Re: Questions about SBS

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Chad A. Gross [SBS MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 08/07/04 

Date: Sat, 7 Aug 2004 18:21:18 -0500

Hi rcme - see inline 

-- 
Chad A. Gross - SBS MVP
SBS ROCKS!
www.msmvps.com/cgross
www.gosbs.org
RCMe wrote:
> I am looking at SBS 2003 and have been reading the documentation and
> viewing the demos available on the Microsoft website as well as going
> through a number of threads on this newsgroup. However, there are a
> few questions that I can't find answers to.
>
> 1) Does SBS 2003 support user desktop directory redirection "out of
> the box" (i.e. by default when creating an SBS user)? I can't find
> any documentation that explicitly says this. I got the impression it
> did, because the MS SBS demo on SBS backup showed recovering a file
> from a users "My Documents" directory which could only happen if the
> users directory was redirected to the server.
Yes, although it does require some configuration up front.  There is a 
wizard that will redirect users' My Documents directories to the server.  If 
you want to redirect the other critical folders of a user's profile 
(Application Data, Start Menu & Desktop), this can be done via Group 
Policies (no wizard for these folders).  Folder Redirection can be 
configured before or after user accounts are created.  Group Policies are 
automatically updated on the workstations every 90 minutes and/or each time 
the workstation boots.   Therefore, once the policy has propogated to the 
workstations and been applied, users folders will be automatically and 
seemlessly redirected unbeknownst to the user.
>
> 2) Does SBS 2003 support roaming users "out of the box" (i.e. by
> default when creating an SBS users)? Again, the SBS demos give the
> impression that all SBS users have roaming profiles, by the way the
> demos showed users logging in, application install off the server,
> etc.
Again, this is configurable.  I don't use roaming profiles for the simple 
fact that they can result in extra administration overhead, especially if 
you don't have a homogenous environment with all PCs standardized on a 
single OS, all at the same patch level and standardized applications on each 
PC.  You can present a uniform environment to the user by using Folder 
Redirection to redirect their Desktop, Start Menu & Application Data 
settings.
>
> 3) I understand that SBS 2003 can't create trusts with other domains.
> However, will it work with Exchange relays and web proxies? The
> company I am working with does not want the SBS 2003 server ever
> connected directly to the Internet. However, they want to eventually
> support Internet access to AWO, Sharepoint, and eventually host their
> own mailserver (now they are just popping from an ISP). To support
> this, my understanding is that we sill need a Exchange server "relay"
> outside the firewall (DMZ) that will connect ot the SBS Exchange
> server (same for hosting websites). Is this type of configuration
> supported?
You can keep that SBS off the internet, but you aren't going to be able to 
take advantage of most of the primary bells & whistles.  You're not going to 
be able to use Sharepoint remotely this way.  As for OWA, that would require 
purchasing a second Windows Server and another full Exchange license to put 
in your DMZ as a front end server.
Personally, I would rethink your security position.  What measures are you 
taking to secure your desktops?  Do you have 9x machines or are your users 
running as local admins?  I'd argue that is a *much* bigger security threat 
to your network than using your SBS as it was intended.  Secure those 
desktops, educate those users, ensure you have good A/V, Anti-spam and patch 
management solutions in place.  Use 2 nics in the SBS, get Premium & load 
ISA, put a router / hardware firewall between your 2nd nic & internet 
connection, familiarize yourself with the logs, keep port 80 closed and edit 
your access policy in ISA to only allow the protocols that you're using.  If 
this doesn't foot the bill, then look into front end servers for Exchange, 
etc.  Until you've secured your desktops, throwing money at protecting the 
inbound internet connection is like putting a 3rd dead bolt on your front 
door as theives are cleaning you out because the back door is standing wide 
open . . .
>
> Thanks.
>
> - rcme

Relevant Pages

  • Re: Migrating from SBS 2000 to SBS 2003 onto new hardware
    ... The time to do a Swing Migration project is best considered to be closer ... methods for moving and upgrading to SBS 2003 from other existing scenarios. ... Microsoft offered nothing like this in the form of documentation, ... "Microsoft Small Business Server 2003 Advanced Best Practices" ...
    (microsoft.public.windows.server.sbs)
  • Re: Migrating to a new server
    ... www.SBSmigration.com and review the migration project for Swing Migration. ... You will understand a lot more about SBS having ... without shutting down the original server for the construction steps. ... WHERE TO FIND MS METHOD DOCUMENTATION ...
    (microsoft.public.windows.server.sbs)
  • RE: Cannot access companyweb
    ... to migrate from SBS 2003 to SBS2003, in this period, you can't achieve this ... 825763 How to configure Internet access in Windows Small Business Server ... By this method, you need to manually restore Exchange data, SharePoint ... Another way is to create a local profile, ...
    (microsoft.public.windows.server.sbs)
  • Re: R2 w/ISA User type account cannot use my companys internal website
    ... Alerts\Core Server Alerts ... Microsoft CSS Online Newsgroup Support ... And our product group is still reviewing the impact of the upgrade SBS ...
    (microsoft.public.windows.server.sbs)
  • RE: Disaster Recovery
    ... Windows OS not only SBS. ... SBS 2003 server backup, the system state will be archived. ... If you restore the system state to a different hardware, ... Use Outlook to export the contents in the public folders to .pst files ...
    (microsoft.public.windows.server.sbs)