Windows Small Business Server 2008 provides all the tools small companies need to improve collaboration, enhance productivity, and manage and secure all their information. In this book, a team of leading SBS experts brings together the in-depth knowledge and real-world insights you need to make the most of this state-of-the-art product.\ Microsoft Most Valuable Professionals Eriq Neale and his colleagues cover every facet of planning, deploying, and managing SBS 2008. The authors begin by...
Windows Small Business Server 2008 provides all the tools small companies need to improve collaboration, enhance productivity, and manage and secure all their information. In this book, a team of leading SBS experts brings together the in-depth knowledge and real-world insights you need to make the most of this state-of-the-art product. Microsoft Most Valuable Professionals Eriq Neale and his colleagues cover every facet of planning, deploying, and managing SBS 2008. The authors begin by showing how to install and configure SBS 2008 for maximum efficiency, performance, and ease of administration. You’ll learn how to securely utilize SBS 2008’s comprehensive Internet, file, and print services; simplify and automate both server and workstation management; and take full advantage of both SharePoint collaboration and Exchange communication tools. This book is packed with expert tips, tricks, and troubleshooting techniques drawn from the authors’ unsurpassed experience helping companies succeed with SBS. Whether you’re a full-time IT professional or a power user who’s managing SBS in your spare time, it will be your most valuable resource. Detailed information on how to... Plan, install, configure, and customize SBS 2008 in any environment Set up and manage SBS 2008-based networks, Web access, and collaboration–including SharePoint Services 3.0 Leverage Remote Web Workplace and other advanced remote access solutions Manage email and other communications with SBS 2008’s built-in Microsoft Exchange Server 2007 Centrally control Windows Vista, Windows XP, and other clients Seamlessly integrate Macintoshcomputers into your Windows network Protect your servers and workstations against both internal and external threats Prepare backups and disaster recovery plans you can actually use in an emergency Streamline and automate administration using Microsoft PowerShell
Foreword xxvii Introduction 1 Book Overview 2 Part 1 Introduction and Setup Chapter 1 Welcome to Small Business Server 2008 5 History of the SBS Product 5 BackOffice Small Business Server 4.0 6 BackOffice Small Business Server 4.5 7 Microsoft Small Business Server 2000 7 Microsoft Small Business Server 2003 8 Essential Server Solution Family 9 Features of SBS 2008 9 Communication 9 Collaboration 10 Protection 11 Expansion 12 Limitations of SBS 2008 13 Hardware Limitations 13 Software Limitations 14 Support for SBS 2008 14 Community Support 14 Online Support 15 Official Product Support 16 Chapter 2 Planning for the SBS 2008 Deployment 17 Knowing the Client Base 17 Understanding How the Server Will Be Used 18 Planning for Correct Licensing. 19 Planning the Hardware 22 Planning the Network 23 Changes in Network Options from Previous Versions 23 Connection to the Internet 23 IP Address Ranges 24 DHCP Configuration 25 Public and Private Domain Names 26 Planning the Storage Layout 26 Changes in Storage from Previous Versions 27 Multiple Partitions Versus Multiple Spindles 27 Minimum Partition/Spindle Sizes 28 Fault Tolerance 29 Backup Technologies 32 Chapter 3 Installing and Configuring SBS 2008 35 Preparing for SBS 2008 Installation 36 Collecting Information for the Setup Process 36 Configuring the Internal Network 37 Disabling DHCP on the Network 37 Installing SBS 2008 38 Collect the Initial Setup Data 38 Prepare the Disk Infrastructure 38 Complete Setup 40 Performing the Initial Configuration of SBS 2008 45 Run the Connect to the Internet Wizard 45 Install Security Updates 48 Run the