedu e, sett ng, 372 374 Summary Network Report, 579 users, RWA access for, 530 531 VPN enab ng, 539 541 perm ss ons for, configur ng, 541 542 SBSServers OU, 515 516, 527

SBS Software Updates. See WSUS (W ndows Server Update Serv ce) SBSUsers OU, 141 142, 486 schedu e parameter, Wbadm n, 419 sconfig ut ty, nsta ng Hyper V us ng, 86, 88 scope eve DHCP opt ons, 497 Scorp on Software AuthAnv . See AuthAnv screen captures, 107 screen ng fi es, 306 313 acceptab e use po cy and, 307 308 fi e groups, 311 313 fi e screens creat ng, 307 308 except ons to, 308 309 temp ates for, 309 311 SCS contro ers, for VM (v rtua mach ne), 102, 103 SCS (Sma Computer System nterface), 246, 249 SDSL (Synchronous DSL) nternet connect on, 24 second server. See servers, second server on network Secpo .msc too , 465 securab e objects, 203 secur ty, 40 43. See also Group Po cy; perm ss ons; user r ghts of 64 b t arch tecture, 13 14 a erts regard ng, on SBS Conso e, 199 authent cat on for RDS (Remote Desktop Serv ces), 682 TFA (Two Factor Authent cat on), 34, 42 43, 352 353, 508, 531 533 for w re ess access po nts, 31 of browser, 41 for c ent computers, 41 DEP b t for, 13 DNS po son ng attacks, 506 DoS (den a of serv ce) attack, 33 dr vers, authent c ty of, 15 firewa access po nt bu t n to, 34 add ng, for m grat on, 111, 116 117, 124 125 d agramm ng, 30 requ rements for, 33 34 secur ng, 43 for GDT (g oba descr ptor tab e), 14 for DT ( nterrupt descr ptor tab e), 14 for kerne , 14 LAND attack, 33 network operat ng system prov d ng, 21 Password Po c es, 41

783

security (cont.)

secur ty (cont.) passwords for adm n strator account, 77, 140, 143 for bu t n doma n oca groups, 210 for POP3 ema accounts, 475 for SQL Server serv ce accounts, 668 for Standard User doma n account, 349 for trusted cert ficate, 197 for user account, 218 219 for W ndows Server, 635 for workgroups, 753 OTP (one t me password), 42 43, 353, 532 phys ca secur ty, 40, 68 P ng of Death attack, 33 for pr nters, 328 331 for server, 40 software updates and, 364 for SQL Server, 660 SYN F ood attack, 33 for system serv ce d spatch tab es, 14 types of potent a attacks, 40 UAC (User Account Contro ), 224 225 of W ndows c ents, 41 W ndows F rewa , 511 519 configur ng, for second server, 654 po c es, sett ng w th Group Po cy, 512 519 profi es for, 511 512 ru es for, 513 for w re ess access po nts, 31, 509 for w re ess connect ons, 508 510 for w re ess (W F ) network, 43 secur ty groups, SBS 2011, 203 creat ng, 206 207 group scope for, 203, 208 securab e objects n, 203 user r ghts for, 204 secur ty groups, SharePo nt, 599, 602 secur ty updates, 363 se f ssued cert ficates, 193 Ser a ATA. See SATA Ser a y Attached SCS . See SAS server eve DHCP opt ons, 497 ServerManagerCmd.exe app cat on nsta ng Hyper V us ng, 86 remov ng a ro e us ng, 447 Server Manager conso e, 440, 466 compared to SBS Conso e, 439

