Saturday, November 24, 2007

Un-Approving an Update.

I approved an optional update (KB929735) for my network (since all critical and security updates are automatically approved for me), and I ended up with something that wouldn't install! My reports forever had the yellow shield of patience.

Unfortunately, the patch I told to install wouldn't actually install on my desktop for which it was destined.

The first step of course was to try to install it manually. I downloaded the patch and attempted to install it manually, and it reported that it wasn't needed by my system. weird.

Well, since it was only an optional update, I decided to decline it for my network. To do this:

  • Open the WSUS native console (I'm using v3, so the v2 ones might be different)

  • Expand Update Services, Computer Name, Computers, All Computers and select Update Services client computers.
  • Double click on the computer that the patch won't install onto.

  • Click the next page button to go to the second page of the report

  • Search through the report for the KB that you want to decline.

    • I found it easier to change the filter on the top of the report instead of searching through the entire list

  • Click the Install word under Approval Summary for ...

  • Click the button in front of Update service client computers and select Not Approved

Then you can go back into the familiar SBS tools, and you'll see the patch again, this time you can decline it.

Once I declined the patch, I was returned to the green check of glory!

Hope this helps you if you've got a patch that won't install, but you can't get rid of it.

Saturday, November 03, 2007

Humor: Help desk in the middle ages

I came across this link the other day, and wondered if helpdesk has actually changed over the years? or if our end users are behaving the same, just the problems are different.

Friday, October 19, 2007

Friday, October 12, 2007

Making Office 2007 save as PDF

Office 2007 can create your PDF files for you. All you need is Word, and the handy plug-in available here.

Simply install the plug-in and then choose Save As ... and select XPS/PDF. You can then publish your document as a PDF file.


Friday, September 07, 2007

SQL Allocated Memory Alert Fix (From a Diva)

I typically like to keep my content on my site unique, but every once in a while, you get enough questions about a particular topic that's posted somewhere else, and you think "Dang! I wish I had that blog post here". Well, That's what I'm doing.

One of our MVPs, Susan Bradley, has an outstanding post on how to deal with SQL allocated memory alerts from SBS 2003.

That post is available here.

Susan's post gives step-by-step instructions for how to correct the MSSQL$SBSMONITORING service when it starts using too much memory, and your server starts sending you these:

Allocated Memory Alert on DOMAIN

A large amount of memory is committed to applications and processes. Consistently high memory usage can cause performance problems.

To determine which processes and applications are using the most memory, use Task Manager. Monitor the activity of these resources over a few days. If they continue to use a high level of memory and are less critical processes or services, try stopping and then restarting them.

You can disable this alert or change its threshold by using the Change Alert Notifications task in the Server Management Monitoring and Reporting taskpad.

So if you're seeing this error, head on over to Susan's site, and get it resolved!

Thanks for a great post Susan!

In affiliate marketing, one can always save on cheap hosting in order to invest more on marketing. However, the domain name is not everything. The host should be compatible with the wireless internet service and should come with online backup free of charge.

Tuesday, September 04, 2007

Enabling the Network Map on Windows Server 2008

As you may have guessed, I've been running Windows Vista for quite some time now, I'm sure many of you have too, and are eagerly awaiting Windows Server 2008, and of course, utlimately, Windows Small Business Server 2008!

Well, looking at my Windows Vista Networking & Sharing Center, I was able to pull up the network map of my laptop (modified to fit this blog):

Wait a sec, where did you get that?

Ah, here's how I found this nifty feature:

  • Click Start, then Network.

  • Then right below the address-bar, you'll see Network and Sharing Center, click it

  • Then above the graphic, click View Full Map, and there you have it

One of the things you'll notice immediately being on a Small Business Server 2008 box is that by default, this handy map is disabled. The reasoning for this is because as a Domain Controller, there could be many many machines attached to the network,and discoverying the layout of the network is not a task you really want your domain controller to be doing (you know, over allowing logons to happen, e-mail to be processed etc.). But it's not that big of a deal for small networks with some of the high powered machines you might have.

So here is how to turn it back on!

  • Crack open your trusted local policy editor on the DC by clicking Start and running gpedit.msc, you'll have to accept the LUA prompt

  • Browse down to Local Computer Policy, Computer Configuration, Administrative Templates, and Link-Layer Topology Discovery.

  • Once in there switch both Turn on Mapper I/O (LLTDIO) Driver and the Turn on Responder (RSPNDR) driver to Enabled from Not Configured.

