Re: outlook on server
From: Gary Karasik (gkarasik2fea.net)
Date: 07/05/04
- Next message: Gary Karasik: "Re: Removing/reinstalling Exchange?"
- Previous message: Henry Craven: "Re: Backup without logging in"
- In reply to: Chad A. Gross [SBS MVP]: "Re: outlook on server"
- Next in thread: Kevin Weilbacher [SBS-MVP]: "Re: outlook on server"
- Reply: Kevin Weilbacher [SBS-MVP]: "Re: outlook on server"
- Reply: Chad A. Gross [SBS MVP]: "Re: outlook on server"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 5 Jul 2004 16:14:50 -0700
I already know all this.
How does it help the client if I abandon him? How does it educate him if I
walk away? He'll find someone else who will do what he wants, or he'll
figure out himself how to do what he wants.
If something bad happens about which I've warned him, it's on his head. It's
his server, his business. I tell him what the choices are, and he makes the
choice and lives with the consequenses. It's his choice to pay me now or pay
me later.
I have a client I've had for years now who wouldn't do any maintenance. He
couldn't see the point, and I fixed his system as it broke. Then he lost the
whole system, and his business nearly didn't recover, not to mention the
tens of thousands it cost him to get back up and running. Now he pays for
regular maintenance. He said, "Well, you told me this might happen."
Where's the percentage, for either of us, in walking away?
GaryK
"Chad A. Gross [SBS MVP]" <chad.gross@laytonflower.nospam.com> wrote in
message news:umTES6rYEHA.3156@TK2MSFTNGP12.phx.gbl...
> Hi Gary -
>
> It is very difficult to minimize the risk of someone using the server as a
> workstation, especially if you have an application that requires
> administrative rights - that user is now running in a Domain Admin context
> on your SBS . . . there's just no way to acceptibly minimize that risk .
.
> . it's just a ticking time bomb . . .
>
> I would rather see a client using an old Win98 - hell even Win95 PC as a
> short-term solution until they can afford another PC than use the server.
I
> know there are clients that insist on this - and in the end, it is their
> decision. What we do is to sit down and spell out very clearly that we
are
> there to help, and we recommend not using the server as a workstation
> because it is one of the single-most important steps any business can take
> to control their IT support costs. In addition, we point out that this is
> such a high-risk setup that we cannot support it, and that using the
server
> in that manner will void all of the warranties / guarantees we have
provided
> (with the obvious exception of the hardware warranty). Also, using the
> server as a workstation renders the client ineligible for any of our
support
> contracts. We also point out that it is very possible that the server
will
> need to be reinstalled at a future date, and that we most likely will not
be
> able to do a full system restore from backup as we cannot guarantee that
we
> are restoring to a known good configuration that isn't infected. As a
> result, the cost of a reinstall will be at least equal to the initial
> install price, plus a guaranteed x hours downtime where the system will be
> inaccessible. Bottom line is that this is our area of expertise, which is
> why you hired us. We have seen the effects of the server being used as a
> workstation and cannot overstate the damage potential. Then, if they
decide
> they still want to do this, we have them sign a document indicating that
> they have chosen to do this despite our recommendation. The document also
> includes our reasons for recommending against this setup and states that
the
> customer understands that with the exception of the hardware warranty, all
> warranties & guarantees with this system are null & void, they are
> ineligible for service agreements with us until we are able to return the
> network to a known good configuration (which is billable time) and that
any
> and all future support calls will be billed based on time and materials at
> our then current published rates.
>
> Gary - the question here really isn't how best to secure the server when
it
> is used as a workstation. The question is do you really want this kind of
> customer. One of the hardest things to do is to dump a customer -
> especially when you're working with small businesses - because if you're
> like me, you see the opportunity to really help a business increase their
> productivity and give them the tools to make their lives easier. But is
it
> really worth your time and energy if all this client wants is the cheapest
> solution (in upfront costs)? From someone who's been down this road, all
it
> is going to do is to cause you stress - you're going to be fixing problems
> that wouldn't exist if your advice was followed, and in the very short
> future it would have been less expensive for the client to purchase the
new
> machine. Then as time progresses, the client starts getting upset with
the
> money they're spending getting the same problem fixed month after month,
but
> fail to see that their insistence on doing it this way is the cause of the
> problem. It just gets ugly.
>
> I do understand the predicarment - unfortunately, there's not a whole hell
> of a lot you can do to secure the server if it's used as a workstation.
Be
> prepared for recurring problems and an unhappy client.
>
> --
>
> Chad A. Gross - SBS MVP
> SBS ROCKS!
>
> www.msmvps.com/cgross
> www.gosbs.org
>
>
> Gary Karasik wrote:
> > I'm not doing this because I want to. I'd like nothing better than a
> > client who says, "Do whatever you need to, and I'll pay for it." In
> > twenty years, I've had one of those.
