Introduction 1 Chapter 1: Introduction to Small Business Server 2003 5 Area of Application of the Small Business Server 5 The Expanding Middle Class 6 Implementation Planning 6 Decision Support: SBS 2003 or Windows Server 2003 6 Companies with One Head Office and up to 75 Employees 6 Connecting a Branch to a Head Office 7 Dismantling an Existing Active Directory Environment 7 Extending an Existing Environment with Additional Servers 7 Setting up a Web Server for the Intranet/Internet 7 Using a Terminal Server 7 Features of Small Business Server 2003 8 Network, Internet, and E-Mail 8 Security 8 Team Work 9 Remote Access and Mobility 9 Setup and Administration 9 Versions of Small Business Server 10 Hardware Requirements 12 Requirements for the Standard Version 12 Requirements for the Premium Version 13 License Information and Costs 14 Active Directory as Base Technology for SBS 2003 15 Setting Up the Active Directory 15 How Does a Directory Service Work? 15 Objects in the Directory 16 Directory and Directory Database 16 Client-Server Communication 17 Security 17 Lightweight Directory Access Protocol (LDAP) 17 LDAP Architecture 18

http://d-nb.info/1035328569 Table of Contents

Features of Active Directory 20 Operation and Description of Active Directory 21 Domains and Domain Controllers 21 Trees and Forests 22 The Global Catalogue 24 Locations 25 Organizational Units 26 Active Directory Objects and Schema 28 Attributes 28 Classes 28 Group Policies 29 Replication 29 Features of ADSI 29 Chapter 2: Installing SBS 2003 31 Determining the Network Structure 31 Adding SBS to a Peer-to-Peer Network 32 Peer-to-Peer Network with Hardware Firewall 32 Peer-to-Peer Network without Hardware Firewall 32 Dialup Connection 32 Broadband Connection 33 Adding SBS to a Server-Based Network 34 Fresh Installation of SBS 2003 35 installation and Basic Configuration 35 What Happens during Basic Configuration? 43 Changing the Computer Name 43 Testing the Network Configuration 44 Installation of Other Components 44 Installation and Configuration of Active Directory 44 Installation of Microsoft Search 44 Installation of other Server Components 44 What Are Data Folders? 46 Task List for Concluding Configuration 48 Network Task: Show Proven Security Methods 49 Network Task: Setting Up an Internet Connection 50 Network Task: Configuring Remote Access 64 Network Task: Activating the Server 67 Network Task: Adding Client Licenses 67 Administrative Task: Adding Printers 69 ii Table of Contents

Administrative Tasks: Adding Users and Computers 72 Administrative Task: Configuring Fax 81 Administrative Task: Configuring Monitoring 84 Administrative Task: Configuring Backups 87 Installed Hot Fixes 92 Chapter 3: Upgrade and Migration 93 Considerations 93 Upgrade Options for Existing Operating Systems 93 Keywords 94 Migration 94 Source Server 94 Target Server 95 Active Directory Migration Tool (ADMT) 95 The Steps in the Migration Process 95 Scheduling the Migration 97 Problems during Migration 97 Names of the Two Servers 97 Disabling the DHCP Service 98 ADMT and Exchange Migration Wizard 98 Transferring User-Defined Settings 98 Desktop Profiles 98 Premature Creation of Computer and User Accounts 98 DNS-Forwarder 98 Migration from Small Business Server 2000 and Windows Server 2000 99 Step 1—Preparing for the Migration 99 Server-Related Information 99 Information about Shared Folders, Applications and Settings 100 Deleting Unnecessary Files and E-Mails 101 Hardware and Software Compatibility 101 Installing Current Service Packs 102 Backing up the Source Server 102 Notifying Users about the Impending Migration 103 Step 2—Preparing the Server for the Installation 103 DHCP Configuration 103 Network and Internet Connection 104 Faxmodem 104 Administrator Password 104 Network Information 104 Performing Network Tasks 104 Step 3—Preparing the Clients 105 Table of Contents