  • Now refresh the map, you don't even need gpupdate /force because it's the local policy!

Enjoy the map view of your network.

Please note that some restrictions apply (as in XP machines without the LLTD responder installed will not reply, and any class of machine lower than Windows XP, including MAC and various forms of *ix)

Thanks to broadband, now affiliate marketing has new meanings. You can use cheap web hosting to host any kind of domain names you like, then you can proceed with website design and the rest. Features like online backup further contribute to the deal. One can compromise on the website design where needed.

Thursday, July 19, 2007

Tuesday, July 10, 2007

SBS 2003 RTM, we lay you down to rest

I found out today that our buddy, SBS 2003 without Service Pack 1, is being removed from the list of supported products today. Not to be confused with SBS 2003 with SP1, or SBS 2003 R2, which continue on for support.

This means that today is a great day to Upgrade to SBS 2003 Service Pack 1! It's free!

The full list of other products that will no longer be supported, and when is available on the Lifecycle Support Page.

Monday, June 25, 2007

The Small Business Server Tech Library is now Live!

Our writing team has managed to put together a technical library of documentation up on TechNet. The direct link is here.

Some key advantages include:

  • Access everything from one location: All SBS product documentation is now in one central location, easy for you to find!

  • Search content: Use the search tool to search for a term or phrase throughout the entire SBS product documentation library, KB articles, TechNet, and more.

  • Provide feedback: Use the voting tools to submit your feedback and add comments about the quality of the information.

  • Watch it grow: Because of your comments, we’ll update the content on a regular basis.

Enjoy the new content!

Wednesday, June 13, 2007

Windows Home Server Reaches RC!

For those of you who are anxiously awaiting the Windows Home Server RTM, we're getting close. RC was declared!

Here are some fancy news articles:
Beta News
Windows Home Server Reaches RC1
June 13, 2007

Redmond Magazine
Windows Home Server RC1 Released
June 12, 2007

Computer World
Microsoft unveils Windows Home Server RC1
June 13, 2007

Microsoft Windows Home Server Release Candidate
June 13, 2007

Microsoft Pushes Out Windows Home Server Release Candidate
June 13, 2007

The Tech Report
Windows Home Server release candidate rolls out
June 13, 2007

Wired – Gadget Lab
Windows Home Server Leaves Beta Testing
June 13, 2007

The Digital Lifestyle
Windows Home Server Release Candidate
June 13, 2007

Monday, June 11, 2007

Another Sneak Peak into Cougar

So, it appears that you enjoyed my last post about where my next version of SBS is. Well, I was surfing (my email) and this handy link of what's coming in Windows Server 2008 appeared.

As you know, Cougar's base operating system is based on Windows Server 2008. Many (but not all) of the features that come with Windows Server 2008, are available in Small Business Server. I unfortunately cannot speak to which features appear, and which one's don't.

But hey, nothin' like another teaser eh? I feel like a movie trailer, except I can't show you all the scenes and make you not want to go out and see the full-feature! :)

Due to increasing number of free web hosting services, a new web hosting company is sprouting up on every corner. With the sue of internet phones, world has been reduced to nothing. The webmaster basically makes use of these facts in online marketing, from web design to the rest of seo work.

Thursday, May 31, 2007

Hey! Where's my next version of SBS?

You wanna know about the next version do you? Well, Since our trip to New Orlean's a TS2 blog has popped up some public information.(here), I'd like to take the opportunity to publish similar information here.

Cougar is the code name for the next version of SBS. When the SBS team decended on New Orleans, some of the following information came out to the public. I wanted to make sure I shared so you could know what's going on with the next version.

  1. Cougar includes Exchange 2007 which is x64 only, This means that Cougar will be x64 only.

  2. Since Cougar is x64 only we can deduce some things just based on how the technology works. This means in-place upgrades from earlier versions will not be supported (x86 hardware cannot support x64 software). Since Chris Almida was also there to speak to migrations, and he is our man in charge of the migration he is not planning to provide an in place upgrade from x64 hardware (again, this makes sense since the OS is x86, and it cannot be upgraded to x64). There will be a migration too that will take you from your current SBS to Cougar on ANOTHER BOX. We are still working on this solution. (I had a meeting yesterday on this actually!)