784

features add ng, 455 456 remov ng, 456 457 ro es add ng, 441 446 manag ng, 461 464 remov ng, 447 450 ro e serv ces add ng, 450 452 remov ng, 452 454 Servermanager.msc too , 466 Server Message B ock. See SMB Server Operators doma n oca group, 211 server ro es, 441 add ng, 441 446 F e Serv ces ro e, 279, 281, 296, 441 FSMO (F ex b e S ng e Master Operat ons) ro es, 70, 337 Hyper V ro e, 82 nsta ng, 89 90 other ro es m ted by, 86, 108 part t ons for, 14 requ rements for, 84 85 support for, 17 w th SBS n Hyper V, 107 108 ncorporat ng n nam ng convent ons, 39 manag ng, 461 464 Network Po cy And Access Serv ces ro e, 447 RD Sess on Host ro e, 37 RD V rtua zat on Host ro e, 37 Remote Desktop Serv ces ro e, 441, 447, 450, 453 remov ng, 447 450 Web Server ( S) ro e, 447 servers, 751 752 DHCP servers, 496, 497 DNS server, SBS 2011 as, 496 Exchange Server 2010, 5, 469 Hyper V Server. See Hyper V Server 2008 R2 nternet doma n name managed by, 190 191 SA server, 111, 125 SP servers, DNS forward ng to, 506 507 oad of, determ n ng, 35 36 namespace server, DFS, 276, 285 nam ng, 39, 75 operat ng system for, 19 21 phys ca ocat on of, 49, 68 phys ca secur ty for, 40 power supp y for, fa ure of, 48 50

Small Business Server (SBS) 2011

pr nt servers, 315 316 recover ng from backups, 400 requ rements for, 34 36 SBS 2011. See Sma Bus ness Server (SBS) 2011 second server on network W ndows Server as. See W ndows Server 2008 R2 Standard SQL Server. See SQL Server 2008 R2 for Sma Bus ness term na server, 526 529 trusted cert ficates for, 193 198 export ng, 195 197 for m grat on, 143 mport ng, 197 198 purchas ng, 194 195 W ndows Server. See also W ndows Server 2008 R2 Standard serv ce accounts, SQL Server, 668 serv ce packs, 364 serv ces a erts for, 586 587 ro e serv ces, 441 add ng, 444 445, 450 452 remov ng, 452 454 stopped, custom a ert for, 589 593 Serv ces.msc too , 466, 721 Serv ces too , 466 Set WBPo cy cmd et, PowerShe , 413 Set WBSchedu e cmd et, PowerShe , 413 Set WBVssBackupOpt ons cmd et, PowerShe , 414 Share and Storage Management Conso e, 466 shared resources data, m grat ng, 165 fo ders add ng, 229 233 fi e screen for, 232 protoco for, 230 pub sh ng to DFS namespaces, 233 quotas for, 232 remov ng, 233 share perm ss ons for, chang ng, 234 235 for software d str but on po nt, 562 563 spec a shares, 235 238 storage for, 230 PC$ spec a share for, 235 NTFS fi e perm ss ons for, 237 pr nters dr vers for, 325 326 oca pr nters, 324 325

network attached pr nters, 320 323 share name for, 318 share perm ss ons, 223 224, 237 238 chang ng, 234 235 h d ng, 238 recommended sett ngs for, 223 sett ng, 231 232 users app ed to, 224 SharePo nt Foundat on 2010, 5, 597 606 Companyweb SharePo nt s te. See Companyweb SharePo nt s te d scuss ons, 599 brar es, 598 sts, 599 perm ss ons, 599 606 chang ng for a group, 600 602 chang ng for sect on of Companyweb, 602 606 ro es, 599 606 secur ty groups, 599, 602 tasks, 599 web pages, 599 SharePo nt MembersGroup un versa group, 209 SharePo nt OwnersGroup un versa group, 209 SharePo nt V s torsGroup un versa group, 209 Shav k NetChk Protect, 381 short term power outages, 53 showsummary parameter, Wbadm n, 419 S mp e Network Management Protoco . See SNMP s mp e vo ume, 244, 255 259 s ng e arge expens ve d sk. See SLED 16 b t app cat ons, not supported, 17 64 b t arch tecture, 2, 9 18 32 b t app cat on support w th, 16 17 for c ent computers, 17 18 dr ver requ rements for, 15 hardware requ rements for, 15 ncreased RAM access w th, 2, 10 12 egacy software, potent a prob ems w th, 16 17 reg sters w th, 12 secur ty w th, 13 14 trans t on ng to, 9 10 v rtua zat on w th, 14 15, 82 sk pBadC usterCheck parameter, Wbadm n, 419 SLED (s ng e arge expens ve d sk), 246 Sma Bus ness Server (SBS) 2003, m grat on ssues, 111 Sma Bus ness Server (SBS) 2011 64 b t arch tecture of, 2 ed t ons of, 1

785

Small Business Server (SBS) 2011 (cont.)