> >
> > While using the server as a workstation is arguably a "Worst
> > Practice," consultants usually have to make the best of bad
> > situations. Necessity, reality, and unreasonable clients dictate that
> > we do things we wouldn't do in an ideal world. So then my job is to
> > provide the client with alternatives, explain the issues and dangers,
> > and then implement the clients' decisions. I don't often have the
> > luxury of saying, "That's a bad way to go, so you have to buy an
> > extra workstation that no one but me is going to use to check Outlook
> > once in a while." If I don't get fired, the what I'll get is a
> > response like, "No. I can't afford that. We'll use the server."
> >
> >
> > In some ways worse is the situation where they really don't intend to
> > use the server, but then they get in a situation where they think
> > they have to. Some in-office guru will figure out how to load Office
> > on the server and will do it without involving me. (I have to give
> > the owner of a business the admin passwords if he/she demands them.)
> > I have clients whom I don't see for months at a time because they
> > don't want to pay for regular maintenance. Sometimes I go to the site
> > and find people have loaded Office (or worse) on the server. I went
> > to a client recently whose teen-aged son had loaded Kazaa on the
> > server.
> >
> > While I appreciate the warnings that everyone has provided, if a
> > client insists on using the server as a workstation, I can either
> > refuse to work there anymore ("Sorry, you don't live up to my
> > principles of safe computing, so you'll have to find someone else) or
> > I need to set it up in the safest way possible. Intimations of
> > generalized disaster are of little use. What is of use is specific
> > information that might help to set up the server in the safest way
> > possible so as to avoid or at least mitigate these potential
> > disasters. After pointing out that MS recommends against it, Kevin's
> > citing the technote about side-by-side implementations was extremely
> > helpful. Putting an empty file named "OUTLOOK.EXE.LOCAL" in the
> > Outlook directory will direct Outlook to use only its local .DLLs so
> > they won't interfere with Exchange .DLLs.
> >
> > In addition to ISA, the server already has a good hardware firewall
> > and a good anti-virus program. I will try to run Outlook (and IE)
> > through ISA to lessen those dangers. But considering that the server
> > WILL be used as a workstation and that putting Outlook on the server
> > is required, is there anything else you can think of that might limit
> > the exposure.
> >
> > GaryK
> >
> > "Tobias Redelberger" <T.Redelberger@starnet-services.net> wrote in
> > message news:Okp8grmYEHA.556@tk2msftngp13.phx.gbl...
> >> Hi Gary,
> >>
> >> beside Frank McCallisters answer, sharing outlook for your users,
> >> you have to give them admin-rights to logon SBS2003 and because
> >> local admins on a Domain-Controller are always Domain-Admins too,
> >> you will get into big trouble e.g. if one of your "users" get a
> >> virus via outlook, because it has instantly full right to (almost)
> >> everything.
> >>
> >> So take our advice and install an extra workstation with Windows XP
> >> Pro for remote desktop sharing (reachable through Remote Web
> >> Workingplace - "Connect to my computer at work"), and even better
> >> spend the budget for a Terminal-Server. Maybe you can even save some
> >> money if you buy cheaper (but recommendable) used Terminal-clients
> >> (e.g. as early mentioned Compaq's Evo T20/30 CE.NET for about
> >> 100.200$ each) for both your local AND remote users.
> >>
> >> With this in mind first you will have to spend some extra money, but
> >> at last you can sleep well at night and don't have to spend your
> >> budget for trouble-shooting your solution.
> >>
> >>
> >> Tobias Redelberger
> >>
> >> StarNET Services (HomeOffice)
> >> Schoenbornstr. 57
> >> D-97440 Werneck
> >> Germany
> >>
> >> Tel: +49-(0)9722-4835
> >> Fax: +49-(0)9722-4836
> >> Mobil: +49-(0)179-25 98 341
> >>
> >> Email: T.Redelberger@starnet-services.net
> >> Web-Tel: +49-(0)1212-5-11651621
> >> Web-Fax: +49-(0)1212-5-11651621
> >>
> >>
> >> "Gary Karasik" <gkarasik2fea.net> schrieb im Newsbeitrag
> >> news:uTFzaUiYEHA.2500@TK2MSFTNGP09.phx.gbl...
> >>> Tobias,
> >>>
> >>> Just out of curiosity, what might happen if Outlook is loaded on
> >>> the server?
> >>>
> >>> GaryK
> >>>
> >>> "Tobias Redelberger" <T.Redelberger@starnet-services.net> wrote in
> >>> message news:OI9UEAeYEHA.556@tk2msftngp13.phx.gbl...
> >>>> Hi Keith,
> >>>>
> >>>> don't tell us later nobody has warned you.
> >>>>
> >>>> What you want to do is a NO NO ... no, better .. it's a NO NO NO
> >>>> NO NO!!!