  3. The SBS Backup solution is being completely re-vamped. However, we have made the full switch, and the backup solution will no longer support backing up to tape. Using snapshot technology, the backups will be extremely quick using incrementals that can be scheduled as often as every 30 minutes. A copy of NTBackup will be able to extract files from the old SBS 2003 format, but no new data can be added. If tape is super important to you, start sizing up 3rd party backup solutions.

  4. To date, we are not planning on changing the 75 user limit.

  5. Cougar will need to be installed behind some kind of firewall and the single-NIC model will be the only mode. You must use a firewall in front of the SBS box, this can be a hardware router type item, or a software firewall such as ISA.

  6. Cougar will be based on Longhorn server now officially called Windows Server 2008.

In addition to the points made in New Orlean's, I'd like to add my own. Cougar looks really really sweet! But then again, I am biased. :o)

Our Beta 1 is in the field with our MVPs (don't ask, they can't talk about it either!) and I'm already starting to contemplate an upgrade to Cougar at my house. Now I just need to find some x64 hardware.... hrm....

With cheap web hosting, today we have many more email marketing options. However, it is important that out web hosting service offers email hosting as well. If not, there is a not a lot the webmaster can do with the wireless internet.

Thursday, May 24, 2007

Want to prevent people from using PSTs on your network?

You have Exchange for a reason, it stores your email, and you do diligence to back it up daily. The problem is those pesky users keep moving mail to their PSTs. Hard drives crash, laptops are lost and along with that, email.

Why not force your users to keep all of their mail on the Exchange Server?

Well, it's a simple Group Policy object for Office 2003 and Office 2007.The problem is, SBS 2003 doesn't allow you to send out Registry edits without building a template for it. Well, a company called DesktopStandard has you covered with their PolicyMaker - Registry Extension plug in to Group Policy! This program is free (with registration) and can be installed on your SBS 2003/SBS 2003 R2 box. And it's my understanding, this company is working closely with Microsoft to build it's tools.

Once you've got that handy program loaded, you'll have to work around a minor issue if you have IE7 installed. Make the following Registry Key change:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING
Create the REG_DWORD with the value of mmc.exe, and ensure the value is 0.

Once that's all finished, we're ready to create the registry keys. To do so, here are the steps:

  1. Click Start, Administrative Tools, and click on Group Policy Management.

  2. When the GPMC opens, right-click domain.local and click on Create and Link a GPO here...

  3. Call the Policy something familiar to you, like Prevent PST Usage.

  4. You'll now see what you just created in the list of GPOs, right-click it and choose Edit...

  5. In the new gpedit MMC window that opens, under User Configuration, and User Settings, select the new node called Registry

  6. In the right pane, right-click in some white-space and choose New, Registry Item.

  7. On the new property page that opens, fill out the following:

    • Action: Create


    • SOFTWARE\Microsoft\Office\12.0\Outlook\PST\

    • Value name: PstDisableGrow

    • Value type: REG_DWORD

    • 00000001

    Similar to the following picture:

  8. If you have any Office 2003 versions on your network, you'll want to also repeat the last step, but make the registry key for version "11.0" instead: SOFTWARE\Microsoft\Office\11.0\Outlook\PST\

You will not see the two registry keys in the "Report" of the policy, in fact, the policy will appear to be blank! The reason for this is the report only shows items that have an .ADM template file associated with them. Registry keys do not.

On the clients, this registry setting will take place once Group Policy refreshes, you can force this by typing gpupdate /force from a command prompt window. You will be able to see these registry settings applied to the client by running the command: Start, then Run, then type in RSOP.MSC and hit ENTER. This command gathers the resultant set of policy and shows it for the machine you are on presently.

There you have it! This policy prevents the PST files from growing (hence writing to PST files) It does not prevent the user from loading up any PST file and reading mail out of it.

Gotta love the power of Group Policy!

Wednesday, May 23, 2007

How to launch a program always elevated under Vista UAC

This tip comes from our documentation team on how to launch a program that requires the use of some system files.

UAC is there for a reason, and I suggest only using this method if you know what you are doing and are ok with lowering the security level of your system!!

So now the warnings are out of the way, how do you create a shortcut that doesn't prompt you to run every time? Let's try creating one for the command prompt in Administrator Mode. Although this proceedure can be used for any application that is naughty for writing data into a system location, or that doesn't have a shim built for it to catch the data and write it into a better location.