Sma Bus ness Server (SBS) 2011 (cont.) Exchange Server 2010 n. See Exchange Server 2010 hardware requ rements, 6 7, 15 for backups, 35 for c ent computers, 36 for firewa , 33 34 for Hyper V v rtua zat on, 84 85 for pr nters, 316 317 for RD Sess on Host ro e, 676 677 for router, 33 34 for SBS on Hyper V ch d part t on, 108 109 for second server, 627 629 for server, 34 36 for SQL Server, 659 for w re ess access po nts, 31 nsta ng, 4, 67 80 answer fi e for, 78 79 automat ng, 757 758 d sks, part t on ng, 67 68 ayout, p ann ng, 68 prob ems w th, reso v ng, 182 process for, 70 77 server, prepar ng, 69 70 when m grat ng to, 145 146 m grat ng to. See m grat ng to SBS 2011 new features n, 2 5 Prem um Add on for, 1, 6 7 a ternat ve to, 654 655 hardware requ rements for, 7 Hyper V v rtua zat on and, 86 SQL Server nc uded w th. See SQL Server 2008 R2 for Sma Bus ness W ndows Server nc uded w th. See W ndows Server 2008 R2 Standard resources for, 759 760 SBS Conso e for. See SBS Conso e secur ty for. See secur ty SharePo nt Foundat on Serv ces n. See SharePo nt Foundat on 2010 troub eshoot ng. See troub eshoot ng Sma Computer System nterface. See SCS Smart Host, 470, 471 473 SMB (Server Message B ock) for shared fo ders, 230 231 SMTP forward ng w th Smart Host, 470, 471 473 snapshots, for VM (v rtua mach ne), 94, 95, 106 SNMP (S mp e Network Management Protoco ), 50 software. See app cat ons

786

software RA D, 55, 58 software updates a erts regard ng, on SBS Conso e, 199 assess ng vu nerab t es and pr or ty for, 366 ava ab ty of, determ n ng, 367 368 configur ng for second server, 644 648 cyc e for, 365 370 dec ned, dep oy ng after, 378 379 dec n ng, 376 dep oy ng, 369 370, 376 380 dep oyment reports for, 379 EULA (End User L cense Agreement) for, 376 eva uat ng need for, 368 369 mportance of, 364 managed by WSUS, 115, 370 exc ud ng computers from, 374 375 th rd party a ternat ves to, 381 update groups, chang ng, 375 376 update eve , sett ng, 370 372 update schedu e, sett ng, 372 374 M crosoft s schedu e for, 365 for SQL Server, 662 synchron zat on of, 380 types of, 363 364 VPN for, 538 so d state dr ve. See SSD SOPs (standard operat ng procedures), 737 739 Sound, Contro Pane , 466 spanned vo ume, 245, 250. See also extended vo ume spare parts, 62 ocat on of, 49 power supp y, 48 49 spec a shares, 235 238 sp kes, power, 50 51 SP (Statefu Packet nspect on), 33, 43 sp t DNS, 503 SQL C ent Connect v ty SDK, SQL Server, 667 SQL Server 2008 R2 for Sma Bus ness, 6 configurat on checker for, 660, 663 documentat on for, 659 662, 671 fa over c uster ng for, 661, 662, 663, 664 features ava ab e for, 667 668 nsta ed features d scovery for, 663 nsta ng he p for, 661 opt ons for, 657, 662, 664 665 p ann ng for, 659 665

