Re: Installing SBS 2003 R2
- From: sawyer4444 <sawyer4444@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 16 Jan 2007 18:05:02 -0800
Greg,
Thank you for your post. It was both informative and comprehensive. You've
been a big help.
FYI - The SBS server & Software has already been ordered (Dell had a special
discount and my neighbor / client wanted to get the expenditure into last
years's taxes.)
I had planned on "learning by doing" by installing SBS into my home lab (5
PII and PIII on a separate LAN segment). Since SBS is "pre-installed" on the
Dell server, I don't know if I'll use the new server for the test or use one
of my computers.
I'll insist on separate login names and accounts. I'll set the CAL's up as
user. We will have an external HDD for backup. Additionally, the server has
three HDD configured as RAID5. I'll place the server on the same segment as
the client computers and use the router he already has in place. I'll use
the exchange connector.
Again thanks for your help.
Thanks,
Tom
"Greg C" wrote:
Hi, Tom.
I've done a few installs, Standard and Premium. The first thing I
strongly suggest is to get a copy of SBS and install it...several
times, several ways, to get a feel for the process and to understand
what the wizards are doing. SBS "should" be pretty easy to set up, but
if you make the wrong selections in the wizards you'll be scratching
your head for a while trying to figure out why <whatever> isn't
working.
The second thing I'd like you to think about is...what is the driving
force behind SBS? If it's primarily remote access you can get by easier
and cheaper (and be more secure for these types of users) by using a
remote access service like logmein or gotomypc.com. A solution built on
gotomypc can get you remote access for about $30/month for simultaneous
access to 2-3 PCs...then look at a network-attached storage device and
perhaps an online backup plan.
An SBS server _does_ require a certain amount of care and feeding that
I would have to assume you're not going to do for free.
On Jan 16, 1:05 am, sawyer4444 <sawyer4...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
Hi,
I am installing a Small Business Server 2003 R2 Standard Edition for a
neighbor / client and need help and advice about installing.
First - a description of his environment:
He has four computers in his farm office currently connected to a LAN for
file sharing, printing and internet connection. One computer is used
extensively all year long, another has heavy use for 5-6 months. The other
two are used infrequently by a bookkeeper and a marketing person (they can go
unused for several weeks). One of the reasons for installing SBS is so the
bookkeeper and marketing person can login from their home computers to do
their work (read mail, upload files, and accounting data entry) instead of
going to his home office. (The bookkeeper is moving 100 miles away.) Also,
when he is in the field he wants to be able to use his laptop to run
applications on his office computer. (He designs and cuts corn mazes world
wide. Design is done in the spring in his office, the cutting is done in the
late summer, early fall at each farm. Sometimes he needs to change and print
the design while he is in the field. The design programs and files are too
large to run on his laptop.)
If he's running corn maze design programs that won't run on my Core Duo
2 notebook with 2GB and a 200GB hard drive, I'd like to see what he's
running for a desktop! btw, this is about a $1,000 notebook, not some
exotic piece of hardware...
Currently all four computers in his office use the same login name and no
password. (Yea, I know, bad practice, but he is stubborn. He just isn't
concerned about security. He even leaves his office, which is a separate
building on his farm, unlocked 24/7.)
There are "bad practices" and then there are "leave your business data
open to the entire world" practices. Maybe he is one of the few
businesses that could survive losing programs, e-mail, and application
data.
By default, the Terminal Services users cannot have blank passwords. I
think I would tell him that this can't be changed.
Again, I'd be very concerned about backups. One of my clients had lost
all of their data in a flood; even redundant hardware won't save you if
your tapes are all destroyed.
1.) CAL's - Should I set the CAL's up as user or device?
In general you should be thinking per-user as a "default." 5-User CAL
lets a total of 5 seperate _people_ use the SBS system, shares, and
services. Each person can have multiple e-mail addresses, multiple user
accounts, and multiple computers. If an employee or contractor leaves
you can re-assign their license to a new person. In your case (not
knowing the "person count") I'd say per-user CAL is probably the way to
go. (You CANNOT, as I understand, have your accountant and marketing
person "share" a CAL with the understanding that they are both
part-timers. They are still considered "people" for this purpose.)