Set Up Internet Address Wizard 48 Complete Other Setup Tasks 54 Troubleshooting SBS 2008 Installation Issue 57 Log Files 57 Setup Issues 57 Known Installation Issue 59 Part 2 Managing Network and Web Configuration Chapter 4 DNS, DHCP, and Active Directory Integration 63 Understanding the Role of DNS and DHCP 63 Native Tools 64 Preparations and Caveats 67 Default Configuration of DNS and DHCP 67 Securing DNS and DHCP 70 Securing DNS 70 Securing DHCP 71 New in SBS 2008 72 Adding DNS Records 75 Reserving IP Addresses in DHCP Server 76 Troubleshooting 78 Event Log Errors 78 Dcdiag 79 Ping 80 NSLookup 81 Can’t Resolve a Host or Web Site Name 81 ISP’s DNS Server Is Down 82 DNS Returns a Bad Location 82 Curse of the Hosts File 82 There’s a Rogue DHCP Server 82 Chapter 5 Internet Information Services 7.0 85 The Web Sites Under the Hood 85 External-Facing Web Sites Included with SBS 2008 86 Internal Web Sites Included with SBS 2008 86 Additional Web Sites That Can Be Combined with SBS 2008 87 Protecting the Server 87 Default SBS Web Sites 88 Integration with SharePoint 89 Configuring the Default SBS Web Sites 89 Settings for the Default Web Site 95 Settings for the SBS SharePoint Site and for the SharePoint Central Administration v3 96 Settings for the SBS Web Applications and Windows Server Client Deployment Applications 97 Settings for the WSUS Administrator Web Site 98 Protecting Web Site Configuration 99 Backup and Recovery of Metadata Information 99 The Appcmd Command 100 Backing Up the Web Site Configuration 101 Using System State Backup 103 Backup and Recovery of Web Sites 104 Configuring Additional Web Sites 104 Managing SSL Certificates in IIS 106 Understanding the Default Certificates 107 Deciding When to Use a Third-Party Certificate 107 Working with Third-Party Certificates 108 Requesting and Installing a Third-Party Certificate with the Add a Trusted Certificate Wizard 108 Manually Requesting and Installing a Third-Party Certificate 110 Integrating External Web Publishing 116 Troubleshooting IIS 117 Service Unavailable 117 Server Not Found. 118 Chapter 6 Remote Web Workplace and Other Remote Access Solutions 121 Understanding the Role of Remote Accessibility Solutions in SBS 2008 121 Remote Web Workplace 122 VPN 126 RDP 126 Managing and Using Remote Web Workplace 128 Managing the Remote Web Workplace Interface 128 Using the Remote Web Workplace Interface 133 Managing and Using VPN 136 Managing VPN 136 Using VPN 140 Managing and Using Remote Desktop 141 Managing Remote Desktopv 141 Using Remote Desktop 152 Securing Remote Access Solutions 159 Network Security 160 Password Security 161 Troubleshooting Remote Access Solutions 162 RWW Access Issues 162 VPN Access Issues 163 RDP Access Issues 163 Chapter 7 SharePoint and Companyweb 165 Understanding the Role of SharePoint and Companyweb in SBS 2008 166 Companyweb’s Components 166 What’s “In the Box” with SharePoint? 167 Understanding the Default Settings of SharePoint and Companyweb 173 Companyweb Port Settings 173 Companyweb Mobile Settings 173 SharePoint Default URL Mapping 174 Default Program and Data File Locations 175 Customizing SharePoint and Companyweb 176 Merging Data from an Existing WSS 3.0 Site into Companyweb 177 Developing a Data Protection Plan for SharePoint and Companyweb 180 The Recycle Bin 180 Backup and Restore with Native SharePoint Backup 181 Backup and Restore with Small Business Server Backup 183 Troubleshooting SharePoint and Companyweb 185 Event ID Error Message 10016 Is Logged in the System Log After You Install Windows SharePoint Services 3.0 185 Migration 186 Part 3 Managing E-Mail Chapter 8 Exchange Management 191 Default Mail Configuration 193 Mail Hygiene 194 Preventing the Reverse NDR Attack 197 Configuring Recipient Filtering 198 SMTP Tarpitting 198 Hosted Anti-Spam Solutions 199 Getting Your Mail Delivered 200 How Mail Gets Delivered 200 Ensuring Delivery 200 The Windows SBS POP3 Connector 203 How Does the POP3 Connector Work? 203 