Configuring SBS 2003
From InstallationWiki
| Official Page |
| Project Documentation |
| Download |
|
Contents |
Task List for Concluding Configuration
After Installing_SBS_ 2003, you will have to run the server administration program of SBS 2003 to conclude the configuration. To begin, click the Start button. You will see the To Do List dialog box:
When working through the list you should maintain the given sequence of steps. The configuration will take about 30 minutes (not counting the setup time for individual clients).
The task list is divided into two categories: network tasks and administration tasks. The individual tasks in both categories are presented in detail in the following sections.
Network Task
Setting Up an Internet Connection
With the help of this wizard you will configure the network, the firewall, secure website publications, and e-mail settings for SBS 2003.
1. After a welcome message, first select the desired connection type.
The Do not change connection type option is available only if you have already run this wizard before and now want to make changes on some of the pages. The settings skipped using this option are not changed. You will find the Do not change option on a number of pages in all wizards of the task list.
2. If you have selected Broadband connection, you must now indicate how this connection is made. From the My server list box select one of the following entries: A local router with an IP address, A connection that requires a username and password (PPPoE), or A direct Broadband connection. Then click on Next.
Help about which method applies to your network is available via the More Information button and the Display a network diagram link.
3. In the Router Connection dialog box enter the data required for the router to make the connection. In our example we assume that you have selected A local router with an IP address in step 2.
My Server uses a single network connection for both Internet access and the local network is automatically selected. Then click on Next.
4. If only one network card is installed in the server, you will be shown the corresponding message dialog box, which informs you that the firewall contained in SBS 2003 cannot be installed. To protect the network with a firewall, you should either configure an external firewall or add a second network card. To continue anyway, click on No.
5. On the Web Services Configuration page you specify which web services of the server will be accessible from the Internet over the firewall. By default only the services Outlook Web Access and Remote Web Workplace are activated.
If you select the Allow access to the Entire Web site from the Internet option, all authenticated users can access all website directories over the Internet. Anonymous access is not possible. However, for security reasons, you should think carefully before selecting this option. If you select the option Do not allow access to the Web site from the Internet, none of the services just described will be available to users over the Internet. Then click on Next.
6. In the Web Server Certificate dialog box you will find the settings for certificates. A certificate is necessary for communication over SSL (Secure Sockets Layer) between the web server and browser for some web services. You can either have the wizard create a certificate for you or select a certificate file from a certification authority.
To create a new certificate, select the Create a new Web server certificate option. This creates a self-signed certificate, which is saved in the \Clientapps\SBScert folder and has a validity of five years. This certificate is made available to clients via the client setup wizard. In the Web server name field enter the name with which you want to access your server over the Internet.
Select the Use a Web server certificate from a trustworthy authority option if you have already received a certificate file. You can select this file using the Browse button. If you do not yet have a certificate file, you can request one using the Web Server Certificate Wizard in Internet Information Services (IIS). Since this a trustworthy certificate, it is not made available to clients like the self-signed certificate. If you have received a certificate, run the wizard once again for e-mail and Internet access. Then click on Next.
7. The configuration of Internet e-mail is next. The Exchange Server is configured here for sending and receiving Internet e-mail. For sending, the Small Business SMTP connector is created. For receiving e-mail the Microsoft POP3 connector is used.
To configure the Exchange Server, select the Enable Internet e-mail option. Then click on Next.
8. If you have activated Internet e-mail in the last step, you must first specify the e-mail transmission method. [[Image: 1493_02_25.png|thumb|center]]
Select the Use DNS to route e-mail option if DNS is to be used for sending e-mail. In this case the Exchange Server will send mail via the appropriate DNS resource entry for Mail Exchanger (MX).
If, however, your Internet Service Provider (ISP) requires that you send your e-mails to a dedicated mail server, choose the option Forward all e-mail to e-mail server at your ISP. Sending e-mail via the mail server of the Internet Service Provider is also known as relaying. The Exchange Server sends all mail to the SMTP Smarthost of the Internet Service Provider. Enter the name of the Internet Service Provider's mail server in the E-mail server field. If it has several names, enter all the names separated by semicolons. Then click on Next.
9. In the E-mail Retrieval Method dialog box you specify the way in which e-mail is to be received from the Internet.
Mark the checkbox Use the Microsoft Connector for POP3 Mailboxes, if you want to move the e-mails from the Internet Service Provider's POP3 account to an Exchange account. The advantage of this is that the user needs to check only the Exchange mailbox and not both. Moreover, mails sent to an Exchange mailbox can also be checked via Outlook-Web Access.