Terminal Server License Servers domain local group

process for, 658, 665 671 restr ct ons on, 658 ma ntenance for, 663 PowerP vot for SharePo nt w th, 662 re ease notes for, 660 requ rements for, 659 secur ty documentat on for, 660 serv ce accounts for, 668 updates for, 662 Upgrade Adv sor for, 661 upgrade documentat on for, 662 upgrad ng, 662 upgrad ng ntegrat on Serv ces Packages, 663 SQL Server Books On ne, SQL Server, 667 SQL Server nsta at on Center, 658 665 SQL Server Rep cat on, 667 SQL S ammer worm, 13 SSD (So d State D sk), 247, 249 SSE/SSE2 reg sters, 13 SS D h d ng, 509 stag ng fo der, DFS rep cat on, 295 stand a one namespaces, 277 stand a one w re ess br dges, 31 Standard ed t on of SBS 2011, 1 standard operat ng procedures (SOPs), 737 739 Standard User doma n accounts, 348 349 Standard User ro e, 214 215 Standard User w th Adm n strat on L nks ro e, 215 star network topo ogy, 30 start backup subcommand, Wbadm n, 420 start recovery subcommand, Wbadm n, 420 421 start sysrecovery subcommand, Wbadm n, 421 start systemstatebackup subcommand, Wbadm n, 421 start systemstaterecovery subcommand, Wbadm n, 421 Start WBBackup cmd et, PowerShe , 413 stat c P address, 25 DHCP exc us ons for, 498 499 for secondary servers, 341 stop job subcommand, Wbadm n, 420 storage. See DFS (D str buted F e System); d sk manage ment; hard d sks storage area network. See SAN storage capac ty. See d sk space Storage Exp orer Conso e, 466 Storagemgmt.msc too , 466 storage reports, FSRM, 296 300 Storexp .msc too , 466 str ped m rrored d sks, 57

str p ng (RA D 0), 56, 245, 250 Summary Network Report, 579 582 surge protectors, 50 surges, power, 51 Sw ng M grat on, 113 sw tches, 30 Synchronous DSL. See SDSL nternet connect on SYN F ood attack, 33 Sysdm.cp too , 466 System Center V rtua Mach ne Manager. See SCVMM System Configurat on Checker, 660, 663 System Propert es, Contro Pane , 466 system PTE, m ts of, 11 system requ rements, 6 7, 15. See also Mac OS/X c ents; operat ng system; W ndows c ents for backups, 35 for c ent computers, 36 for firewa , 33 34 for Hyper V v rtua zat on, 84 85 for pr nters, 316 317 for RD Sess on Host ro e, 676 677 for router, 33 34 for SBS on Hyper V ch d part t on, 108 109 for second server, 627 629 for server, 34 36 for SQL Server, 659 for w re ess access po nts, 31 system serv ce d sp atch tab es, secur ty for, 14 System Stab ty ndex, 720 SYSVOL spec a share, 235

T Take Ownersh p fi e perm ss on, 226, 227 Tap mgmt.msc too , 466 Taskschd.msc too , 466 Task Schedu er, 466 tasks, SharePo nt, 599 teamed network ng, 62 Te ephon.cp too , 466 Te ephony Conso e, 466 temp ates for fi e screens, 309 311 for quotas, 300, 303 306 term na server, 526 529. See also RD Sess on Host ro e Term na Server L cense Servers doma n oca group, 211