Limitations of the POP3 Connector 204 Setting Up the POP3 Connector 204 Receiving Mail for Multiple Domains 206 Adding Additional E-Mail Domains 206 Routing Mail for a Non-Authoritative Zone 212 Cohosting Multiple Organizations on a Single Server 215 Getting Information About Mailboxes 217 Managing Limits 218 With the GUI 218 Setting Limits with PowerShell 221 Using Transport Rules 222 Setting Up Disclaimers with Transport Rules 222 To Create Copies of E-Mails 223 Archiving Mail 224 Using SharePoint Libraries 224 Using Exchange Journaling 225 Troubleshooting Exchange Management Issues 230 Troubleshooting Outbound Mail Delivery 230 Troubleshooting the Content Filter 235 Troubleshooting POP3 Connector 237 Chapter 9 Exchange 2007 Client Connectivity 241 Choosing the Right Exchange Client 242 Outlook 2007 243 What’s New in Outlook 2007 243 Installing Outlook 2007 244 Configuring Outlook 2007 245 Cached Exchange Mode 247 Outlook Anywhere 252 How Outlook Anywhere Works 253 Configuring Outlook Anywhere 253 Outlook Web Access 2007 258 Improvements in Outlook Web Access 2007 258 Using Outlook Web Access 2007 259 E-Mail Certificates in OWA and Outlook 2007 263 Remote File Access in OWA 2007 264 ActiveSync 265 Different Versions of ActiveSync 265 Windows Mobile Devices 266 iPhone 270 Palm Devices 272 Troubleshooting Exchange 2007 Client Connectivity 272 Troubleshooting Auto Account Setup 273 Troubleshooting Cached Exchange Mode 273 Troubleshooting Exchange 2007 ActiveSync 274 Chapter 10 Exchange Disaster Recovery 277 Understanding the Exchange Database Structure 278 Exchange Storage Groups 279 Extensible Storage Engine (ESE) Databases 281 Circular Logging 283 Checkpoint File 283 Transactions 284 Understanding Exchange Backup Methods and Requirements 285 Online Backup 286 Offline Backup 287 Security Permissions 288 Configuring Deleted Item and Mailbox Retention 289 Using Local Continuous Replication 290 Using Windows Backup 294 Using Export-Mailbox 295 Using ExMerge 296 Other Backup Solutions 298 Recovering Exchange Databases from Backup 298 Events Requiring Exchange Recovery 299 Recovery Process 300 Using the SBS Backup Wizard to Restore 300 Using the Recovery Storage Group 303 Mailbox Recovery Using a Recovery Storage Group 307 Using ExMerge to Restore 309 Using Third-Party Solutions to Restore. 310 Repairing a Damaged Exchange Database 311 Recovery Tools 311 ESEUTIL /R 314 ESEUTIL /P 314 ISINTEG 315 Troubleshooting Exchange Disaster Recovery Issues 316 Part 4 Managing Client Connectivity Chapter 11 Group Policy in SBS 2008 321 How SBS 2008 Employs Group Policies 322 Default AD Policies 322 User Folder Redirection 323 WSUS Implementation in SBS 2008 323 Workstation Client-Specific Settings 323 SBS 2008 User Account Settings 323 Overview of Group Policy 324 Group Policy Settings 324 Group Policy Preferences 325 Working with the Group Policy Management Console 328 Navigating the Group Policy Management Console 329 Viewing Group Policy Settings 330 Group Policy Scope and Order of Application 335 Working with Group Policy Modeling and Results 339 Creating the Modeling Report 340 Creating the Results Report 342 Default SBS 2008 Group Policy Objects 343 Default Domain Controllers Policy 344 Default Domain Policy 346 Small Business Server Folder Redirection Policy 347 Update Services Client Computers Policy 348 Update Services Common Settings Policy 349 Update Services Server Computers Policy 349 Windows SBS Client Policy 350 Windows SBS CSE Policy 351 Windows SBS ClientWindows Vista Policy 352 Windows SBS ClientWindows XP Policy 352 Windows SBS User Policy 353 Creating and Modifying Group Policy Objects in SBS 2008 354 Planning the GPO 355 Testing the GPO 357 Implementing the GPO 361 Troubleshooting Group Policy 361 Group Policy Testing Tools 361 Backing Up and Restoring Group Policy 366 Chapter 12 User and Computer Management 369 Understanding the Role of User and Computer Management in SBS 2008 369 Understanding the Role of User