These steps will require you are running as a local admin, with UAC enabled

  1. Start the Task Schedule from Start, All Programs, Accessories, System Tools, and finally click on Task Scheduler

  2. Accept the UAC prompt for running the Task Scheduler

  3. Click Create Task... (be careful not to click Create Basic Task)

  4. On the General, enter a Name and description, and ensure the Run with highest priviledges is checked similar to the following screenshot:

    Ensure you copy the name into the clipboard as you will need it later when building the shortcut.

  5. Leave the Triggers tab empty

  6. On the Actions tab, ensure you set an action to start a new program:

    • Ensure Action is set to Start a Program.

    • Browse to the path of the program, in thise case c:\windows\system32\cmd.exe.

    • Click OK

    Similar to the following screenshot:

  7. On the Conditions tab, uncheck all the boxes.

  8. On the Settings tab, make sure only Allow task to be run on demand, and If the task is already running, then the following rule applies is set to Do not start a new instance

  9. Click OK

  10. Right-Click on the desktop and choose New, Shortcut from the context menu.

  11. When it asks for the location of the command, type in schtasks /run /TN "Command Prompt in Admin Mode". Please note that "Command Prompt in Admin Mode" is the exact string name of the scheduled task you created and copied above, similar to the following screenshot:

    And then follow through the rest of the wizard with whatever friendly name you want for the shortcut

Now each time you click on this icon, the command prompt will open in admin mode without prompting for UAC.

Again, I recommend if you can deal with the UAC prompt, you do so! This should be used as a last resort for those customers who can't handle the prompt because they open the application 100s of times a day.


A cheap web hosting may mean more to spare on advertising, but compromising on the hosting means compromising on features like internet phones and online backup. In search engine optimization, it is important that domain registration is followed by the website design. Naturally for all this to happen, the hosting should be reliable.

Sunday, April 22, 2007

Tuesday, March 27, 2007

Interested in Conserving a Little Power?

By default, in the Small Business Server - Windows Vista policy GPO, Specify the System Sleep Timeout (Plugged in) and Specify the System Hibernate Timeout(Plugged in) are set to Enabled to support Remote Desktop Connection. These settings ensure that, if the client computer that is running Windows Vista is plugged in, it does not enter the sleep or hibernate modes. This enables network users to access client computers that are running Windows Vista remotely.
If you want to optimize for power management instead of for Remote Desktop support, you can disable these Power Management Group Policy settings and configure Windows Vista to use Wake-on-LAN (WoL). WoL wakes up a computer that is running Windows Vista and prevents it from sleeping or hibernating when a remote connection is made. See the computer manufacturer's documentation to learn more about how to configure Wake-On-LAN settings.

To disable Power Management settings in the "Small Business Server - Windows Vista policy" GPO for all client computers running Windows Vista

  1. From a client computer that is running Windows Vista, click Start, and then type gpmc.msc in the search box. A couple notes about this:

    • Be sure to log on to the Vista computer that is joined to the SBS domain and use the Domain Administrator account

    • When you log on to the Vista computer as the domain admin, you’ll need to specify your SBS domain name as part of the logon. For example, DOMAIN\Administrator.

    • On the Vista computer that you will use, It is recommended that you log off from any other user account on the computer (rather than using switch user) so that the policies are updated for all accounts at the end of the procedure.

  2. In Group Policy Management Console, click Forest:DomainName, click Domains, click DomainName, and then click Group Policy Objects.

  3. Right-click Small Business Server – Windows Vista policy, and then click Edit.

  4. In Group Policy Object Editor, in Computer Configuration, click Administrative Templates, click System, click Power Management, and then click Sleep Settings.

  5. In the details pane, double-click Specify the System Sleep Timeout (Plugged in).

  6. Click Not Configured, click Apply, and then click OK.

  7. In the details pane, double-click Specify the System Hibernate Timeout (Plugged in).

  8. Click Disabled, click Apply, and then click OK

  9. Close Group Policy Object Editor, and then close Group Policy Management Console.

  10. To force the Group Policy settings to be applied (if you don't want to wait the 90-130 minutes for it to be applied), either run gpupdate /force from a command prompt with elevated privileges or restart the client computer. When you force the Group Policy updates, be sure to run the command elevated.

    • Click Start, type cmd

    • Right-click the Command Prompt icon in the Program files list, and then click Run as Administrator

    • Accept the prompt for UAC

    • Type gpupdate /force

Some additional points:

If you have modified the Power Management settings through Control Panel of the local Vista computer, log on to the account that you were using when you modified the Power Management settings

  1. Open Control Panel

  2. Select Power Options

  3. For the power management setting that is currently in use, click Change Power Settings

  4. Click Restore Default settings for this plan.

If you modified the Local Group Policy settings on the Vista client, you will need to clear any of those settings to return your Power Management settings to the default setting.

