Re: outlook on server
From: Chad A. Gross [SBS MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 07/06/04
- Next message: Kevin Weilbacher [SBS-MVP]: "Re: Removing/reinstalling Exchange?"
- Previous message: Kevin Weilbacher [SBS-MVP]: "Re: outlook on server"
- In reply to: Gary Karasik: "Re: outlook on server"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 5 Jul 2004 19:10:05 -0500
It's definitely not easy Gary . . . and there isn't any black & white
answer. I review each client individually. If the client is willing to
accept the risk, and willing to pay the bill to fix it, that's one thing.
However, it's hard to know if that is actually going to be the case, despite
what is said up front. I've had the experience of a client who accepted the
risk, then when everything went south several months later conveniently
forgot about our whole conversation regarding accepting risk, and refused to
pay the invoice for bringing their network back up. Then had the nerve to
sue me for negligence and a few other things . . . luckily, I had the
signed form where the customer indicated he was accepting the risk - so
legal fees could have been much worse than the couple grand it cost - but
they still never paid the invoice and I know of a few occassions where they
spoke ill of me as a result. So I lost big-time on that deal - for no other
reason that giving the customer what they wanted up front. That encounter
opened my eyes a little, and I realized that I am exposing myself to a
certain amount of risk with each client that choses to assume risk. So
while it may seem a little paternalistic to think of it as 'protecting them
from themselves,' - remember that to a lesser degree, you are protecting
yourself from them as well.
In the end - I'm not saying that you should walk away from every client that
wants to do this. Just be aware of the potential risks you're exposing
yourself to. This is just like IT Security - only it's business security.
We each have to do our own risk analysis and determine what is an acceptible
level of risk for us . . .
--
Chad A. Gross - SBS MVP
SBS ROCKS!
www.msmvps.com/cgross
www.gosbs.org
Gary Karasik wrote:
> I already know all this.
>
> How does it help the client if I abandon him? How does it educate him
> if I walk away? He'll find someone else who will do what he wants, or
> he'll figure out himself how to do what he wants.
>
> If something bad happens about which I've warned him, it's on his
> head. It's his server, his business. I tell him what the choices are,
> and he makes the choice and lives with the consequenses. It's his
> choice to pay me now or pay me later.
>
> I have a client I've had for years now who wouldn't do any
> maintenance. He couldn't see the point, and I fixed his system as it
> broke. Then he lost the whole system, and his business nearly didn't
> recover, not to mention the tens of thousands it cost him to get back
> up and running. Now he pays for regular maintenance. He said, "Well,
> you told me this might happen."
>
> Where's the percentage, for either of us, in walking away?
>
> GaryK
>
> "Chad A. Gross [SBS MVP]" <chad.gross@laytonflower.nospam.com> wrote
> in message news:umTES6rYEHA.3156@TK2MSFTNGP12.phx.gbl...
>> Hi Gary -
>>
>> It is very difficult to minimize the risk of someone using the
>> server as a workstation, especially if you have an application that
>> requires administrative rights - that user is now running in a
>> Domain Admin context on your SBS . . . there's just no way to
>> acceptibly minimize that risk . . . it's just a ticking time bomb .
>> . .
>>
>> I would rather see a client using an old Win98 - hell even Win95 PC
>> as a short-term solution until they can afford another PC than use
>> the server. I know there are clients that insist on this - and in
>> the end, it is their decision. What we do is to sit down and spell
>> out very clearly that we are there to help, and we recommend not
>> using the server as a workstation because it is one of the
>> single-most important steps any business can take to control their
>> IT support costs. In addition, we point out that this is such a
>> high-risk setup that we cannot support it, and that using the server
>> in that manner will void all of the warranties / guarantees we have
>> provided (with the obvious exception of the hardware warranty).