Management in SBS 2008 370 Understanding the Role of Computer Management in SBS 2008 371 Understanding the Default Settings of User and Computer Management 371 Understanding User Default Settings 371 Understanding Default Computer Settings 378 Customizing User and Computer Management 381 Customizing User Settings 381 Customizing Computer Management 392 Chapter 13 Macintosh Integration 403 Understanding the Role of Macintosh Integration in an SBS 2008 Network 403 Native Tools 404 Third-Party Tools 404 Planning and Preparing the Network Environment 405 Domain Naming Conventions 405 Active Directory Integration 405 Account Username Conflicts 406 Operating System Notes 407 Preparing SBS 2008 Server 408 SBS 2008 as the Network DHCP Server 408 File Services for Macintosh Not Required 408 SMB Signing Compatibility Requirements 408 Connecting Macs to the SBS 2008 Network 410 Configure DHCP Support on the Mac 410 Configuring Mac OS 10.5 412 Accessing Files 414 Configuring Mac OS 10.4 414 Configuring Mac OS 10.5 416 Connecting to Active Directory 417 Configuring Mac OS 10.4 417 Configuring Mac OS 10.5 422 Accessing E-Mail 428 Preparing the SBS 2008 Network 429 Preparing the Macintosh for Entourage Connectivity 429 Configuring Entourage 2004 431 Configuring Entourage 2008 433 Accessing SBS 2008 Web Resources 435 Companyweb 436 Outlook Web Access 437 Remote Web Workplace 437 Troubleshooting 437 Network Connectivity 437 File Share Access 440 E-Mail Access 440 Windows Support on the Macintosh 441 Boot Camp 441 Parallels Desktop for Mac and VMWare Fusion 442 Chapter 14 Additional Servers 445 Understanding the Role of Additional Servers in an SBS 2008 Network 446 Licensing for Additional Servers 446 Scenarios for Additional Servers 447 Misconceptions About Using Additional Servers 450 Implementing Additional Servers 450 Common Implementation Tasks 451 Additional Domain Controller Configuration 459 Terminal Server Configuration 469 Developing a Data Protection Plan for Additional Servers 478 Installing Backup Services 478 Running a Manual Backup 479 Scheduling Regular Backups 479 Chapter 15 Managing Workstations Through Group Policy 485 Editing and Adding to Default Policies and Settings 491 Organizational Units 491 Security Groups 492 Default Policies 493 Group Policy Impact on Workstations 499 Update Services Client Computer Policy 499 Update Services Common Settings Policy 500 Windows SBS User Policy 502 Group Policy per Workstations 504 Windows SBS ClientWindows Vista Policy 505 Default Vista Firewall Policies 507 Windows SBS ClientWindows XP Policy 509 Windows SBS Client Policy 510 Small Business Server Folder Redirection 510 Deploying Software 511 Controlling the Workstations 515 Adjusting Permissions Using Group Policy 516 Using Group Policy in the Vista Era 519 User Account Control 520 Mapping Network Drives 521 Controlling USB Devices 522 Troubleshooting 526 Part 5 Managing Security and System Health Chapter 16 Monitoring and Reporting 531 Understanding the Role of Monitoring and Reporting in SBS 2008 532 Understanding the Default Settings of Monitoring and Reporting 533 Security 534 Updates 534 Backup 534 Other Alerts 534 Notification Settings 534 Setting Up the Default Monitoring Reports 535 The Daily Report 538 The Weekly Report 541 Customizing Monitoring and Reporting 543 Setting Up Your Own Report 544 Creating Custom Alerts and Notifications 545 Deploying the Custom Alert 549 Sample Event for OneCare 551 Developing a Data Protection Plan for Monitoring and Reporting 552 Special Backups of the Database 552 Scheduling a Backup 553 Shrinking a Database 555 Additional Reporting Capabilities 555 WSUS Reports 555 FSRM Reports 558 Troubleshooting Monitoring and Reporting 558 Best Practices Analyzer 562 Third-Party Monitoring Solutions 563 Chapter 17 Managing Server and Workstation Security 565 The Benefits and Pitfalls of a Single Integrated Server 565 Covering the Basics 566 Physical Security 566 Default Shares 566 Passwords 