787

Terminal Services

Term na Serv ces ogon r ghts through, 240 Remote Desktop Serv ces as rep acement for, 673, 674 Term na Serv ces Configurat on, 466 Term na Serv ces Gateway Manager, 466 Term na Serv ces Manager, 466 terms of serv ce. See TOS TFA (Two Factor Authent cat on), 34, 508 for RWA (Remote Web Access), 352 353, 531 533 mp ement ng, 42 43 theft of serv ce, 40 32 b t app cat ons, support for, 16 17 32 b t arch tecture, 2 for c ent computers, 17 18 m ted RAM access w th, 2, 10 12 reg sters w th, 12 T medate.cp too , 466 t me zone, sett ng, 74, 637 638 token, authent cat on us ng. See OTP (one t me pass word) TOS (terms of serv ce), 25 Tpm.msc too , 466 TPM (Trusted P atform Modu e) Management, 466 Traverse Fo der fi e perm ss on, 226 troub eshoot ng. See also mon tor ng affected by comb n ng share and NTFS perm s s ons, 223 affected by d sab ng nternet p ngs, 43 connect v ty ssues, FMNW for, 519 520, 542 546 DHCP reservat ons and, 496, 504 nonrespons ve app cat ons, 716 717 reverse ookup zones for, 503 screen captures for, 107 Server Manager and, 440 trusted cert ficates, 193 198 export ng, 195 197 for m grat on, 143 mport ng, 197 198 purchas ng, 194 195 Trusted P atform Modu e (TPM) Management, 466 Tsadm n.msc too , 466 Tsconfig.msc too , 466, 693 Tsgateway.msc too , 466 Tsmmc.msc too , 466 TS RemoteApp Manager, 465 Two Factor Authent cat on. See TFA

788

U UAC (User Account Contro ), 224 225 unattend.xm fi e, 757 un nterrupt b e power supp y. See UPS Un versa P ug and P ay. See UPnP un versa scope, 208, 209 update ro ups, 364 updates a erts regard ng, on SBS Conso e, 199 assess ng vu nerab t es and pr or ty for, 366 ava ab ty of, determ n ng, 367 368 configur ng for second server, 644 648 cyc e for, 365 370 dec ned, dep oy ng after, 378 379 dec n ng, 376 dep oy ng, 369 370, 376 380 dep oyment reports for, 379 EULA (End User L cense Agreement) for, 376 eva uat ng need for, 368 369 mportance of, 364 managed by WSUS, 115, 370 exc ud ng computers from, 374 375 th rd party a ternat ves to, 381 update groups, chang ng, 375 376 update eve , sett ng, 370 372 update schedu e, sett ng, 372 374 M crosoft s schedu e for, 365 for SQL Server, 662 synchron zat on of, 380 types of, 363 364 VPN for, 538 upgrad ng to SBS 2011. See m grat ng to SBS 2011 UPnP (Un versa P ug and P ay), 34 UPS (un nterrupt b e power supp y), 51 52 USB (Un versa Ser a Bus), 249 User Account Contro . See UAC user accounts. See also groups add ng, 217 221, 338, 754 computer access, grant ng, 221 m grat ng, 166 170 user parameter, Wbadm n, 419 user r ghts, 204, 240 242 user ro es, 213 217 creat ng, 215 217 Network Adm n strator ro e, 215 Standard User ro e, 214 215 Standard User w th Adm n strat on L nks ro e, 215

volumes

User Ro es un versa group, 209 users ass gn ng software to, 561 562 computer st for, configur ng, 523 526 RDS access by, sett ng, 683 684 RWA access for, enab ng or d sab ng, 530 531 types of, affected by share perm ss ons, 224 Users doma n oca group, 211

V VD (V rtua Desktop nfrastructure), 37 vers on parameter, Wbadm n, 419 VFD (v rtua floppy dr ve), 102, 105 VHD fi es, 94, 95 VHD (v rtua hard d sk) d fferenc ng d sks, 104 dynam c d sks, 104, 245, 250 compared to fixed s ze d sks, 99 for software RA D, 55 when to use, 253 fixed s ze d sks, 99, 104 mount ng, 272 273 v deo adapter, 6 v deo capab t es, for RDS, 685, 686 688 v deo fi es, contro ng use of, 307 308 V ew command, Dfscmd, 289 V rtmgmt.msc too , 466 V rtua Desktop nfrastructure. See VD v rtua floppy dr ve. See VFD v rtua hard d sk. See VHD v rtua zat on emu at on v rtua zat on, 83 84 Hyper V v rtua zat on, 14 15, 81 85 configur ng, 91 95 d saster p ann ng ssues for, 747 748 on Hyper V Server 2008 R2, 86, 87 88 nsta ng, 86 90 network configurat on, 91 93 network, types of, 91 part t ons for, 14 15, 83 84, 107 109 RA D eve for, 85 reasons for, 82 requ rements for, 84 85 second server as, 627 server configurat on, 93 95 vers on of, choos ng, 86