> >>>>
> >>>> It's like buying a Ferrari (congratulations to M.Schuhmacher btw.)
> >>>> and driving it on a bumpy dirt road with high highspeed.
> >>>>
> >>>> Try to use SBS2003 as it meant to be. Use Exchange-Server as your
> >>>> Central-Mail-Service. Configuring it is like a snap if you use the
> >>>> wizards.
> >>>>
> >>>> Let your Users connect to it via OWA (Outlook Web Access). If you
> >>>> want to share appliaction, use Remote-Desktop but NOT on a SBS2003
> >>>> in ADMIN-MODE!!!!. It's much cheaper (long term view - TCO) buying
> >>>> an extra Workstation (Windows XP Pro) or better Windows 2003
> >>>> Terminal Server for Remote Application Sharing then killing
> >>>> yourself with your suggested solution.
> >>>>
> >>>> We warned you..
> >>>>
> >>>>
> >>>> Tobias Redelberger
> >>>>
> >>>> StarNET Services (HomeOffice)
> >>>> Schoenbornstr. 57
> >>>> D-97440 Werneck
> >>>> Germany
> >>>>
> >>>> Tel: +49-(0)9722-4835
> >>>> Fax: +49-(0)9722-4836
> >>>> Mobil: +49-(0)179-25 98 341
> >>>>
> >>>> Email: T.Redelberger@starnet-services.net
> >>>> Web-Tel: +49-(0)1212-5-11651621
> >>>> Web-Fax: +49-(0)1212-5-11651621
> >>>>
> >>>>
> >>>> "Keith" <webappl@pulleninc.com> schrieb im Newsbeitrag
> >>>> news:2613301c461d8$342bc350$a401280a@phx.gbl...
> >>>>> I can tell you why we want Outlook on the server. The
> >>>>> reason we purchased SBS is so a few users could connect to
> >>>>> resources in the office while they are on the road. We
> >>>>> all use Outlook 2000 with pop accounts at a reliable ISP.
> >>>>> (no webmail) We could disable Exchange, but it's nice to
> >>>>> have the adminisrator account be able to mail out alerts,
> >>>>> amoung other things. And we may move to Exchange email at
> >>>>> some point in the future. But we don't want to move all
> >>>>> our mail services to Exchange at this point. Too many
> >>>>> points of failure and don't have the time or resources to
> >>>>> setup multiple back systems like our ISP has in place.
> >>>>> They are never down. (at lease not in the last 10 years)
> >>>>> Anyway, the users need to be able to open Outlook on the
> >>>>> server when they connect remotely.
> >>>>>
> >>>>> Also, this is a very small office and the server is also
> >>>>> used as a workstation. The user at the server needs to
> >>>>> use Outlook as well.
> >>>>>
> >>>>> We're looking into having Exchange pull email from accouts
> >>>>> at the isp. That way email won't bouce back to senders
> >>>>> even if our local system was down for some reason. But one
> >>>>> thing at a time.
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> Gary,
> >>>>>>
> >>>>>> The KB article I believe you are referring to actually
> >>>>> strongly warns that
> >>>>>> you do NOT install Outlook on SBS2003, and instead urges
> >>>>> you to use OWA if
> >>>>>> you must access mail from the server. But that if you
> >>>>> wish to proceed, it
> >>>>>> does give you a link with more info.
> >>>>>>
> >>>>>> Here is the KB article:
> >>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-
> >>>>> us;828050
> >>>>>>
> >>>>>> Can you tell us why you wish to install Outlook on your
> >>>>> server?
> >>>>>>
> >>>>>> --
> >>>>>> Kevin Weilbacher [SBS-MVP]
> >>>>>> "The days pass by so quickly now, the nights are seldom
> >>>>> long"
> >>>>>>
> >>>>>>
> >>>>>> "Gary Karasik" <gkarasik2fea.net> wrote in message
> >>>>>> news:OPnLgCdYEHA.2736@TK2MSFTNGP10.phx.gbl...
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> Some months back there was a reference to a KB article
> >>>>> explaining how to
> >>>>>>> safely load Outlook on the Exchange server. I have lost
> >>>>> the reference. Can
> >>>>>>> anyone point me in the right direction?
> >>>>>>>
> >>>>>>> GaryK
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>> .
>
>
- Next message: Gary Karasik: "Re: Removing/reinstalling Exchange?"
- Previous message: Henry Craven: "Re: Backup without logging in"
- In reply to: Chad A. Gross [SBS MVP]: "Re: outlook on server"
- Next in thread: Kevin Weilbacher [SBS-MVP]: "Re: outlook on server"
- Reply: Kevin Weilbacher [SBS-MVP]: "Re: outlook on server"
- Reply: Chad A. Gross [SBS MVP]: "Re: outlook on server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
