Archive for SBS2003

06.05.09

Windows 2008 Performance Tuning Guide

Posted in OS, SBS2003 at 12:41 am by webmaster

While we are in the era of Windows 2008 (and SBS 2008) we need to consider new operating system tuning guidelines.

For example most partitions are aligned on 1 MByte boundries.  To see what your boundries are use:

 wmic partition get Index, Name, StartingOffset

 

07.29.08

Using Exmerge with SBS 2003

Posted in OS, SBS2003, Exchange, sbs2008 at 9:16 pm by webmaster

Sometimes you want to perform a migration where you want to manually migrate the mail - in a semi-automatic fashion.   Exmerge is a tool that can be employed to do just that.

Because the domain administrator has explicit deny permissions set by default which restricts the domain administrator from accessing the users mailboxes to perform either exports or imports, additional steps must be used to perform this taks

Preparing a User Account to use Exmerge

Here is a method that I employed to allow Create a user account

  1. Create a regular user account (exmergeusr)
  2. Create a regular security group (exmergegrp)
  3. Add the exmergeusr to exmergegrp
  4. Add the exmerge user account to the local administrators group

There is also a way to enable the security tab of the exchange system manager so you can disable the explcit deny permissions for the domain administrator (temporarily)  http://www.computerperformance.co.uk/Registry/registry_hacks_exchange.htm

Now you are all ready to start using Exmerge.

Preparing to use Exmerge

  1. download exmerge
  2. unzip
  3. copy C:\Program Files\Exchsrvr\bin\exchmem.dll to exmerge folder http://support.microsoft.com/kb/297362
  4. Check destination disk space (for export) is 1.5 times store size
  5. Create pst folder to hold the pst files you will be exporting
  6. Run Exmerge to export to pst files on the source server
  7. Repeat the above procedure on the destination server to import from pst files on the destination server

Using Exmerge

Running Exmerge goes something like this 

  1. run exmerge
    next
  2. select 2 step
  3. select 1 for export 2 for import
  4. MSE server name  SERVERNAME
  5. dc   SERVERNAME
  6. Options –> Data first 2
  7. Options –> Import Merge (second option)
  8. Select mbox, select English locale
  9. select the destination for pst files if exporting or the source of pst files for importing

For SBS2008 these methods may work  http://www.exchangeinbox.com/article.aspx?i=88

08.10.07

Monitoring Software - Inventoring your LAN

Posted in OS, win2003, SBS2003, Vista, Windows XP, Windows Vista at 11:31 pm by webmaster

A recent discussion came up in sbs2k3 Yahoo group about the various software IT Professionals use to inventory their LAN.  Quite a few software packages were brought up that I had never heard of. A summary is included here:

  1. angryip - simple powerful network scanner to obtain IP and MAC address (No install required)
  2. SIW - standalone tool (No install required, technician license available (No install required)
  3. produkey - obtain product keys of software installed on your computer (No install required)
  4. SteelInventory - freeware
  5. SYDI - vbscript
  6. OCS Next Generation Inventory system - open source, (agent install)
  7. spiceworks - web based
  8. Kaseya - Enterprise class
  9. Prodoc - Computer renditions vbscript
  10. Houndog
  11. Network Veiw USB key, not free trial or demo may be available
  12. Loginventory
  13. Portable Utilities for the USB Drive Not sure what this is
  14. SNNP Tools 1, 2, SNMP Informant , webgetif
  15.  Special K
  16. GFI

If these tools are “network aware” you can open up the Windows Firewall to just allow TCP ports 445 and 135 from a specific IP address.

Setting Path:
Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile
Windows Firewall: Allow remote administration exception

 

07.27.07

Root Certificate Authorties in Windows Products

Posted in OS, win2003, SBS2003, Vista, Windows XP, Windows Vista at 12:51 pm by webmaster

Often the question of what root certificate authrity is supported in a particular product.  This MSDN reference summarizes all root CA’s and the feature set they provide.

07.23.07

Adding a branch office to Small Business Server

Posted in OS, win2003, SBS2003 at 12:19 pm by webmaster

As of this writing there is no known official Microsoft documnets specific to addding a branch office to SBS. 