VM, creat ng, 95 100 VM, mach ne sett ngs for, 101 105 VM, us ng, 105 106 on W ndows Server 2008 R2, 86, 89 90 v rtua mach ne. See VM v rtua memory address space, 10, 11, 12 v rtua networks, types of, 91 V rtua Server 2005 R2, 83 v ruses, 40 V s tors group, SharePo nt, 599 VM (v rtua mach ne) B OS for, 101 c pboard for, 106 107 COM ports for, 102, 105 creat ng, 95 100 d sk types for. See VHD (v rtua hard d sk) DE contro ers for, 101, 103 mach ne sett ngs for, 101 105 memory for, 101, 102 103 nam ng, 97 network adapters for, 102, 105 paus ng, 106 processors for, 101, 102 103 runn ng ncompat b e software on, 17 sav ng, 106 screen captures for, 107 SCS contro ers for, 102, 103 snapshots for, 94, 95, 106 start ng, 105 stopp ng, 106 VFD for, 105 vo tage var at ons, 50 51 vo umes, 244, 250 add ng, 253 263 compared to part t ons, 252 de et ng, 262 extended vo ume, 264 267 og ca dr ve/vo ume, 245 m rror vo ume, 246 break ng, 271 fa ure of, recover ng from, 268 271 mount ng, 273 274 nam ng, 272 RA D 0 (str p ng), 245, 250 RA D 1 vo ume, 250, 259 262 RA D 5 vo ume, 246, 250, 259 262, 271 272 recover ng from backup, 400 401 shr nk ng, 263 264

789

volumes (cont.)

vo umes (cont.) s mp e vo ume, 244, 255 259 spanned vo ume, 245, 250 spec a shares for, 235 236 Vo ume Shadow Serv ce. See VSS VPN pass through, 33 VPN tunne s, 34 VPN (v rtua pr vate network), 510, 538 542 d sab ng, for m grat on, 126 enab ng, 539 541 perm ss ons for, 541 542 when to use, 538 vssFu parameter, Wbadm n, 419 VSS (Vo ume Shadow Serv ce), 404, 414

W WAN connect on, dua WAN support w th, 34 Wbadm n command, 416 422 Wbadm n.msc too , 466 WBF eSpec object, 414 WBSchedu e object, 414 WCN (W ndows Connect Now), 509 web host ng, SP prov d ng, 25 web pages, SharePo nt, 599 Web Part add ng to Companyweb, 621 624 enab ng, 616 619 fo der for, 620 621 reg ster ng as safe, 619 620 Web Server ( S) ro e, 447 webs tes, 759 760 We bacher, Kev n (M crosoft MVP for SBS), 125 WEP (W red Equ va ent Pr vacy), 508, 509 WET (W ndows Easy Transfer) W zard, 361 Wf.msc too , 466, 511 W F nternet connect on, 24 W F network. See w re ess (W F ) network W F Protected Access. See WPA W ndows 7 Automated nsta at on K t, 757 758 W ndows Author zat on Access Group doma n oca group, 211 W ndows c ents. See also W ndows Server 2003; W ndows Server 2008 R2 Standard for c ent computers, 17 18, 36, 756 DFS namespace requ rements for, 278 279 secur ty of, 41