If you select the Use Exchange option, mails are received via SMTP from the Internet. For this you must ask your Internet Service Provider to make the necessary mail exchanger resource entries (MX).
The retrieval method E-mail is delivered directly to my server is used when incoming e-mails are directly sent to the Exchange Server and not collected at the ISP.
The E-mail is held at my ISP until my server sends a signal option requires the Exchange Server to send a signal to the mail server of the ISP when it has an Internet connection. Until the Exchange Server sends this signal, the e-mails are stored at the ISP. Enter the DNS name or the IP address of the ISP's mail server in the appropriate field. The Exchange Server sends its signal to this address. However, you must first specify the signal type.
ETRN: This is the standard method for the signal. It is often necessary for SBS 2003 to have a static IP address that is assigned by the ISP for a dial-up modem or a router when needed.
'Turn' after authentication: For this signal type the SBS can also have a dynamic IP address. If you choose this option you will see an additional dialog box in which you will enter the username and password for Exchange authentication with the ISP.
In either case you should check with your ISP which signal can be used. If you configure the wrong type, the forwarding of e-mails to the Exchange Server may fail.
Click on Next.
In the E-mail domain name dialog box, enter the registered Internet domain name.
If you do not have a registered Internet domain name, keep the name field blank. This is also the case if you want to use the Exchange Server only for internal mail traffic. Then click on Next.
10. In the POP3 Mailbox Accounts dialog box you specify the POP3 accounts from which the POP3 Connector will retrieve the e-mails and forward them to the Exchange Server.
To set up a new account, click on Add. You will see the POP3 Mailbox dialog box.
For Mailbox type you can select the type of mailbox you have. The following options exist:
- User Mailbox: A user mailbox contains e-mails that have been sent to a particular user. The moment these e-mails are retrieved by the POP3 Connector, the To line in the e-mail header changes to the specified Exchange recipient. In the Exchange User field enter the username or distribution group.
- Global Mailbox: In a global mailbox all e-mails addressed to you are collected at the ISP. As soon as Exchange fetches these mails, the recipient is determined on the basis of the To or Cc line and the e-mail is sent to his mailbox. In the E-mail Domain field enter the name of the mail domain to which all e-mails meant for your company are sent.
Then click on OK'. You come back to the dialog box POP3' Mailbox Accounts. Here you can add more POP3 accounts, and update or delete existing ones. Then click on Next.
11. Under Mail Schedule, specify the intervals at which the Exchange Server and the POP3 Connector will retrieve e-mails from the mail server of the ISP.
From the Use the following schedule list box select the desired interval. The available intervals lie between every 15 minutes and every 24 hours. This schedule is only valid if you have selected Forward all e-mail to e-mail server at your ISP under the E-mail Delivery Method. If you have a broadband connection, e-mails are in principle sent immediately.
If you have selected the POP3 Connector under E-mail Retrieval Method, the specified schedule applies to receiving e-mail. If you have a broadband connection and have selected Exchange, the schedule has no effect on the receipt of e-mails.
If e-mails are sent by the ISP only after it gets a signal from the Exchange Server, the specified schedule comes into effect for the transmission.
If the schedule is to be defined under Exchange, run the Server Administration and select Properties from the context menu of Small Business SMTP Connector. Here select the relevant option so that the entered schedule remains unchanged.
Then click on Next.
12. In the Remove E-mail Attachments dialog box you can specify whether specific types of e-mail attachments should be removed from Exchange Server.
Mark the Enable Exchange Server to remove e-mail 'attachments that have the following extensions' checkbox and select from the list all file types that that the Exchange Server should automatically delete. Click on Next.
Then the Finishing the Wizard dialog box appears. To accept the settings, click on Finish. After completing the configuration you will see the status window. Close this window.
13. After you have closed the window, you will see a dialog box asking you to configure the password policies. Confirm with Yes. The Configure Password Policies dialog box appears.
For security reasons you should lay down requirements for the passwords by creating password policies.
To accept the settings, click OK.
14. When the configuration of the passwords is completed, the following dialog box appears, asking you to download the available updates and patches for the SBS 2003 operating system after establishing an Internet connection.
15. As soon as you click OK, you are connected to the Microsoft Update site on the Internet. All updates and patches available for SBS 2003 are listed and can then be installed. The server may have to be restarted during the course of installation.
Configuring Remote Access
With the help of this wizard, SBS 2003 is configured for remote access by dial-in and VPN.