More information can be found here.

Now for the fun part!
An SBS MVP from Germany has created a Remote Web Workplace plug-in to allow you to Wake your PC up directly from the Computer Picker Page. Here's the trick. The site is in German, but the tool is native English (and only shows German text if the browser is German). Apparently he's open to adding your language if you should need it. Take this up with him.

So check it out at, and if you're like me, you may need some help with the webpage, which is easy with Babble Fish!.

Courses like 350-029 as well as 70-270 are hard enough and should follow 642-382 and VCP-310. This is important because without this, the student will not be able to comprehend a word about N10-003 or 350-029. This is the way IT training works.

Tuesday, March 20, 2007

Friday, March 02, 2007

My RSS Feed

I've had a lot of complaints about my RSS feed either displaying always as the same date, or only partial posts. This morning I updated my feed links (to the right) to point to the Blogger recommended feed.... so if you're having one of these problems, try to re-subscribe using the new URL... Sorry for the inconvenience.

How to get more Familiar with SharePoint

Hi Folks,

I was recently asked if there was any way to try SharePoint before you actually configure it, to make sure you're getting the most out of the site on your SBS server.

Well, the TechNet folks have come through with a Virtual Lab that you can play with and get familar with the technology.

Hope this helps!

Wednesday, February 28, 2007

More (unsupported) methods of getting that self-issued cert onto WM5

So, over the past few days, I've ran into two more methods for getting that self-issued SBS certificate over to your mobile device so you can sync it against your server.

Method #1
Some mobile devices (and I say some, because I don't know why this is the case... yet), like the cert better if you export it as .DER encoded. You can go to your servers "certificate" store through mmc.exe and export the public cert as .DER encoded. It's possible this may install on your WM5 device. This one is actually supported, but may still be blocked by the security model on your phone.

Method #2
A friend of a friend of a friend of a friend used Bernt Lervik's method. I can't say it's a supported method, and as always, messin' around in the registry may wreck your device, but it just might work. I have not tried this method, and it may void support on your device from Microsoft or your provider!

And in other news. Windows Mobile 6 has released, you'll probably start seeing these devices around Christmas time. Looking to update your existing Windows Mobile 5 device? Keep your eyes on your provider and manufacturers websites.... and good luck!

Monday, February 26, 2007

Understanding the Flow of Mail through Exchange Anti-spam Architecture

I have to admit, I've been a little lazy in the blog posting, after spending all day writing specifications for the next version of SBS, I haven't got the fingers left to dance over the keyboard to share my knowledge with you. Plus of course, my knowledge is confidential (for the most part) at this time.

No, I don't wear an ear-plug and answer to the name of "Agent 3".

Anyways, looking at our specs for Exchange 12 anti-spam configuration, I came across something that's public, and will probably help you understand how the Anti-spam engine works on Exchange. This is of course for Exchange 2007, but most of it applies to Exchange 2003. The full article is available over on TechNet. But for the purposes of this blog, here's the meaty detail:

Tuesday, February 13, 2007

Configuring the Vista Firewall by Group Policy

Adding a Firewall rule in Group Policy to a Vista client is a little more difficult than Windows XP. It's not because it's harder, it's because there is no ADMX configuration file for the Vista Firewall.

But there is hope...

It is recommended that you only use this procedure to open the path for applications to connect through Windows Vista Firewall when you have installed the application consistently to the same program path across the network since this procedure applies to the entire domain. Alternatively, if you don't use the policy the user can accept the prompt at each computer when the application attempts to access the firewall.