>> Also, using the server as a workstation renders the client
>> ineligible for any of our support contracts. We also point out that
>> it is very possible that the server will need to be reinstalled at a
>> future date, and that we most likely will not be able to do a full
>> system restore from backup as we cannot guarantee that we are
>> restoring to a known good configuration that isn't infected. As a
>> result, the cost of a reinstall will be at least equal to the
>> initial install price, plus a guaranteed x hours downtime where the
>> system will be inaccessible. Bottom line is that this is our area
>> of expertise, which is why you hired us. We have seen the effects
>> of the server being used as a workstation and cannot overstate the
>> damage potential. Then, if they decide they still want to do this,
>> we have them sign a document indicating that they have chosen to do
>> this despite our recommendation. The document also includes our
>> reasons for recommending against this setup and states that the
>> customer understands that with the exception of the hardware
>> warranty, all warranties & guarantees with this system are null &
>> void, they are ineligible for service agreements with us until we
>> are able to return the network to a known good configuration (which
>> is billable time) and that any and all future support calls will be
>> billed based on time and materials at our then current published
>> rates.
>>
>> Gary - the question here really isn't how best to secure the server
>> when it is used as a workstation. The question is do you really
>> want this kind of customer. One of the hardest things to do is to
>> dump a customer - especially when you're working with small
>> businesses - because if you're like me, you see the opportunity to
>> really help a business increase their productivity and give them the
>> tools to make their lives easier. But is it really worth your time
>> and energy if all this client wants is the cheapest solution (in
>> upfront costs)? From someone who's been down this road, all it is
>> going to do is to cause you stress - you're going to be fixing
>> problems that wouldn't exist if your advice was followed, and in
>> the very short future it would have been less expensive for the
>> client to purchase the new machine. Then as time progresses, the
>> client starts getting upset with the money they're spending getting
>> the same problem fixed month after month, but fail to see that their
>> insistence on doing it this way is the cause of the problem. It
>> just gets ugly.
>>
>> I do understand the predicarment - unfortunately, there's not a
>> whole hell of a lot you can do to secure the server if it's used as
>> a workstation.
> Be
>> prepared for recurring problems and an unhappy client.
>>
>> --
>>
>> Chad A. Gross - SBS MVP
>> SBS ROCKS!
>>
>> www.msmvps.com/cgross
>> www.gosbs.org
>>
>>
>> Gary Karasik wrote:
>>> I'm not doing this because I want to. I'd like nothing better than a
>>> client who says, "Do whatever you need to, and I'll pay for it." In
>>> twenty years, I've had one of those.
>>>
>>> While using the server as a workstation is arguably a "Worst
>>> Practice," consultants usually have to make the best of bad
>>> situations. Necessity, reality, and unreasonable clients dictate
>>> that
>>> we do things we wouldn't do in an ideal world. So then my job is to
>>> provide the client with alternatives, explain the issues and
>>> dangers, and then implement the clients' decisions. I don't often
>>> have the
>>> luxury of saying, "That's a bad way to go, so you have to buy an
>>> extra workstation that no one but me is going to use to check
>>> Outlook once in a while." If I don't get fired, the what I'll get
>>> is a
>>> response like, "No. I can't afford that. We'll use the server."
>>>
>>>
>>> In some ways worse is the situation where they really don't intend
>>> to use the server, but then they get in a situation where they think
>>> they have to. Some in-office guru will figure out how to load Office
>>> on the server and will do it without involving me. (I have to give
>>> the owner of a business the admin passwords if he/she demands them.)
>>> I have clients whom I don't see for months at a time because they
>>> don't want to pay for regular maintenance. Sometimes I go to the
>>> site and find people have loaded Office (or worse) on the server. I
>>> went
>>> to a client recently whose teen-aged son had loaded Kazaa on the
>>> server.
>>>
>>> While I appreciate the warnings that everyone has provided, if a
>>> client insists on using the server as a workstation, I can either
>>> refuse to work there anymore ("Sorry, you don't live up to my
>>> principles of safe computing, so you'll have to find someone else)
>>> or
>>> I need to set it up in the safest way possible. Intimations of
>>> generalized disaster are of little use. What is of use is specific
>>> information that might help to set up the server in the safest way
>>> possible so as to avoid or at least mitigate these potential
>>> disasters. After pointing out that MS recommends against it, Kevin's
>>> citing the technote about side-by-side implementations was extremely
>>> helpful. Putting an empty file named "OUTLOOK.EXE.LOCAL" in the
>>> Outlook directory will direct Outlook to use only its local .DLLs so
>>> they won't interfere with Exchange .DLLs.