1. In the welcome dialog box click on Next. You will then see the Remote Access Method dialog box.
If you want to permit remote access, select the Enable remote access option. The Disable remote access checkbox is only available if you have activated remote access services. As the connection type you can select VPN access and Dial-in access. In the second case a modem must be installed on the server. Otherwise this option is not available.
VPN access: In a VPN connection the user first connects to his or her ISP. As soon as this connection is made, a connection to the server is established using tunneling protocols. This connection is called a secure connection.
If you have to use a local router for connecting to the Internet, make sure that the PPTP ports are not blocked by the firewall. You will find the appropriate configuration settings in your router's documentation. If on the other hand you are using the SBS 2003 firewall, the VPN filter is activated. This ensures that VPN traffic is not blocked by the firewall.
Dial-in access: In this mode of access the connection is made with the help of a telephone line and a modem on the server. For using dial-in access you should preferably use a modem other than the one used for fax services (see Administrative Task: Configuring Fax). Using a modem for several services can lead to complications.
If you have permitted remote access for at least one mode, the remote access Policies are automatically configured in such a way that all members of the security group Mobile Users have remote access.
Then click on Next.
2. The Client Addressing dialog box appears if the DHCP service is not implemented on SBS 2003. Here you must select an option for assigning IP addresses to remote clients.
If there is a device on your network that acts as a DHCP server, select the Use DHCP to assign IP addresses option. It makes no difference whether this device is another server or a router. Enter the IP address of the device in the appropriate field.
As soon as the routing and remote access service is active, the DHCP server automatically assigns ten addresses from its current address range for use by remote clients. If all ten IP addresses are used by remote clients, ten more addresses are made available.
If DHCP has not been configured in the network, select the option Use static IP addresses. Then specify the start value and end value of the IP address range to be assigned by SBS 2003.
Make sure that there are no conflicts with IP addresses already assigned in the network. Moreover, the address range selected for the remote clients must coincide with the address range of the network clients.
Then click on Next.
3. Finally, in the VPN Server Name dialog box specify the name or the IP address that will be used for access to the server from the Internet. When remote access services are configured, the server is also called a VPN server.
Enter the name of the server in the Server name field. This should be the complete host name of the server in the format servername.firma.de. This name must also be registered on the DNS server of the ISP. The name given here serves as the default name of the target server in the configuration file of the client connection manager. By default the local name of the server is entered in the field Server name. You could also enter the IP address of the server as an alternative to the full name.
Then click on Next. You get a summary of your entries and can allow the wizard to carry out the configuration by clicking Finish.
4. If after completing the Internet Connection Wizard you have still not configured the password policy, you are asked one more time to complete this step. To do the configuration, carry out the processes described previously.
Activating the Server
As with Windows XP, activation is required for Small Business Server 2003. Activation is done conveniently over the Internet. Here you have the choice of just activating the server or simultaneously both activating and registering it.
Until the server is activated, you cannot begin the next step (adding client licenses).
Network Task: Adding Client Licenses
The last of the network tasks is adding client licenses. SBS 2003 comes with only five Client Access Licenses (CALs). If there are only five clients in your network, you can skip this task.
1. After the welcome message you see the License Agreement dialog box. Read the terms of the Microsoft Client Access License agreement and then select I agree. Then click on Next.
2. In the Contact Method dialog box specify whether you want to add client licenses over the Internet or by Telephone. Then click on Next.
3. In the License Code Information dialog box you must now enter the 25-digit license code in the License Code field and click on Add. Here you can enter as many licence codes as you want one after the other. In the License codes to be added section you will see how many licenses each code represents. Then click on Next.
4. The license activation is now completed. Follow the instructions of the wizard to do this. If you want to add more CALs later, you will have to call up this point in the task list again.
Administrative Task: Adding Printers
After completing the network tasks, you must perform some administrative tasks. To start with, printers are added to the network.
1. After the welcome window you will see the Local or Network Printer page. Specify here whether the printer is connected locally to SBS or to another computer. If you are using a print server read the documentation of the device. Then click on Next.
2. In the Select Printer Port dialog box specify the port to which the printer is connected. This is usually LPT1. Then click on Next.
3. In the Install Printer Software dialog box you can select the printer from the manufacturer and printer list. If the printer is not in the list or if you have a separate disk containing the driver, click on Have Disk and follow the subsequent instructions. Then click on Next.
4. The next step is to give the printer a name in the Name Printer dialog box. Then click on Next.
5. In the Printer Sharing dialog box you can indicate whether you want to share this printer with other users. Then click on Next.