  1. From a Vista client (this is the main difference, you can't edit the policy from the server) connected to the domain, log on as the domain administrator

  2. Open gpmc.msc

  3. Navagate through your domain to the Small Business Group Policies

  4. Right-click Small Business Server – Windows Vista policy (which will be available with the Vista Update coming soon), and then click edit. The Group Policy Object Editor appears

  5. Computer configuration -> windows settings -> Windows Firewall with Advanced Security -> Windows Firewall With Advanced Security (no, this isn’t a repeat of the UI)

  6. Right-click Outbound Rules, and then click New Rule

  7. On the Rule Type page, accept the default of Program, and then click Next.

  8. On the Program page, type the exact path used for installing the application on your client computers, for example, c:\path\program.exe

  9. On the Action page, select the option to Allow the Connection

  10. On the Profile page, select the types of network location that the rule will apply to (Domain, Private, or Public)

  11. On the Name page, type a name and description for this program rule and the click Finish.

  12. Close the Group Policy Object Editor and then close Group Policy Management

Note – to apply the policy immediately, you can run "gpupdate /force" using an elevated command prompt from the client

Why didn't the SBS team do this?
SBS didn't automatically configure the Vista Windows Firewall, because the new Vista firewall requires you to specify fully qualified paths to your installed applications. Since we have no way to know if you installed all the applications to the default locations, we chose not to open the firewall for applications that (1) may not exist, and (2) may be in a different location. Take extra care when creating such policies to not create exceptions in your client firewalls for applications that do not exist, or are installed in different locations.

Usually 642-432 and 642-825 are easy enough and do not require any background knowledge. However, if you plan to go for more than 642-825, maybe something like 220-601 or 70-290. it is best to cover 70-528 as well. Only then will you be eligible to go for mcse.

Check Out the Latest Microsoft Business and Technology Assessment Toolkit

On the SBS Usergroup tour, you learned about the Small Business Assessment Toolkit. Well, here is an update for you...

The new and refreshed toolkit (previously the Small Business Assessment Toolkit) can help you uncover opportunities across the Microsoft stack. New features include:
  • Easy installation and self-updating features.
  • New assessments that allow deeper evaluation of customers’ server, mobile, and desktop needs and help identify solutions using technologies based not only on Windows Small Business Server, but also on, Windows Mobile, the 2007 Microsoft Office system, and Microsoft Windows Vista.
  • A customizable question bank that allows you to tailor assessments to your customers’ specific scenario or to the your own business model.
  • A Windows-based platform that’s compatible with both Microsoft Windows Vista and the 2007 Microsoft Office system.

Assess and Win Free for Resale copy of SBS 2003 R2!
And while you’re using the toolkit, you can also get a free copy of Windows Small Business Server 2003 R2 Standard Edition (a US$599 value). Just use the toolkit to conduct business assessments with your customers and submit five assessments and complete a survey to qualify. And if you’re a Microsoft Small Business Specialist, you can also enter to win a Windows Mobile 5.0 Handheld Device as part of this offer.
Learn more at:

Friday, February 09, 2007

The Vista Update is Here!!!

The SBS Dev team has been working their buns off to get this update to you. Keep in mind that Vista could *always* join an SBS domain, just not using the http://server/connectcomputer website. You actually had to join the computer... manually.

And with any release that we work hard on, The SBS Team has put together this little blurb for you:

There has been a large amount of discussion in the community about the release of the Ripcurl update to allow Vista clients to participate in SBS domains (also known as the "Update for Windows Small Business Server 2003: Windows Vista and Outlook 2007 Compatibility (KB 926505)"). The updates you need are now available for download. (Yeah!)

Getting Started
First, start with the 31 page white paper. The white paper includes links to the downloads you need, as well as the manual steps you have to perform on the client and the server. The six downloads are: Notes, Highlights, and Gotchas from the White Paper:
  • Windows Vista Business, Ultimate, and Enterprise are supported by the SBS Client Setup tools. You can connect Home SKUs manually, but it's going to be a lot of work. Since they can't join the domain, you'll have to manually enter passwords to access emai, file shares, web sites, etc. from any of the Home SKU clients.
  • Older software will not, of course, be deployed to Vista clients. This includes older service packs, IE 6, ActiveSync 3.8 for all clients and Connection Manager in addition for 64 bit Vista clients.
  • ActiveSync has been replaced by Windows Mobile Device Sync Center.
  • If you have installed Office 2007, client setup does not install Outlook 2003.
  • Office 2007 is not a free download. Vista clients that do not have Office 2007 installed will have Outlook 2003 installed.
  • Don't attempt to install the SBS fax component on Vista. You will have to manually configure the Vista native fax client to connect to your SBS server. Steps will be posted on the Official SBS blog shortly
  • A new GPO is added called Small Business Server - Windows Vista policy for Vista Firewall settings to allow access to resources on the SBS server.
  • My documents redirection, if enabled, will automatically work with Vista clients, since Offline Files support is enabled by default in Vista.
    Remote Desktop is enabled by default and will allow connections from RWW to Vista client desktops.
  • Power management is set to always on if the computer is plugged in (i.e. has a power supply) to ensure access via RWW. The white paper has steps on how to modify these settings if you want to optimize on Vista's power management features.
  • Remote assistance only works Vista-to-Vista or from Vista to XP/2003 clients. Vista clients cannot request assistance from users on XP or 2003 machines. Use Remote Desktop instead for these scenarios.
  • You will need to manually install the SBS cert on Vista clients that are not joined to the domain. The white paper has complete steps for how to manually import the cert.
  • Bluetooth devices can cause problems with Connect Computer; disable them before accessing the site (i.e. attach a PS/2 or USB keyboard and mouse).
  • After installing the hotfixes on the server, run gpupdate /force to make sure that policies will be applied to all clients.
  • Spend some time with the troubleshooting sections at the end of the white paper- many known issues are covered there.
Didn't I tell you it was any day now? And I'm sure some of you didn't believe me.