790

W ndows 7 for c ent computers, 18 configur ng for DHCP, 339 341 connect ng to network, 342 349 shar ng pr nter connected to, 325 trans t on ng to, 9 W ndows 2000, connect ng to network, 349 350 W ndows V sta for c ent computers, 18 configur ng for DHCP, 339 341 connect ng to network, 342 349 shar ng pr nter connected to, 324 W ndows XP for c ent computers, 18 configur ng for DHCP, 341 connect ng to network, 342 349 shar ng pr nter connected to, 325 W ndows Connect Now (WCN), 509 W ndows Dep oyment Serv ces, 757 W ndows Easy Transfer W zard. See WET W zard W ndows F rewa , 511 519 configur ng, for second server, 654 po c es, sett ng w th Group Po cy, 512 519 profi es for, 511 512 ru es for, 513 W ndows F rewa , Contro Pane , 466 W ndows F rewa w th Advanced Secur ty conso e, 466, 511 W ndows nsta at on d sc, 406 411 W ndows nsta er Package. See .ms fi es W ndows Management nstrumentat on. See WM W ndows Management nstrumentat on (WM ) Manager, 466 W ndows Mu t Po nt Server 2011, 654 655 W ndows on W ndows 64 b t. See WOW64 W ndows PowerShe 2.0, 114 for contro ng oca access to a computer, 357 358 for Exchange Management, 492 for manag ng backups, 413 416 for open ng mu t p e Remote Desktop sess ons, 361 for open ng nat ve conso es, 464 W ndows pr nt server, 315 316 W ndows Recovery Env ronment, 400, 406 411, 422 W ndows SBS Adm n Too s Group un versa group, 209 W ndows SBS Fax Adm n strators un versa group, 209 W ndows SBS Fax Users un versa group, 209 W ndows SBS Fo der Red rect on Accounts un versa group, 209

Write file permission

W ndows SBS L nk Users un versa group, 209 W ndows SBS Remote Web Workp ace Users un versa group, 209 W ndows SBS SharePo nt MembersGroup un versa group, 209 W ndows SBS SharePo nt OwnersGroup un versa group, 209 W ndows SBS SharePo nt V s torsGroup un versa group, 209 W ndows SBS V rtua Pr vate Network Users un versa group, 209 W ndows Server 2003 configur ng for DHCP, 341 connect ng to network, 342 349 W ndows Server 2008 R2 Standard, 2, 6, 752 753 as second server on network, 627, 755 756 backups, enab ng, 649 computer name for, 641 644 configur ng, 636 648 doma n name for, 641 644 feedback, enab ng, 644 647 hardware dr vers, nsta ng, 637 nsta ng, 630 636 network ng, configur ng, 639 641 Remote Desktop for, 650 653 requ rements for, 627 629 t me zone, sett ng, 637 638 updates, down oad ng and nsta ng, 647 648 updates, enab ng, 644 647 W ndows F rewa , configur ng, 654 configur ng for DHCP, 339 341 connect ng to network, 342 349 Hyper V v rtua zat on on, 86, 89 90. See Hyper V v rtua zat on nsta ng, 70 73 cens ng r ghts for, 108 m tat ons on, from SBS, 70 W ndows Server Backup. See also backups configur ng w th Configure Server Backup W zard, 383 384, 385 391 w th W ndows Server Backup conso e, 391 395 nsta ng for second server, 649 SBS Backup as, 383 W ndows Server Backup conso e, 391 395, 466 W ndows.Serverbackup PowerShe snap n, 413 416 W ndows Server Update Serv ce. See WSUS W ndows Setup d sc, 400, 406 411

W ndows SharePo nt Serv ces. See SharePo nt Founda t on 2010 W ndows Sma Bus ness Server 2011. See Sma Bus ness Server (SBS) 2011 W ndows Storage Server 2008 R2 Essent a s. See WSSE W red Equ va ent Pr vacy. See WEP w re ess access po nts, 31 33 antennas for, 31 authent cat on for, 31 br dges and, 31 bu t n to firewa , 34 bu t n to router, 31 channe s for, 33 nterference of, 32 p acement of, 32 33 range of, 32 requ rements for, 31 secur ty for, 31, 509 supp ement ng w red network, 25 w re ess br dges, 31, 33 w re ess connect v ty, 508 510 MAC address fi ter ng for, 509 SS D h d ng for, 509 TFA (Two Factor Authent cat on) for, 508 VPN (v rtua pr vate network) for, 510 WEP (W red Equ va ent Pr vacy) for, 508, 509 WPA2 encrypt on for, 43, 508 509, 510 WPA (W F Protected Access) for, 508, 510 512 w re ess hackers, 40 w re ess (W F ) network, 26 secur ty for, 43 standards for, 27 28 Wm mgmt.msc too , 466 WM (W ndows Management nstrumentat on) Manager, 466 workgroups, 20, 753. See also peer to peer network workspace, Companyweb, 606 613 workstat ons. See c ent computers worms, 40 WOW64 (W ndows On W ndows 64 b t), 16 WPA2 encrypt on (802.11 standard), 31, 43, 508 509, 510 WPA (W F Protected Access), 508, 510 512 Wr te Attr butes fi e perm ss on, 226, 227 Wr te Data fi e perm ss on, 226 Wr te Extended Attr butes fi e perm ss on, 226, 227 Wr te fi e perm ss on, 226 227