Step 4—Carrying Out the Migration 106 Installing ADMT 106 DNS Forwarding 106 ADMT Configuration on the Target Server 107 Migration of User Accounts 107 Migration of Group Accounts 110 Migration of Computer Accounts 112 Changing Exchange Quotas 114 Moving Exchange Mailboxes 115 Moving the Shared User Folders 116 User-Defined Login Scripts 117 Moving other Shared Folders 117 Moving the Company Folder to the Intranet Website 117 Moving Other Data 117 Moving SQL Databases 118 Step 5—Configuring the Target Server 118 Rights for the Migrated Accounts 118 Distribution of Applications 119 Completing the Task List of Administrative Tasks 120 Transferring User-Defined Settings from the Source Server 120 E-Mail Distribution Lists and Retrieval Policies 120 Microsoft Connector for POP3 Mailboxes 120 Updating User-Defined Login Scripts 121 Step 6—Configuration of the Clients 121 Configuration of Windows 2000 / Windows XP Clients 121 Configuration of Older Windows Clients 122 Testing the Network Connection 123 Importing Public Folders 123 Step 7—Completing the Migration 124 Deleting DNS Forwarders 124 Resetting Rights 124 Uninstalling ADMT 124 Specifying Password Policies 125 Connecting the Target Server to the Internet 125 Migration from Small Business Server 4.5 and Windows Server NT 4.0 125 Step 1—Preparing for the Migration 126 Server-Related Information 126 Information about Shared Folders, Applications, and Settings 127 Deleting Unnecessary Files and E-Mails 128 Compatibility of Hardware and Software 128 Installing Current Service Packs 129 Backing up the Source Server 130 iv Table of Contents

Notifying Users about the Impending Migration 130 Step 2—Preparing the Server for the Installation 130 DHCP Configuration 130 Network and Internet Connection 131 Faxmodem 131 File system 131 Administrator Password 131 Computer Name 131 Network Information 132 Performing Network Tasks 132 Step 3—Preparing the Clients 132 Step 4—Carrying out the Migration 134 Installing ADMT 134 ADMT Configuration on the Target Server 134 Migration of User Accounts 134 Migration of Computer Accounts 138 Changing Exchange Quotas 141 Moving Exchange Mailboxes 141 Moving the Shared User Folders 142 User-Defined Login Scripts 144 Moving other Shared Folders 144 Moving the Company Folder to the Intranet Website 144 Moving Other Data 145 Moving SQL Databases 145 Step 5—Configuring the Target Server 146 Rights for the Migrated Accounts 146 Distribution of Applications 146 Completing the Task List of Administrative Tasks 147 Transferring User-Defined Settings from the Source Server 148 E-mail Distribution Lists and Retrieval Policies 148 Microsoft Connector for POP3 Mailboxes 148 Updating User-Defined Login Scripts 148 Step 6—Configuring the Clients 148 Configuration of Windows 2000 / Windows XP Clients 149 Configuration of Older Windows Clients 149 Testing the Network Connection 150 Importing Public Folders 151 Step 7—Completing the Migration 151 Resetting Rights 151 Uninstalling ADMT 152 Laying down Password Policies 152 Connecting the Target Server to the Internet 152

v Table of Contents

Upgrading Small Business Server 2000 153 Step 1—Installation 154 Step 2—Configuration of Windows 154 Step 3—Installation of Server Applications 155 Step 4—The Task List 155 Network Tasks 156 Administrative Tasks 156 Upgrade of Windows Server 2000/2003 157 Step 1—Installation 157 Step 2—Configuration of Windows 157 Step 3—Installation of the Server Applications 158 Step 4—The Task List 158 Chapter 4: Exchange Server 2003 and Fax Services 159 Structure of Exchange Server 2003 159 The Exchange Server Database 159 Storing an E-Mail in the Database 160 Administering Exchange Servers 160 Administration Aspects 160 Administrative Groups 161 Security Implementation under Exchange 162 Rights under Exchange 162 Authentication on the Virtual Server 163 Authentication on the Virtual HTTP Server 164 Monitoring Connections with Virtual Servers 165 Monitoring Connections to the Virtual HTTP Server 166 Enabling Logging for the SMTP, NNTP, and HTTP Protocols 166 Configuration of the Exchange Server 167 Logging 168 Language Settings 169 Mailbox Administration 169 Full-Text Indexing 170 Monitoring 170 Setting Up New Monitoring Policies 171 Receiving Monitoring Messages 172 Server Policies under Exchange 174 Other Settings 174

vi Table of Contents

E-Mail Administration 175 Setting Up Mailboxes 175 Editing the Mailbox 176 Setting Up Distribution Groups 176 Setting Up Distribution Groups from Outlook 2003 177 Schedule for E-Mail Delivery 178 Editing Mailbox Size Restrictions 178 The POP3 Connector and the SMTP Connector 178 Configuration of the POP3 Connector 179 Adding more Connectors 180 Outlook Web Access 180 Special Configuration for Exchange Server with more than 1 GB RAM 181 Modifyingbool.ini 181 Fax Services 182 Functional Model of the Fax Services 182 Administering Fax Devices 182 Regulating Access to a Fax Printer 183 Incoming Faxes 184 Stopping Faxes from being Submitted 184 Routing Policies for Incoming Faxes 184 Outgoing Faxes 185 Working with Multiple Fax Devices 187 Monitoring Fax Services 188 Archiving of Faxes 189 Fax Cover Pages 189 Chapter 5: Windows SharePoint Services 2.0 191 Task of the SharePoint Services 191 Features of SharePoint Services 192 The Structure of the SharePoint Services 194 Document Libraries 194 Incorporation of New Sites 194 Uninstalling the SharePoint Services 194 Administering the SharePoint Services 196 Administration Points of the SharePoint Services 196 Central Administration Pages 196 Website Administration Pages 197 Website Groups 198