6. In the Location and Description dialog box you can then optionally add information about the location of the printer as well as a description of the printer in the appropriate text fields. Then click on Next.
7. Finally in the Print Test Page dialog box you are asked if you want to print a test page after the printer driver is installed. Then click on Next.
8. At the end the wizard gives you a summary. Click on Finish to add the printer.
Administrative Tasks
Adding Users and Computers
This configuration step consists of a series of tasks. A user account, mailbox, and base folder are created for each user. Furthermore, membership of the user in the security and distribution groups is specified. SharePoint access and disk quotas are also configured. Finally a client computer is assigned to the user.
1. Before you create the user you must select a template in the dialog box Template Selection.
Apart from these pre-defined templates you can even create your own templates. You can also change the template for each user later. After you have selected the appropriate template, click on Next.
2. In the User Information dialog box you can create a new user for the selected template by clicking Add. If you have already created some users for this template, you will find them listed under Users.
3. After you have clicked on Add, fill in the appropriate fields in the dialog box Enter User Information.. If you are done with the entries, click OK.
4. In the Set Up Client Computers dialog box you can set up a client computer. If you choose the Set up computer now option, you can begin to configure it.
5. In the Client Computer Names dialog box enter the name of the computer and click on Add All information entered via the wizard applies to all the computers in the Accounts will be created for list. You can even remove computers from this list. Click on Next.
6. Next the applications to be installed on the computer are selected in the dialog box Client Applications. By default the applications Client Operating System Service Packs, Internet Explorer 6.0, Outlook 2003, and the Fax Client are installed. You can, however, change and extend this choice.
Unchecking a checkbox for an installed application does not uninstall the application from the client computer.
If you have selected Outlook 2003 for installation and a previous Outlook version is already installed on the client, you must disable the COM Add-Ins on the client. To do this, take the following steps:
- Select Options from the Tools menu and click on the Next tab.
- Click on Advanced Options and then on COM Add-Ins.
- Uncheck the checkbox next to the Add-In.
7. In the Client Applications dialog box mark the During Client Setup, allow the selected applications to be modified checkbox if you want to allow the user to change the installation or not install an application during the setup process. You should mark the After Client Setup is finished, log off the client computer checkbox if the user is not able to wait till setup is completed and you don't want unauthorized access to the computer after the installation is over.
8. If you click on Edit Applications, you will see the Available applications dialog box. All applications available for installation are listed here. By clicking Add you can make more applications available for installation on the clients.
Before you can add an application, you must copy its installation program in a share. It is best to put these applications in the default folder \ClientApps on SBS 2003. Domain users must have Read and Execute rights for the shared folder; otherwise they cannot carry out the installation.
9. Give a name for the application in the Application name text field and choose the path to the application by clicking Browse. A link to this application is created on the client's desktop. Then click on OK. You are brought back to the Available Applications dialog box. Here you can modify the list of available applications at any time. The modification option is not available for the default applications. It is also possible to delete applications from the list. Click Next to complete the Add New Applications Wizard.
10. You then return to the page Client Applications. Clicking on Advanced brings up the Advanced Client Computer Settings dialog box.
For each of the points in the list you can accept the default settings by checking the appropriate checkbox. Then click on OK.
11. You will next see the Mobile Client and Offline Use page.
Here you have the option of installing Connection Manager and ActiveSync 3.7.
Users can only use the Remote Connection after you have closed the Remote Access Connection wizard. Moreover the user should have been added to the user template Mobile Users (see step 1 in this section).
Finally, click on Next.
12. You will now see the Completing the Add User Wizard dialog box. If the settings are OK for you, click Finish. Click Back to make changes in the configuration.
13. While the user settings are being configured, you will see a dialog box. To complete the configuration of the client computer including its network configuration and application access, you must log on to the client and enter the address http://SBSServername/ConnectComputer in the browser. Click OK to confirm.
14. After the user account has been created, you are asked if you want to restart the wizard to create another user. If you select No here, another dialog box appears informing you that you can now configure the transmission of POP3 e-mail for the user accounts. Confirm this dialog with OK.
Configuring Fax
This wizard helps to set up SBS 2003 for receiving, sending and forwarding faxes. You can only carry out this administrative task if at least one fax modem is installed on the server.
1. In the Provide Company Information dialog box you first enter the information that will be sent on the fax cover page.
Fill in the fields. The pre-filled values are based on your entries at the time of configuring the server. These entries can, however, be changed here. Then click on Next.
