Friday, October 29, 2004

Layers of Spam protection

If you aren't already running the Exchange Intelligent Message Filter you should get on it. It strips about 10-15 messages from my inbox a day! This message filter isn't rule based, so it doesn't require updates as much as some rule based spam filters.

But like security, it's always good to have layers. Why not have 2 spam filters?

I also use a public RBL site (spamcop.net, there are more but this is the one I chose) to reverse look-up spammers and strip even more spam from my system.

When do you this, keep in mind tha the IMF will happen first, then this filter, so your IMF spam folder might contain messages that are on known spam lists, but that's a good thing right?

Here's how to configure it:

  1. In Server Management, expand Advanced Management, First Organization (Exchange) and Global Settings

  2. Right-click Message Delivery and choose Properties

  3. Since we're going to spam filter on connection, change to the Connection Filter tab to add the RBL info

  4. Click Add... to add a new filter

  5. In Display Name type the name of the filter so you can recognize it (It also appears in a default NDR message shown later in this bullet), like SpamCop. In the DNS Suffix of Provider is where you do your leg work to find the RBL sites DNS suffix, for example, spamcop.net's suffix is bl.spamcop.net, so I added this in there. In the final field Custom Error Message to Return I leave blank since it will return an email in the form of {Sender IP Address} has been blocked by {Display Name}.... I do not use the Return Status Code

  6. Now we've created filter, we need to tell Exchange to use it. Drill down into Servers, {Servername}, Protocols, SMTP and right-click on Default SMTP Virtual Server and select Properties

  7. On the General tab, choose Advanced

  8. Highlight All Unassigned and choose Edit

  9. Check the box Apply Connection Filter, and click OK until you're back to Server Management

That's all there is to it, Exchange will now check each message against spamcop.net to not let it into your inbox if spamcop knows the sender as a spammer.

Two layers is better than one!

Note: instructions provided by Chris Ard. Also, don't forget to donate to spam.cop if you like their service!

Thursday, October 28, 2004

Outlook Mobile Access acting up?

Outlook Mobile Access is pretty cool, you have to admit. Checking your email, calendar or contacts on your phone over the air? that's awesome. I'd have to say my favourite part is not having to re-enter all your contacts on the phone, followed closely by being able to know what your calendar is. Of course E-mail is fun, but I'm not sure I'm *that* important. :)

However, Outlook Mobile Access (OMA) doesn't have a lot of the same functionality as Outlook Web Access (OWA) around mailbox creation & mailbox lookup. Here are some tricks that I've picked up along the way.

  • If you add additional e-mail addresses to users and additional domains, OMA can get confused as to how to find your mailbox. Force OMA to look up which mailbox to check by making it always check the .local domain email address. Set the value in HKLM\System\CurrentControlSet\Services\MasSync\Parameters\ create a string value called SMTPProxy and make it the value of your internal domain, internaldomain.local . This will help the mailbox lookup process

  • Another trick is to ensure that you're checking the correct domain in the virtual directory:

    • Open Server Management, expand Advanced Management, Internet Information Services, {servername}, Web sites, and Default Website

    • Right-click on exchange-oma and choose Properties

    • On the Virtual Directory tab, in the Local Path it should read a string like \\.\BackOfficeStorage\{Internaldomain}.local\MBX. Delete the internal domain and put in the external domain.

    • Open a command prompt and do an iisreset

  • Changing your server IP Address. Tisk tisk if you just jump into the local network card properties and change the IP address. Use the Change IP Tool!!! Using this tool changes more than just your IP address to keep your internal network functioning. One of the things it does is change the IP restrictions on the \exchange-oma directory

Those are my tricks if you can't get it working. Of course they are work arounds to things you might have changed from the out of the box scenario, but hey, it's all about customization right?

Wednesday, October 27, 2004

IMAP(ing) your way to multiple inboxes

I have SBS 2003 running at my house, the curious thing is I have Exchange running at my house too. As you probably know, you cannot have two Exchange servers configured in a single Outlook profile. Sure you can have multiple profiles, but who wants to shut Outlook down to check if you have email at home? I didn't.

I just turned on the IMAP folders on SBS and added an IMAP server to my Exchange profile, now I can check both email accounts without having to close and re-open Outlook.

Here's how I configured the IMAP server:

  1. in the services.msc snap-in, I just started the Microsoft Exchange IMAP4 service by setting it to automatic and then started

  2. Open port 143 (TCP only) and ensure it's pointed at the server (if you're using a router box)

That's all there is to it.

Now from your Outlook client or Mobile device client, you can set-up a new email server and check the email from both the Exchange server, and the IMAP server (other Exchange server).

One more point, in Outlook if you're trying to delete messages and they are only getting stroked out, be sure to check out Edit, Perge Deleted Messages to actually remove these from the server. They will be permanently deleted though.

Also, all sent email via the IMAP server (change this by chosing the Accounts button on the new mail message window) will end up in the Exchange Server's sent items, instead of the remote IMAP servers sent items.

Tuesday, October 26, 2004

Hosting Multiple Domains on SBS 2003 (Part 4)

This tip doesn't exactly pertain to hosting multiple domains, but it could if you want to get creative.

