Re: New server todo list

As Steve has already suggested here, the recommended method for transferring files is via RWW

--
Cris Hanna [SBS - MVP]
-----------------------------------------------------------
MVPs Do Not Work for Microsoft
Please do not contact me directly regarding issues
"Steve" <newsgroup@xxxxxxxxxx> wrote in message news:%23jPpxujVIHA.4476@xxxxxxxxxxxxxxxxxxxxxxx
To each their own. I won't use FTP on an SBS box. Instead I transfer any files via RWW.
"Rosewood" <rosewood@xxxxxxxxxxxxxxxxxxxx> wrote in message news:A4607747-C86E-43BF-A526-4C60A9DB3D7F@xxxxxxxxxxxxxxxx
But that same attack vector (aka ddos, or whatever) would still be available via port 443.

I do FTP access because if I need to xfer files, there is no better way than FTP. If there was a way to make IIS use SFTP, I would but I've never seen that option.
"Steve" <newsgroup@xxxxxxxxxx> wrote in message news:OXuNrcjVIHA.4740@xxxxxxxxxxxxxxxxxxxxxxx
Its a security risk to run a public facing web site on SBS which has business critical data and running the risk of an attack that would bring down the entire server. Therefore port 80 should be closed. Port 21 (FTP) should also be closed and no public FTP server run on SBS.

"Rosewood" <rosewood@xxxxxxxxxxxxxxxxxxxx> wrote in message news:302CA736-6C5D-4E83-A3D1-E6C8F11D860F@xxxxxxxxxxxxxxxx
Explain this one to me please. (I mean other than you don't want people using RWW, OWA, etc. w/o SSL)

I often setup a simple company internet website on port 80. Is this in some kind of TOS violation with IIS or something?

Also, on RWW and OWA when you go to the non encrypted site, it always forwards you to the encrypted site. I've made my life easier by having it enabled b/c even if I tell them https://site.com/remote they still go to http://site.com/remote

So is there some reason other than passwords in the clear that you don't want port forwarded?

Thanks for the discussion
"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23LQdVFjVIHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
More importantly Port 80 should not be open/forwarded at all!

--
Cris Hanna [SBS - MVP]
-----------------------------------------------------------
MVPs Do Not Work for Microsoft
Please do not contact me directly regarding issues
"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message news:uLfOWxiVIHA.4972@xxxxxxxxxxxxxxxxxxxxxxx
Pretty good list. The only thing that jumps out is forwarding port 80. You
don't need it and you shouldn't open it. Some people in the group will argue
that 3389 shouldn't be open either. I personally like it as a second door
and with a strong password I don't really see a risk there.

One other item: I would install Exchange SP2 before installing the Server
SP2....and do have the fixes on hand that you might need to apply after
installing the server sp2 on an SBS box.

--
Claus
"Rosewood" <rosewood@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:2CB0448F-E398-4633-A2A6-BF146C0CD5FC@xxxxxxxxxxxxxxxx
> I've always liked the To Do list in Server Management in SBS2003. I also
> developed my own to do list and I found myself setting up a server for the
> first time in awhile this weekend and wanted some feedback and
> suggestions.
>
> Obviously you start with the install of SBS2003.
> I make sure to forward ports 3389 (RDP) 1723 (VPN PPTP) 443 (HTTPS) 80
> (HTTP) 25 (SMTP) 21 (FTP)
> Server 2003 SP2
> Exchange 2003 SP2
> Windows Update until no more updates left
>
> Set up Exchange 2003 for Spam filtering (IMF set to 8, Reject 5, add
> connection filtering, add relays.ordb.org bl.spamcop.net
> sbl-xbl.spamhaus.org )
> Make sure that SMTP connector to always run under delivery options
> Turn on message logging and SMTP logging
> Increase the storage and send and receive limits
>
> Go through the SBS2003 Todo list for the VPN, the Monitoring and Backup
> I add FTP through add/remove programs, then I make sure I turn off Anon
> access and make sure I turn on write access
>
> Configure my docs and desktop redirection
>
> Install SAV and then install SAV on all clients
>
> Install all apps on the clients
>
> Run one last pass of updates
> ----
>
> So, what obvious stuff am I missing?
> What other things should I be installing / configuring?
>
> Thanks for the feedback. I hope this can also be helpful to some.

Relevant Pages

  • RE: trouble installing companyweb
    ... gone ahead and patched the server before continuing with step 13 of KB884453. ... sbs components that I could, ... install any 3rd-party software before you finish the installation. ... For the failed intranet component ...
    (microsoft.public.windows.server.sbs)
  • RE: Monitoring and Reporting
    ... I understand that you unable to get SBS ... monitoring report after you install Windows server 2003 sp2. ... To successfully install SBS 2003 SP1, ... Downloading and Installing Windows Small Business Server 2003 Service Pack 1 ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 R2 - Please Help
    ... computers be slow after you install the full SBS 2003 R2 components. ... log on slow is probably refer to incorrect DNS ... as the DNS server on the clients rather than the ISP DNS servers. ...
    (microsoft.public.windows.server.sbs)
  • RE: Sharepoint Service, company web reinstallation
    ... Welcome to SBS newsgroup. ... I understand that you want to reinstall the companyweb on your SBS 2003 ... Business Server 2003 (If you are in the middle of RC to RTM upgrade, ... If AV software install any extra IIS virtual directory, ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 Fax Sharepoint Routing
    ... Business Server 2003 and click "Change/Remove", ... If the Fax Services component was original installed by using the SBS ... Install fro the Fax Server component. ... And then we should push the shared fax client application from server to ...
    (microsoft.public.windows.server.sbs)