vii Table of Contents

Editing the Contents of the Company Website 199 Adding Data to the Company Website 199 Creating a New Document Library 200 Other Libraries 201 Creating a New Site 201 Editing a Site 202 Editing Web Parts 204 Configuration of E-Mail Notification 204 Selecting the Notifications 205 Displaying Notifications 206 Forwarding Faxes to the Document Library 206 File Versioning in SharePoint Services 206 Upgrading the Servers and the Virtual Server 207 Managing the Virtual Server 207 Extending Virtual Servers 208 Creating the Virtual Servers in IIS 208 Extending the Virtual Server and Creating a Content Database 209 Extending the Virtual Servers and Linking with an Existing Content Database 209 Chapter 6: Internet Security and Acceleration Server 2000 (ISA) 211 Scenarios and Bases for the ISA Server 211 Deployment of a Firewall 212 Building a DMZ 212 A DMZ with Two Firewalls 212 What Dangers the ISA Server can Identify 213 Reading Unencrypted Data 213 IP Half Scan 213 Land 213 WinNuke 213 Ping of Death 213 Port Scans 214 SMTP Relaying 214 Operating Modes of ISA Server 214 The Installation of ISA Server 2000 214 The Components of ISA Server 215 The Installation of ISA Server 215 The "First Steps" Wizard 218 Changing the Configuration of IIS 218 Installed Services of ISA Server 218 viii Table of Contents

Administration of ISA Server 219 The "First Steps" Wizard and the Base Configuration 219 The Routing Configuration 219 Configuring a Dial-Up Connection 220 Routing and Dial-Up Connections 221 The Filter Functions of ISA Server 221 Protocol Rules 222 Site and Content Rules 223 Creating Destination Sets 224 Creating Content Groups 225 IP Packet Filters 225 Application Filters 230 DNS Intrusion Detection Filter 230 FTP Access Filter 230 H.323-Filter 231 HTTP Redirector Filter 231 POP Intrusion Detection Filter 231 RPC Filter 231 SMTP Filter 231 SOCKS V4-Filter 232 Streaming Media Filter 232 The Monitoring Function of ISA Server 233 The Interplay between ISA Server and other Servers 234 Publishing Web Servers 235 Base Configuration 235 Configuring Forwarding 236 Publishing Exchange Server 237 Publishing Other Servers 237 The Firewall Client of SBS 2003 238 Installing the Firewall Client 238 The Proxy Function of ISA Server 239 Configuring the Proxy Server 239 The Cache Function of the Proxy Server 239 Forward Caching 240 Reverse Caching 240 Planned Caching 240 Distributed Caching 240 Hierarchical Caching 241 Configuration of Caching 241

ix Table of Contents

Configuration for OWA 241 Disabling Socket Pooling 243 Publishing the http://Companyweb Folder 244 Creating a New Protocol Definition 244 Publishing the Company Web 244 Issue of a Web Server Certificate 245 Configuration of the Remote Web Workplace 246 Chapter 7: SQL Server 2000 247 Implementation Considerations 247 SQL Server or MSDE 248 System Requirements 249 Organization of the Database 249 Database on a Server 249 Client-Server Database Solution 249 Client Access to the Database 250 The Design of the Database 250 The Installation of SQL Server 2000 251 Installing a New Instance of SQL Server 2000 251 Installing Service Pack 3a for a New Instance 257 Problems with the Service Pack Installation 259 Updating the MSDE Instance Used by SharePoint Services 259 Installing Service Pack 3a for the SHAREPOINT Instance 260 Sorting Settings for SQL Server 2000 260 Checking the Sort Orders of other SQL Servers 261 The Databases of SQL Server 262 The Structure of a Database 263 Administering SQL Server 264 Enterprise Manager 264 Starting Services and Instances 266 Installing an Existing Database 266 Service Programs of SQL Server 266 SQL Server Network Utility 266 SQL Server Client Network Utility 267 Permissions for Database Access 268 Authentication on the Database 268 Permissions on the Database 268 Permissions through Roles 269