2. In the Outbound Fax Device dialog box you see a list of fax devices recognized by Windows.
Mark the checkboxes for the devices that you want to use. If several faxmodems are installed, you can change the usage sequence. If a fax device is in use, the next one in the list will be used automatically. Click on Next.
3. After this the devices for receiving faxes are specified.
Mark the checkboxes for the devices that you want to use for receiving faxes. If there are several devices, you can specify whether you want to use the same routing method for all devices (Set routing destinations for all devices option) or whether the devices are to be configured separately (Set specific routing destination for each device option). Then click on Next.
4. In the Inbound Fax Routing dialog box you specify the routing method for each fax device. Make sure you specify at least one routing method for each fax device.
When the wizard is run first, the link Configure appears as soon as a routing method is selected. If you run the wizard again later, select the method and click Edit to modify the entry. Then click on Next.
5. At the end you again get a summary of the settings. Confirm this with Finish.
Configuring Monitoring
With the help of this wizard you can configure warning messages as well as server performance and usage reports. A schedule is set up here in accordance with which reports and messages are sent by e-mail. The reports can also be displayed via the server administration.
1. In the Reporting Options dialog box you specify how the individual reports are to be displayed and received.
After the wizard is completed the performance reports are displayed automatically in the server administration under monitoring and reporting. Performance data is collected hourly. Moreover you can also have the report sent to you by e-mail via the option Receive a daily performance report in e-mail.
The usage reports contain information about the Internet, e-mail, fax, and remote usage of the server. If the option View the usage report in Server Management is selected, you can simultaneously also specify the following: Receive a usage report in e-mail every other week. Then click on Next.
2. In the E-mail Options dialog box you can specify whether the reports are to be sent to one or more e-mail addresses. If you want to enter several e-mail addresses, separate them with a semicolon (;). The e-mail address selection is displayed only if you have activated the e-mail function in one or both reports in the previous step.
3. Under Business Owner Usage Report you can specify who is allowed to see the usage reports on a specific page of the intranet website. By default only members of the domain administrator group can see these reports.
To allow other users to view these reports, select the desired users from the All users list and click on Add. All selected persons receive an e-mail informing them about the function of the usage reports and the fact that they now have access to them. The usage report is available at http://SBSServername/monitoring. Then click on Next.
4. In the Alerts dialog box you can specify whether you want immediate notification by e-mail in the event of a performance warning.
Then click on Next.
5. This completes the wizard. To end click on Finish.
Configuring Backups
This wizard runs you through the planning and configuration of backups for SBS 2003.
1. After the welcome message you will see the Backup Location dialog box. Here you can decide whether the backup is to taken on a tape drive, hard disk, or network share. The first option is available to you only if the backup wizard has found a tape drive. Otherwise you get an appropriate message at the bottom of the dialog box because a tape drive or other such removable medium is recommended.
2. If you want to back up to a hard drive, select the path to the backup folder using Browse. Then click on Next.
3. The next dialog box is Define Backup Schedule. Select the days on which backups should be taken. By default the working days Monday to Friday are selected.
Then click on Next.
4. You will next see the Storage Allocation for Deleted Files and E-mail dialog box.
Then click on Next.
The shadow copy feature is not available if a shared folder has been renamed or deleted. If the entire Users Shared Folders folder has been deleted, you should rerun SBS and reinstall the components.
5. You can now either complete the wizard or click Back to make changes in the configuration. Then click on Finish.
Installed Hot Fixes
During the installation of SBS 2003 a number of patches and hot fixes are automatically installed. Here is a list of the individual hot fixes:
- QFE#47846 KB822745
- QFE#47937 KB822744
- QFE#47987 KB822743
- QFE#47990 KB822742
- QFE#48802 KB824073
- QFE#47607 KB822132
- QFE#50566 KB824146
- QFE#49367 KB824139
- QFE#48628 KB823559
- QFE#48713 KB823980
- QFE#46104 KB819696
- QFE#50449 KB826238
- QFE#50009 KB826936
- QFE#50147 KB825117
- QFE#48165 KB822925
- QFE#48087 KB824105
You can find further information about these hot fixes in the Microsoft Knowledge Base. The expression QFE#xxxxx refers to the patch and KBxxxxxx to the corresponding article in the Microsoft Knowledge Base, under which you will find the specific information.
Source
The source of this content is Chapter 2: Installing SBS 2003 of Windows Small Business Server 2003 A Clear and Concise Administrator's Reference and How-To by JStephanie Knecht-Thurmann (Packt Publishing , 2005).