Enjoy the Vista.

Monday, January 29, 2007

Vista is soo cool...

Hey .. Wake up!

Vista Shipped today (View Bill Gates at 500K)!

Today I wanted to share what I consider an incredible story of Vista. Yes, I'm "Wow'd" by the 3D flip. I'm depressed that my un-upgradable PC still has blue title bars instead of glass. I'm rely more on local search now than good organization skills, but that's not what I want to talk about.

Today, my team had a conference call with some of our partners in Shanghai, China. Lucky for me, Microsoft provides some pretty sophisticated Video Teleconferencing Systems. Unluckily for me, having to go through a specific receptionist to book the room, and some terrible web UI to book the equipment, which by the way, is supposed to come with help and didn't. It wasn't the best experience. Thinking I had it all setup, I found out that my converstion from Redmond time to Shanghai time, was incorrect, and I had booked the room an hour off in China, and it was already taken by another group of folks.

Dropping back to our standard "voice-only" call, we started. A few minutes into the chat, I figured... "hey, there is only one person on the call from China, at least we can see him.", I fired up my IM client and started a video conference. Un-pixelated by packets being crushed under the ocean, he popped onto the screen.

Looking around, all we had was the highly complex video phone, Microsoft's "RoundTable".

This is where Vista gets really cool

We quickly discovered the USB cable attached to the device and plugged it into my Vista laptop. Automatically Vista began searching for drivers. Clicking the "Show Details", we realized this is really a high-tech device, with at least 8 different services to provide to Vista PCs. My co-worker tells me to push play on my video feed, as soon as the driver is installed for the Video camera portion of the phone.

Instanly, our images were broadcasted over to China, and our peer over there started laughing. You see, what we hadn't counted on was the camera provides a 360 degree image, squished into a 4:3 picture frame. You can imagine how "pancaked" we looked to our peer in China.

Anyways ... Vista rocks, no reboot needed for camera install *AND*, I started using the camera *BEFORE* the phone was completely installed.

Enjoy the latest, greatest, and most secure operating system from Microsoft...

Thursday, January 25, 2007

Did you know there was a change in Daylight Savings?

If you didn't realize it. The US Government has made a change to the way Daylight Savings works for 2007. Here is some FAQ from the SBS team:


Q: I’ve heard something about Daylight Savings Time updates or DST 2007? what do I need to know?

A: In August of 2005 the United States Congress passed the Energy Policy Act, which changes the dates of both the start and end of daylight saving time (DST). Updates to several Microsoft products are required to fully implement this change on an SBS Server. Full details on the updates required are available at At this time there are no unique SBS 2003 updates required, although there are updates required to several SBS components (windows Server, Exchange Server, Outlook 2003, Windows SharePoint Services). Please follow the detailed instructions at


This applies to all versions of SBS, That's SBS RTM, SBS SP1, SBS R2, etc.

Hopefully this will make it so I see more sunlight during the winter months... oh wait, that's the rain and cloud cover, never mind.

Monday, January 15, 2007

SBS doesn't have to be your only server...

I've been hearing that people aren't buying SBS because you can't add additional servers to your SBS 2003 networks...

This is just plain wrong.

Sure, SBS is required to be the root domain controller, the primary domain controller, and can't trust any other domains. But you can have file and print servers, line of business application servers and... get this, AND backup domain controllers, backup Exchange Servers, ISA servers on the edge*, secondary SQL servers*.

Need more information?