X Table of Contents

Database Roles 269 Server Roles 270 Configuring Permissions for a User 271 Further Configuration Options for Permissions 273 Creating and Adding a Database User 273 Creating Additional Database Roles 273 Issuing Permissions 274 Backing Up and Restoring the Database 275 Types of Backup 275 Complete Database Backup 275 Differential Database Backup 275 Transaction Log Backup 276 File and File-Group Backup 276 Creating a Backup 276 The Backup Wizard and Manual Backup 277 The Backup Wizard 277 Manual Backup 279 Modifying Backup Tasks 279 Restoring the Database 279 Chapter 8: SBS 2003 Administration 281 The Server Management Console as Central Administrative Instance 281 Server Management for Power Users 283 User Management 285 Adding a User 285 Properties of User Accounts 295 Adding Multiple Users 297 Changing User Permissions 297 Configuring Password Policies 298 Specifying Logon Hours for a User 301 Restrict Logon to Specific Computers 301 Day-To-Day Work with User Accounts 302 Managing User Profiles 303 Types of User Profiles 303 Checklist for Creating User Profiles 305 Setting Up a Server-Based Profile 306 Creating a Mandatory Profile 309 Setting Up Home Folders 309 Redirecting the My Documents Folder 311

xi Table of Contents

Changing Mailbox and Disk Quota Settings 312 Specifying the Mailbox Size for a Specific User 312 Specifying the Mailbox Size for all Users 312 Setting Up Disk Quotas 313 Managing User Templates 315 Adding New User Templates 315 Import and Export of Templates 317 Export 317 Import 317 Management of Security Groups and Distribution Groups 317 Fundamentals of Groups 317 Group Types and Group Zones 318 Default Groups 319 Built-in Groups 319 Global Groups 320 Groups with Special Identities 321 Setting Up and Editing Groups and Group Properties 321 Creating a New Group 322 Editing Membership Lists 322 Deleting Groups 322 Changing Group Properties 322 Managing Client Computers and Server Computers 323 Client Computers 323 Adding Applications 324 Settings of the Client Computer 325 Further Management Options 325 Server Computers 325 Group Policy Management 326 The Windows NT System Policy and the Windows 2003 Group Policy 326 What GPO, GPC, and GPT Mean 328 Processing and Inheriting Group Policies 328 Contents of a GPO 330 Software Settings 330 Windows Settings 330 Administrative Templates 331 Executing Group Policies for Computers and Users 333 Special Options for Group Policies 334 Computer Configuration 334 Multiple Logins under Windows XP till a GPO is Activated 335 xii Table of Contents

Implementation Strategy for Group Policies 336 Number of GPOs per User and per Computer 336 Number of Policies per GPO 337 GPO Administration 337 Special Logon and Log-Off Scripts 338 The Group Policy Management Console (GPMC) 339 Administration through the GPMC 341 Creating, Deleting, and Linking GPOs 342 Backup of GPOs 344 Managing Multiple Backups 346 Restoring GPOs 347 Restoring Existing GPOs 347 Restoring Deleted GPOs 348 Script-Driven Restoration of GPOs 349 Restoration of GPOs with Software Installation Settings. 349 Copying of GPOs 350 Import and Export of GPOs 350 Creating HTML Reports 352 Migration Tables 352 Application of Migration Tables 353 Structure of the Migration Tables 354 Creating a Migration Table 356 Group Policy Modeling and Results 357 Group Policy Results 362 Task Delegation 363 Creating GPOs 363 Access to Individual GPOs 364 Linking GPOs 364 WMI Filters 365 Delegating WMI Filters 367 Folder Management through Group Policies 367 Basic - Redirect everyone's folder to the same location 368 Advanced - Specify locations for various user groups 370 Folder Redirection Problems in Windows XP 371 Software Management and Deployment through Group Polices 372 Preparation 372 Installation Source 373 Recipients of the Software 373 Installation 373 Creating Software Development Points 374

xiii Table of Contents

Administrative Setup 375 Specifying the Installation Options 376 Assigning and Publishing Packages 377 General Settings for the Application Packages 379 File Extensions Tab 379 Categories Tab 381 Editing and Removing Application Packages 381 General Tab 381 Deployment Tab 381 Upgrades Tab 382 Categories Tab 383 Modifications Tab 383 Security Tab 384 Removing Application Packages 384 Strategy for Configuring the Software Installation 384 Windows Installer Technology and Repackaging 385 Repackaging 387 Creating a .mst File (Transform File) 387 Troubleshooting in Group Policies 388 Monitoring and Reporting 390 Setting Up Monitoring 391 The Server Performance Report 391 The Usage Report 393 Editing the Report Settings 394 Backup and Restore 395 Restoring Files with the Help of the Shadow Copy Feature 396 Client Configuration for Shadow Copying 397 Setting Up Shadow Copying on the Server 397 Restoration by the User 399 Restoring an Earlier Data Version 400 Restoration of a Deleted File 400 Administration of Network, Internet, and E-Mail 400 The Remote Connection Diskette 400 Problems in Remote Support via MSN Messenger 401 Editing Connection Passwords and Configurations 401 Internal Website 401 Shares (local) 401 Changing Configuration Settings for the SBS 2003 402 xiv Table of Contents