Device CALs let a total of 5 _devices_ connect to the server, services,
etc. In this case a "device" is a PC, notebook, PDA or Smartphone that
connects to the server, etc. So your four PCs, notebook, accountant's
remote PC, marketing person's remote PC...a device needs to be retired
from service before you can assign its CAL to another device.
2.) LAN configuration - Should I use two LAN cards to set the SBS server up
as the LAN's router or use only one LAN card, putting the SBS server on the
same segment as the client computers? (I initially planned on the two LAN
card approach so that we could use ISA, but it appears ISA is not included in
the standard edition.)
Yes, ISA is only included in Premium. The only compelling reason to use
2-NICs is SBS Premium/ISA. Then you've got an all-in-one solution. SBS
Standard is not "hardened" with ISA so it's not suitable to put
directly on the Internet. Choose your favorite broadband/wireless
router and go that way.
I can go either way here...Premium is a "tidier" solution but about a
grand more $. And if you've never worked with ISA or a "real" firewall
before the rulesets can be confusing. If you want to do something
that's not explicitly in the SBS wizards (forward an application port,
etc) it's more difficult than a hardware firewall.
A decent router/firewall will generally be easier to set up application
rules/port forwarding, etc; anything that's not SBS-standard.
3.) Login Names - I don't think I can keep his one login name scheme. Won't
I have to give each user a login name in AD?
Technically, no. You can technically have everybody log in as
Administrator, password ChangeMe! but I don't recommend that. I don't
think the SBS setup wizards will like it, and if you break the wizards
you'll break a lot of SBS.
A big part of the power of SBS to have and store e-mail per user. If
everybody is Administrator, then you may as well use webmail and not
bother with Exchange at all (no central e-mail storage & backup, no
shared calendars/tasks/contacts, no shared notes, no Outlook Web
Access) and I'd question the cost/benefits of SBS here.
4.) Outlook - He want to continue to use his current hosting provider for
his web site and email. However, he wants all computers to share one Outlook
file for mail, addresses and calendar. I'd planned on using Exchange to do
this, but am a little confused how to do it if both the POP and SMTP services
are at his hosting provider's site. How do I do this?
This would be fine. Set up exchange (users' e-mail can be read and
saved from any computer on the network; can also use remote Outlook
Access) and use the POP connector and Virtual SMTP connector. This is a
standard configuration that lots of folks are using.
I would also set up a DDNS service (I personally use and recommend
dyndns.org) then you can offer a choice:
a) use the SBS built-in wizards to set up VPN connection (the remote
PCs act like they're in the domain and can acess all "local" shares &
services), and/or
b) access the remote web workplace at http://<dnsname>/remote and
https://<dns-name>/exchange to use Outlook Web Access. Handy stuff if
you're on the road a lot.
You DO NOT need ISA to set these up, you just need to forward the ports
on your router. So long as
- you only forward the ports needed (80/443 for remote web, I forget
the ports for VPN)
- you use the Configure Email and Internet Connection Wizard (CEICW)
- you get "top management" on-board with the idea of using and
maintaining secure password policy
- patching is kept up
it's "relatively" secure. As in,
lock-your-deadbolt-front-door-when-leaving-the-house secure. Sure,
someone CAN kick in your front door given enough time and effort, but
you've at least taken reasonable steps to secure your house WITHOUT
resorting to extreme inconvenience and paranoia.
Good luck!
-Greg C
I really appreciate your help. I've worked in the computer industry since
1965 and have installed a variety of servers but have never installed SBS
before, so treat me as an experienced newbe.
--
Thanks,
Tom
- References:
- Re: Installing SBS 2003 R2
- From: Greg C
- Re: Installing SBS 2003 R2
- Prev by Date: Re: Received fax errors after running SFC.exe
- Next by Date: Re: SBS 2003 Exchange Issue - pop3 mail accounts
- Previous by thread: Re: Installing SBS 2003 R2
- Next by thread: Windows Update - Svchost - error 0x745F2780
- Index(es):
Relevant Pages
|