Defacto Microsoft documentation

  1. Branch Office Guide for Windows Server 2003

Check out these third party references:

  1. SmallBizServer (subscription)
  2. WindowsITPro 

05.20.07

Current Shutdown and Startup Times of SBS 2003

Posted in SBS2003 at 2:14 pm by webmaster

Time is money and if you are like most IT consultants if you were paid a dollar for every minute you spent waiting for computers to start or stop you would be be well lets just say you probably wouldn’t be reading this right now.

Shutdown on a current install of SBS 2k3 SP1 on a system that well lets just say it is not modern hardware takes 7.5 minutes.  Shutdown can be a lot lower than that if you have just recently started your system (2.5 minutes for me on the same system right after a start.)

Starttup on a current install of SBS 2k3 SP1 on a system that well lets just say it is not modern hardware takes 5 minutes 45 seconds minutes.

11:15:30  Power
11:16:00  Windows Server 2003 Splash screen
11:16:45  Windows is starting up
11:17:15  Preparing network connections
11:18:15  Applying computer settings
11:21:15  Press Control Alt Delete to login

Together that is 13 minutes 15 seconds.

There are several factors determining shutdown speed:

  1. Exchange/AD dependancy
  2. WaitToKill Registry Setting (My registry setting was to 10 minutes)

 

04.17.07

Change domain administrator account on SBS

Posted in OS, win2003, SBS2003 at 10:42 am by webmaster

A question that often gets asked is how to change the domain administrator password on Small Business Server.  I will take this oppurtunity to plug the wealth of information available on the sbs2k3 Yahoo group.  The guys (and gals) over there have come up with this:

 

  1. CTRL-ALT-DEL and change the password
  2. Open services and check for any services running under this account, and reset the password.
  3. Open Scheduled Tasks and check for any tasks running under this account, and reset the password.
  4. Open a command prompt and enter the following to reset the Directory Services Restore password.
  5. Open Command Prompt.
    1. Type the following:
      1. ntdsutil
      2. set DSRM password
      3. reset password on server NULL
    2. Enter the new password.
    3. Type the following:
      1. Quit
      2. Quit
    4. Close Command Prompt.
  6. One final thing you may want to consider doing is to reset any cached passwords for the administrator account on any machines that may have these passwords cached otherwise you may be constantly prompted to enter a password.  Credit and background information here.
    1. Follow these steps to “forget” these passwords
      1. Start –> Settings –> Control Panel
      2. Double click “User Accounts
      3. Select the “Advanced” tab
      4. In the “Passwords and .NET Passports” area click “Manage Passwords”
      5. Remove everything there.
    2. Delete everything in the following two folders:

      C:\Documents and Settings\YOURUSERNAME\Application Data\Microsoft\Credentials
      C:\Documents and Settings\YOURUSERNAME\Local Settings\Application Data\Microsoft\Credential

 

04.14.07

Managing IE7 with group policy

Posted in win2003, SBS2003, IE7, Group Policy at 2:41 pm by webmaster

Want to make IE7 a better user experience for your users?  A simple group policy addition makes it much easier for your users to digest IE7.

The changes I make are:

  1. Display the menu bar
  2. Select some default options for users so they (you) don’t have to select them every time a new profile is created for a user.

You can make other changes if you want to but since IE7 is here to stay and it is not going away we might as well make this change easier for our users.

The steps are very straightforward:

  1. Download the new IE7 group policy settings which are deployed tfrom Microsoft through a .msi file which simply contains an adm file.
  2. Tweak the settings, here is what I have used (YMMV)
    1. Turn Off Managed Phishing Filter     Enabled (Automatic)
    2. Prevent participation in the Customer Experience Improvement Program Enabled
    3. Prevent Performance of first run customization settings   Enabled (Go directly to home page)
    4. Turn on Menu Bar by Default      Enabled

As I stated above, the whole point of this excercise is to provide a “similar” experience to our users for IE7.  This essentially should provide the menu bar for our users and prevent the users from having to answer questions about things they know nothing about anyway.

Want more details on how to do this?  Here is an attempt at a step by step procedure.  Please contact me if there are any errors or ommisions.