791

WSSE (Windows Storage Server 2008 R2 Essentials)

WSSE (W ndows Storage Server 2008 R2 Essen t a s), 248, 252, 383, 422 434 connect ng to c ent computers, 430 433 connect ng to SBS doma n, 423 429 Launchpad for, 433 434 WSUS (W ndows Server Update Serv ces), 115, 370 exc ud ng computers from, 374 375 th rd party a ternat ves to, 381 update groups, chang ng, 375 376 update eve , sett ng, 370 372 update schedu e, sett ng, 372 374

X XML (Extended Markup Language) for custom a ert, creat ng, 591 593, 594 595 storage reports n, 296

792

Windows Small Business Server 2011 Administrators Companon

Windows Small Business Server 2011 Administrators Companion

Windows Small Business Server 2011 Administrator's Companion

Windows Small Business Server 2011 Administrator's Companion

Working with Windows Small Business Server 2011 Essentials

Working with Windows Small Business Server 2011 Essentials

Windows Small Business Server 2011 Administrator's Pocket Consultant

Windows Small Business Server 2011 Administrator's Pocket Consultant

Pro Windows Small Business Server 2003

Mastering Microsoft Windows Small Business Server 2008

Windows® Small Business Server 2008 Administrator's Companion

Using Microsoft Windows Small Business Server 2003

Small Business Server 2003

Small Business Server 2003 GERMAN

Microsoft Windows Small Business Server 2008 - Das Handbuch

Microsoft Windows Small Business Server 2003 Administrator's Companion

Microsoft Small Business Server 2003 Unleashed

Administering Windows Server®. Server Core

Practical IPv6 for Windows Administrators

Windows 7 Administrators Pocket Consultant

Mastering Windows Server 2003

Inside Windows Server 2003

Windows Server Hacks

Mastering Windows Server 2003

Windows Server 2003 Registry

Introducing Windows Server 2008

Programming Windows Server 2003

Windows Server 2008 Unleashed

Pro Windows Server AppFabric

Windows Server Cookbook

Mastering Windows 2000 Server

Windows Small Business Server 2011 Administrators Companon

Windows Small Business Server 2011 Administrators Companion

Windows Small Business Server 2011 Administrator's Companion

Windows Small Business Server 2011 Administrator's Companion

Working with Windows Small Business Server 2011 Essentials

Working with Windows Small Business Server 2011 Essentials

Windows Small Business Server 2011 Administrator's Pocket Consultant

Windows Small Business Server 2011 Administrator's Pocket Consultant

Pro Windows Small Business Server 2003

Mastering Microsoft Windows Small Business Server 2008

Windows® Small Business Server 2008 Administrator's Companion

Using Microsoft Windows Small Business Server 2003

Small Business Server 2003

Small Business Server 2003 GERMAN

Microsoft Windows Small Business Server 2008 - Das Handbuch

Microsoft Windows Small Business Server 2003 Administrator's Companion

Microsoft Small Business Server 2003 Unleashed

Administering Windows Server®. Server Core

Practical IPv6 for Windows Administrators

Windows 7 Administrators Pocket Consultant

Mastering Windows Server 2003

Inside Windows Server 2003

Windows Server Hacks

Mastering Windows Server 2003

Windows Server 2003 Registry

Introducing Windows Server 2008

Programming Windows Server 2003

Windows Server 2008 Unleashed

Pro Windows Server AppFabric

Windows Server Cookbook

Mastering Windows 2000 Server

Recommend Documents