* The ISA and SQL software that comes with SBS 2003 Premium Edition cannot be installed on seperate servers, but you can purchase this software individually and install it as neccessary.

Friday, January 12, 2007

UPnP & your Router

Recently I've come across what some would consider anomalies with their routers and UPnP support. Since I've spent the last 2 years working with UPnP routers, I figure I'd try to shed some light on the subject.

So you just bought a router, and it says it supports UPnP. First you want to know what UPnP is and why you should care.

UPnP stands for Universal Plug 'n Play. It's a generic name used across many different devices for devices that are supposed to "just work".

So why is UPnP a good thing?
UPnP's primary purpose is to make things "just work". You'll find UPnP on many low-end routers (think less than $150 usd). Many of these routers end up in homes, protecting one or two PCs from the internet, while providing automatic lan configuration via DHCP. The introduction of the router greatly simplified home networking, but made it much more difficult to "play" on the internet. In many cases services need to talk across the router, and to do that ports must be opened. Since the majority of the people are more interested in IM chat, IM video, email, and voice, they don't care how it works. Every UPnP router will support the ability to dynamically open ports on your router and close them as neccessary. For example, I bet you didn't know that your favourite IM client was poking holes in your firewall so it could talk to your friends PC. There are other optional components UPnP that allow additional configuration methods, although with it being optional, your router manufacturer is probably not going to implement it because it costs money, money is only recovered by increasing the price of the router. To keep the prices low, no one implements optional components, so when you see UPnP on your router, know that it's helping you out by opening ports and closing ports dynamically for you.

So why is UPnP questionable?
UPnP was created pre-2001, and hence, pre all security pushes of the Internet. UPnP's goal is to make things "just work" remember. Security was never a goal of UPnP. Picture this. You just finished writing a webpage on your network and want to share it with a friend, you make a UPnP call to open port 80 to point it to your system, but your roommate wrote a different webpage to share with a different friend, if your roommate asks last, he gets the port directed to his machine, and your friend is confused. With UPnP, anyone can make a programmatic request (without authentication) to your router to change your request.

This isn't such a big deal in a home, because typically there are no malicious users, and not so many PCs. It could be a problem in a business.

So what is Microsoft doing? We're investing in Web Services for Devices. Web services for devices is similar to UPnP, except it requires authentication to request the device to do what you want. Unfortunately you'll have to wait another year or so for WSD router devices to hit the market.

What other gotcha's should you pay attention to with UPnP?
Since the UPnP specification focuses on functionality and not user experience, all router manufacturers versions are slightly different. For example:

  • Some routers keep the list of opened ports in the User Interface, seperate from those open in the UPnP interface. Hence if you look at the firewall ports in the web interface, you could feel secure, but you could have every port open on your system.

  • Some routers can only hold up to 10 port mappings (it's a memory issue), and hence you can't have more than 10 port mappings at a time

So, don't be afraid of UPnP. Used correctly with a secure network, there is really no harm in enabling it, in fact, it's quite convenient. :)

Oh, and by secure, I mean WPA-PSK not WEP. ;o)

Wednesday, January 10, 2007

Friday, January 05, 2007

How to create Contact Objects in the Active Directory

I've had a few questions on this, so I figured I'd answer it out right. If you want to use the White List with contact objects that have external email addresses, you need to create contact objects for them.

To Create a contact object for an external user, you have to:

  1. Click Start, Administration Tools, Active Directory Users and Computers.

  2. Expand your domain.local, MyBusiness, Users, and select SBUsers.

    (Of course you can place them almost anywhere in the AD and they will show up. I mearly suggest this location as it's the holding place for all your users as well, helps keep things organized.)

  3. In the right hand pane, right-click and choose New and select Contact.

  4. The new Contact Object Wizard opens, enter the First name, last name, etc. and click Next.

  5. Ensure Create an Exchange e-mail address is selected and click Modify.

  6. From the list of New Email addresses, select SMTP Address and click Ok.

  7. On the General tab, enter the email address of the external receiptient, and click Ok, then click Next followed by Finish.

Now you're contact object will exist in the GAL. You can start using it to create your whitelists or distribution lists immediately on the server. However, you won't notice the contact object showing up on clients until the Offline Address Book has been built on the server, and the Outlook clients has downloaded it. Once downloaded, you'll notice that all contact objects have a little globe next to it, so they are easily identifiable in the GAL.

Hope this helps with any questions regarding adding Contacts to your system.