>>>
>>> In addition to ISA, the server already has a good hardware firewall
>>> and a good anti-virus program. I will try to run Outlook (and IE)
>>> through ISA to lessen those dangers. But considering that the server
>>> WILL be used as a workstation and that putting Outlook on the server
>>> is required, is there anything else you can think of that might
>>> limit the exposure.
>>>
>>> GaryK
>>>
>>> "Tobias Redelberger" <T.Redelberger@starnet-services.net> wrote in
>>> message news:Okp8grmYEHA.556@tk2msftngp13.phx.gbl...
>>>> Hi Gary,
>>>>
>>>> beside Frank McCallisters answer, sharing outlook for your users,
>>>> you have to give them admin-rights to logon SBS2003 and because
>>>> local admins on a Domain-Controller are always Domain-Admins too,
>>>> you will get into big trouble e.g. if one of your "users" get a
>>>> virus via outlook, because it has instantly full right to (almost)
>>>> everything.
>>>>
>>>> So take our advice and install an extra workstation with Windows XP
>>>> Pro for remote desktop sharing (reachable through Remote Web
>>>> Workingplace - "Connect to my computer at work"), and even better
>>>> spend the budget for a Terminal-Server. Maybe you can even save
>>>> some money if you buy cheaper (but recommendable) used
>>>> Terminal-clients (e.g. as early mentioned Compaq's Evo T20/30
>>>> CE.NET for about 100.200$ each) for both your local AND remote
>>>> users.
>>>>
>>>> With this in mind first you will have to spend some extra money,
>>>> but
>>>> at last you can sleep well at night and don't have to spend your
>>>> budget for trouble-shooting your solution.
>>>>
>>>>
>>>> Tobias Redelberger
>>>>
>>>> StarNET Services (HomeOffice)
>>>> Schoenbornstr. 57
>>>> D-97440 Werneck
>>>> Germany
>>>>
>>>> Tel: +49-(0)9722-4835
>>>> Fax: +49-(0)9722-4836
>>>> Mobil: +49-(0)179-25 98 341
>>>>
>>>> Email: T.Redelberger@starnet-services.net
>>>> Web-Tel: +49-(0)1212-5-11651621
>>>> Web-Fax: +49-(0)1212-5-11651621
>>>>
>>>>
>>>> "Gary Karasik" <gkarasik2fea.net> schrieb im Newsbeitrag
>>>> news:uTFzaUiYEHA.2500@TK2MSFTNGP09.phx.gbl...
>>>>> Tobias,
>>>>>
>>>>> Just out of curiosity, what might happen if Outlook is loaded on
>>>>> the server?
>>>>>
>>>>> GaryK
>>>>>
>>>>> "Tobias Redelberger" <T.Redelberger@starnet-services.net> wrote in
>>>>> message news:OI9UEAeYEHA.556@tk2msftngp13.phx.gbl...
>>>>>> Hi Keith,
>>>>>>
>>>>>> don't tell us later nobody has warned you.
>>>>>>
>>>>>> What you want to do is a NO NO ... no, better .. it's a NO NO NO
>>>>>> NO NO!!!
>>>>>>
>>>>>> It's like buying a Ferrari (congratulations to M.Schuhmacher
>>>>>> btw.) and driving it on a bumpy dirt road with high highspeed.
>>>>>>
>>>>>> Try to use SBS2003 as it meant to be. Use Exchange-Server as your
>>>>>> Central-Mail-Service. Configuring it is like a snap if you use
>>>>>> the wizards.
>>>>>>
>>>>>> Let your Users connect to it via OWA (Outlook Web Access). If you
>>>>>> want to share appliaction, use Remote-Desktop but NOT on a
>>>>>> SBS2003
>>>>>> in ADMIN-MODE!!!!. It's much cheaper (long term view - TCO)
>>>>>> buying
>>>>>> an extra Workstation (Windows XP Pro) or better Windows 2003
>>>>>> Terminal Server for Remote Application Sharing then killing
>>>>>> yourself with your suggested solution.