Changing the Server IP Address 402 Transferring the DHCP Service to the SBS 2003 403 Changing the IP Address for the Internet Connection from Static to Dynamic and Vice Versa 403 Changing the Dial-Up Connection Settings 404 The Advanced Management Menu Item 404 Active Directory Users and Computers 404 Group Policy Management 405 Computer Management 405 Exchange and POP3 Connector 405 Terminal Services Configuration 405 Internet Information Services 405 Migrating Server Settings 406 Chapter 9: Update Management in the SBS Network through Software Update Services Server (SUS) 407 SUS 1.0, SUS 2.0, and their Alternatives 407 Why Patch Management? 407 Comparison between SUS 1.0 and SUS 2.0 408 Clients Inventory 409 Installation of SUS Server 1.0 SP1 409 Downloading Available Updates on the SUS Server 410 Preparing Clients for Using the SUS Server 411 Settings for Automatic Updates Configuration 411 Updating Clients through the SUS Server 413 Testing the Updates 414 Approving the Updates 414 Verifying the Installation of the Updates 415 Search for Errors: Updates not Deployed to the Clients 415 Installing Updates on Servers 416 Search for Errors: Updates not Deployed to the Servers 416 Further Updating 417 Testing Updates before Installation on Clients 418 Configuration of Automatic Update without Using the SUS Server 418 Chapter 10: Terminal Server in an SBS 2003 Environment 421 Purpose of a Terminal Server 421 Terminal Server in the SBS Network 422

XV Table of Contents

Typical Scenarios for the Implementation of a Terminal Server 423 Planning and Initialization of the Terminal Server 423 Demands Made on the Terminal Server and the Network 424 Setting Up the Server as a Terminal Server 425 Opening an Administrator and Computer Account and Establishing a Connection 426 Setting Up the Terminal Server License Server 427 Installing the License Server Database 430 Redirecting the "My Documents" Folder 431 Installation of Client Applications 432 Installing Outlook 2003 432 Installing Fax Services 433 Configuring the Terminal Server 433 Installing Internet Explorer 433 Configuring the Clients 433 The Remote Desktop Web Connection 434 Installing and Uninstalling 436 Embedding ActiveX Control Elements in a Website 436 Terminal Server on SBS 2003 436 Chapter 11: Business Contact Manager 2003 439 Features of BCM 2003 439 The Integration of BCM 440 Installing BCM 2003 441 Working with BCM 2003 442 Entering the Basic Data 442 Companies and Business Contacts 442 Product Master List 442 Sales Opportunities 443 Reports 444 Other Functions 444 Chapter 12; A Security Strategy for SBS 2003 445 Verifying the Network Topology 445 Using a Router and Firewall for a Broadband Connection 446 Using the Integrated Firewall of SBS 2003 447 Securing the Router 448 Securing the Wireless Access Point (Base Station) 448 xvi Table of Contents

Configuring a Firewall on the Router 449 Verifying the Internet, E-Mail, Network, and Firewall Services on the SBS 2003 451 Verifying the Firewall Configuration 451 Managing E-Mail Attachments 452 Configuring TCP/IP Filtering 453 Software Updates for the Operating System 454 Upgrading the Operating Systems and Applications 455 Implementing Secure Passwords 455 Remote Access to the Network 456 Restricting User Rights 457 Security Considerations for Administrators 457 The "Run as" Option 457 Using RUNAS 458 Secure the Network Shares 459 Changing the Name of the Administrator Account 460 Securing the SBS 2003 460 Physically Securing the Server 461 Installing Software on the Server 461 Monitoring the SBS 2003 461 Chapter 13: Troubleshootina Small Business Server 2003 463 Server Problems 463 User-Specific Problems 465 Problems with the Internet 469 Intranet Problems 470 E-Mail and Fax Problems 474 Monitoring Problems 478 Problems with Mobile Devices 480 Appendix A: SBS 2003 and Firewalls without ISA Server 483 Appendix B: Confiauration of a DHCP Server for SBS 2003 485 Index 487

xvii