  1. Create a new Group Policy Object (GPO).  Lets call it Custom-IE7
    1. Start –> Administrative Tools –> Group Policy Management
    2. Navitage to Forest –> Domains –> Domain Name –> Group Policy Objects
    3. Right Mouse Click (In the right window Pane, select “New”
    4. Type the name ofm your new GPO - “Custom - IE7″
  2. Link the Custom-IE7 GPO to an existing OU.  This OU should contain the computers that you want to “tune” IE7 for.
    1. Find the Organizational Unit (OU) which contains the group of  computers you want to apply these settings to (Use Active Directory Users and Computers)
      1. For example when using SBS 2k3 SP1 or higher I would use Domain –> My Business –> Computers –> SBSComputers
    2. Using the “Group Policy Management” GPM snapin, navigate to the OU selected in the above step, Right Mouse Click in the left window, and select “Link an existing GPO” and then select the “Custom-IE7″ GPO you created previously
  3. Ensure IE7 adm files are loaded into your domain
    1. New Group Policy’s Administrative Templates (.adm files) for IE7 are loaded automatically onto the Domain Controller when a Group Policy is opened from a workstation where IE7 has been installed (I have never used this method)
    2. Download and install “Administrative Templates for Internet Explorer 7 for Windows” manually
      1. Download the templates
      2. Install them
        1. Use the msi installer you just downloaded to install the templates to your server
        2. Using the GPM snapin navigate to “Custom - IE7″ GPO
        3. Select Edit
        4. Click Computer Configuration  –> Administrative Templates
        5. Right-click Administrative Templates, click Add/Remove Templates, and then click Add
        6. navigate to wherever the templates were stored (C:\Program Files\Microsoft Group Policy)
        7. Select “inetres.adm”
        8. Click Yes
        9. Click Close
        10. Now the new IE7 Group policuy settings should be viewable in the GPO
  4. Configure the Custom-IE7 GPO to contain the special IE7 settings we want
    1. Using the GPM snapin navigate to “Custom - IE7″ GPO and Right Mouse Click and select Edit
    2. Navigate to: Computer Configuration –> Administrative Templates –> Windows Components –> Internet Explorer
    3. Modify the following settings
      1. Turn Off Managed Phishing Filter     Enabled (Automatic)
      2. Prevent participation in the Customer Experience Improvement Program Enabled
      3. Prevent Performance of first run customization settings   Enabled (Go directly to home page)
      4. Turn on Menu Bar by Default      Enabled
  5. Use “gpupdate /force” on a workstation to ensure  that your settings get incorporated right away
  6. Use “gpresult > gp.txt && notepad.exe gp.txt” to verify you see your group policy settings on your worksation.

References:

  1. Internet Explorer Deployment Guide (March 2007)
  2. Exploring New Functionality in Internet Explorer (Virtual Lab Doc)

 

04.12.07

W32 time errors on default install of Small Business Server

Posted in OS, SBS2003 at 12:05 pm by webmaster

If you are seeing eventid 47, 29 and sometimes 36 in the event logs of a default Small Business Server?  Follow these steps as outlined by Susan Bradley:

Just want the steps:

w32tm /config /manualpeerlist:pool.ntp.org,0×8/syncfromflags:MANUAL  
net stop w32time  
net start w32time  
w32tm /resync

The above command modifies the following registry values:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Parameters\NtpServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

For further information check these out:

 

W32 time sync issues kb article

Eventid.net (Eventid 29)

Microsoft Ntp Time Server list   

Windows Server 2003 Time Synchonization kb

Great w32time article
 

03.27.07

Add SBS certificate to Windows Vista and IE7

Posted in OS, SBS2003, Vista at 12:02 am by webmaster

Having trouble getting Windows Vista/IE7 to trust your self signed certificate?.  Follow these easy steps:

  1. Run IE as an administrator (Right-click the desktop icon)
  2. Visit the site.
  3. Click through the certificate error
  4. Click the “Certificate Error” button in the address bar.
  5. Click View Certificate
  6. Click Install Certificate
  7. Unlike on XP, you must click the “Place all certificates in the following store” radio button, and choose the “Trusted Root Certification Authorities” store.

· « Previous entries