>>>>>>
>>>>>> We warned you..
>>>>>>
>>>>>>
>>>>>> Tobias Redelberger
>>>>>>
>>>>>> StarNET Services (HomeOffice)
>>>>>> Schoenbornstr. 57
>>>>>> D-97440 Werneck
>>>>>> Germany
>>>>>>
>>>>>> Tel: +49-(0)9722-4835
>>>>>> Fax: +49-(0)9722-4836
>>>>>> Mobil: +49-(0)179-25 98 341
>>>>>>
>>>>>> Email: T.Redelberger@starnet-services.net
>>>>>> Web-Tel: +49-(0)1212-5-11651621
>>>>>> Web-Fax: +49-(0)1212-5-11651621
>>>>>>
>>>>>>
>>>>>> "Keith" <webappl@pulleninc.com> schrieb im Newsbeitrag
>>>>>> news:2613301c461d8$342bc350$a401280a@phx.gbl...
>>>>>>> I can tell you why we want Outlook on the server. The
>>>>>>> reason we purchased SBS is so a few users could connect to
>>>>>>> resources in the office while they are on the road. We
>>>>>>> all use Outlook 2000 with pop accounts at a reliable ISP.
>>>>>>> (no webmail) We could disable Exchange, but it's nice to
>>>>>>> have the adminisrator account be able to mail out alerts,
>>>>>>> amoung other things. And we may move to Exchange email at
>>>>>>> some point in the future. But we don't want to move all
>>>>>>> our mail services to Exchange at this point. Too many
>>>>>>> points of failure and don't have the time or resources to
>>>>>>> setup multiple back systems like our ISP has in place.
>>>>>>> They are never down. (at lease not in the last 10 years)
>>>>>>> Anyway, the users need to be able to open Outlook on the
>>>>>>> server when they connect remotely.
>>>>>>>
>>>>>>> Also, this is a very small office and the server is also
>>>>>>> used as a workstation. The user at the server needs to
>>>>>>> use Outlook as well.
>>>>>>>
>>>>>>> We're looking into having Exchange pull email from accouts
>>>>>>> at the isp. That way email won't bouce back to senders
>>>>>>> even if our local system was down for some reason. But one
>>>>>>> thing at a time.
>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> Gary,
>>>>>>>>
>>>>>>>> The KB article I believe you are referring to actually
>>>>>>> strongly warns that
>>>>>>>> you do NOT install Outlook on SBS2003, and instead urges
>>>>>>> you to use OWA if
>>>>>>>> you must access mail from the server. But that if you
>>>>>>> wish to proceed, it
>>>>>>>> does give you a link with more info.
>>>>>>>>
>>>>>>>> Here is the KB article:
>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-
>>>>>>> us;828050
>>>>>>>>
>>>>>>>> Can you tell us why you wish to install Outlook on your
>>>>>>> server?
>>>>>>>>
>>>>>>>> --
>>>>>>>> Kevin Weilbacher [SBS-MVP]
>>>>>>>> "The days pass by so quickly now, the nights are seldom
>>>>>>> long"
>>>>>>>>
>>>>>>>>
>>>>>>>> "Gary Karasik" <gkarasik2fea.net> wrote in message
>>>>>>>> news:OPnLgCdYEHA.2736@TK2MSFTNGP10.phx.gbl...
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> Some months back there was a reference to a KB article
>>>>>>> explaining how to
>>>>>>>>> safely load Outlook on the Exchange server. I have lost
>>>>>>> the reference. Can
>>>>>>>>> anyone point me in the right direction?
>>>>>>>>>
>>>>>>>>> GaryK
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> .
- Next message: Kevin Weilbacher [SBS-MVP]: "Re: Removing/reinstalling Exchange?"
- Previous message: Kevin Weilbacher [SBS-MVP]: "Re: outlook on server"
- In reply to: Gary Karasik: "Re: outlook on server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