568 Shared Folders 570 Creating a Share Using the Add a New Shared Folder Wizard 571 Creating a Share Without Using the Wizard 573 Folder Redirection 574 File Server Resource Manager 576 Storage Reports Management 577 Quota Management 578 Default Security Groups 579 User Roles 581 Creating and Editing User Roles 582 Changes to Administrative Access in Windows 200 584 UACUser Account Control 584 Firewall Protection 588 Windows Firewall with Advanced Security 588 Enable Logging 590 Configuring Rules 591 Windows Firewall in XP and Vista 593 Edge Firewall 594 Ports and Firewall Discovery 594 The Case for Controlling Outbound Access 595 OneCare for Server 596 Configuring OneCare 597 Additional Online Features 598 Windows Software Update Services 601 Managing WSUS 602 Changing Settings 602 Maintaining WSUS Health 604 Expanding the Definition of Security 605 Backup 606 Group Policy 606 Remote Access to Network Resources 607 Chapter 18 Backup and Disaster Recovery 609 What’s New with SBS 2008 Backup and Recovery 610 New Backup Technology 610 Design Considerations 612 Improved Backup 612 Easier Scheduling 613 Dedicated Backup Devices 613 Exchange/SharePoint Backup and Recovery 613 Easier Recovery 614 No Built-in Client Backup 614 Understanding Backup Issues 614 File Recovery 614 Archiving 615 System Recovery 615 Hardware and Media 616 The Backup Plan 616 Site and Security 617 Backup Schedule 617 Using the SBS Backup Tools 618 Windows SBS Console 619 Windows Server Backup 627 WBADMIN Command-Line 631 Windows Recovery Environment 633 Backing Up SBS 2008 Premium Second Server 633 Disaster Recovery with SBS Backup Tools 634 Recovery Wizard 635 Full (Bare-Metal) Restore 639 Troubleshooting Backup Issues 640 Part 6 Beyond SBS 2008 Chapter 19 IPv6 Overview 645 Introducing IPv6 646 New Features 646 Why Do I Need IPv6? 647 How Do I Read IPv6? 647 Saying Goodbye to DHCP 648 Creating IPv6 DNS Entries 649 Using IPv6 649 IPv6 in ActionWindows Meeting Space 649 Troubleshooting IPv6 652 Troubleshooting Utilities 652 Learning Path 653 Chapter 20 PowerShel1 655 Who Needs PowerShell 655 Why PowerShell? 656 How PowerShell Is Used 656 PowerShell Under the Hood 657 PowerShell Basics 658 Using PowerShell 659 Getting Started 660 Commands 661 Aliases 663 Execution Settings 664 Basic PowerShell Example 664 Windows PowerShell Script 666 Exchange PowerShell Script 668 The Power of PowerShel 672 get-command 672 Get-help 685 get-member 686 Get-PSDriv 687 PowerShell Resources 687 Chapter 21 Advanced Installation Options 691 Understanding the Answer File 691 Answer File Generator 691 Answer File Format 695 Installing SBS 2008 with a Custom Internal Domain Name 698 Prepare the Answer File 698 Perform the Installation 699 Installing SBS 2008 into an Existing Active Directory Domain 700 Prepare the Existing Server 701 Install SBS 2008 in Migration Mode 707 Configuring the New Server 708 Moving Data and Settings from the Old Server 712 Reconfigure the Old Server 717 Installing Forefront Security for Exchange and Windows Live OneCare for Server Manually 720 Forefront Security for Exchange 720 Windows Live OneCare for Server 722 A SBS 2008 Resources 725 Microsoft Community Resources 725 SBS 2008 Technical Documentation 725 Web Sites and RSS Feeds 725 Newsgroups 726 Web Logs (Blogs) 726 Small Business Community Resources 726 Web Sites/Blogs 726 Mailing Lists 727 Exchange Resources 727 Macintosh Resources 728 Web Pages and RSS Feeds 728 Newsgroups 728 Mailing Lists 728 iPhone Resources 728 Outlook Resources 729 Outlook Web Access Resources 729 ActiveSync/PocketPC Resources 729 SBS Monitoring and Reporting Resources 730 Group Policy Resources 730 PowerShell Resources 731 Web Resources 731 Books 731 RRAS, VPN, and Network Security Resources 731 Terminal Server Resources 732 Workstation Security Resources 732 Anti-Virus/Anti-Malware Tools 732 Security Response Toolkit 733 Security and Patching Resources 734 General Security Information 734 WSUS Resources 735 Index 737