Customizing the text on Remote Web Workplace
If you're like me, and you don't want the Remote Web Workplace to say one domain and not the other, you want to change things up a bit. Also, if you followed the steps in Part 3 around UPN enabling, Remote Web Workplace still asks you for your user name instead of an email address.

You can change this text, pretty easily infact! In c:\inetpub\remote, is all the files the remote web workplace uses for website. This includes the text file web.config. This is probably one of the most important files for the functionality of Remote Web Workplace, so make sure you back this up before you start editing it.

However, if you open it up in a text editor, like Notepad, you'll be able to see in the {appSettings} section there is a list of all the strings. If you know a little bit about coding, you can go in and change strings in the 'value=' section. Just becareful with special characters, especially quotes as they might muck up the whole file (which is where the backup comes in handy). If you want to use quotes, be sure to use the html version of these like "&__" for the special charactor your looking for.

If you want to change the string "Username" to "E-mail address" scroll down the list until you find the L_LOGON_USER_NAME and change the string between the quotes for value= to "E-mail address".

You will have to do an iisreset.exe at the command prompt to make the changes take effect, and all of your users will be logged out of Remote Web Workplace each time you make an edit to this file.

But hey, it's fun to play with. If you're feeling risky, you can even go in and edit the ASPX code to say ..... add your own logo?

Monday, October 25, 2004

Connecting to the Internet, chat with the Pros!

Sure, I run SBS, I worked on SBS 2003, but do I know everything? Heck no! There are plenty of problems that you could run into that I haven't yet. How do you solve these? Tune into a live chat tomorrow (October 26) to as questions to the SBS Product team (yes, I'll be there).

Here's how:
Small Business Server 2003 Configure E-mail and Internet Connection Wizard [October 26, 2004, 2:00-3:00 PM PDT]
Join Microsoft experts to discuss how the SBS 2003 Configure E-mail and Internet Connection Wizard (CEICW) can help you configure your network.

Click Here to see about upcoming Chats. What to skip straight to the chat because you trust me? Then Join the Chat

P.S. Part 4 of hosting multiple domains will be available tomorrow.

Hosting Multiple Domains on SBS 2003 (Part 3)

Now you are hosting multiple domains (by following Part 1 & Part 2), your users are all confused on how to log in, what their email address is and where to go. How do you seperate these things?

Well, you use UPN Suffixes.

UPN stands for User Principal Name, which is essentially a fancy computer-lingo'd way of saying: use your e-mail address to log in.

When you enable this, users will be able to go to the Remote Web Workplace and log in using their email address, instead of just their username. Might make it easier to give some users their email address instead of explaining the username versus email address idea.

How to set it up:

  1. Click on Start, Administrative Tools, Active Directory Domains and Trusts

  2. In the console that loads, right click on the root node called Active Directory Domains and Trusts and choose Properties

  3. Add your domain suffixes in in the format domain.com

Now your AD knows that it is the root domain controller responsible for these domains.

Close out this console and go back into Server Management. In the Users snap-in, we need to tell the AD what the primary suffix is for each user:

  1. Right-click a user and choose Properties

  2. On the Account tab, change the drop down box for the User logon name to be the suffix you want this user to have. Note it will add the '@' sign for you, if you see 2 '@' signs, you've done the first step wrong

  3. Choose OK for that user

You'll have to repeat this for all the users in your AD, but when you are finished, you can give your users an email address and a password, they won't need that funky "username".

It made life less confusing for my grandfather, that's for sure. :o)

One last thing. Since SBS shares the AD with all domains, you cannot have two aliases the same, so you should use combination usernames of first and last name, instead of just "dave" or "sean", otherwise user on domain1 might have the "cool" user name, while user on domain2 does not.

Read on to Part 4.

Friday, October 22, 2004

Hosting Multiple Domains on SBS 2003 (Part 2)

In Part 1 of this discussion I talked about how to add additional e-mail domains to your SBS 2003 Server. In this post I want to focus on adding websites. I am not planning on covering any security concerns in this post, as the security of your SBS box depends on how the webpage is developed.

Adding more websites to your SBS Box
IIS is really quite a cool application that makes it very easy to add additional websites to your SBS box without much effort. Here's how:

  1. Open Server Management, expand Advanced Management, Internet Information Services, {ServerName}, and Web Sites

  2. Right click on Web Sites, and choose New, Web Site

  3. Click Next on the Welcome to the Web Site Creation Wizard

  4. Type in a description to help you easily identify the website and click Next

  5. Leave the IP address as All Unassigned and the port as 80. But put in a host header, this is what will tell IIS to answer web requests using this virtual server. You should put in the domain name you would browse to such as: www.mydomain.com, if you spell this wrong, IIS will not serve up the webpage to the requesting browser

  6. Choose the location for the actual files (it's best if you can keep this away from the system drive, for security reasons), and choose if you want anonymous access or not, depending on what type of website you are trying to create

  7. Finally, choose the permissions for the website. Since you're running on your Domain Controller, and Exchange, I suggest leaving the default, read and run scripts

  8. Finish the wizard

You will see you're newly created website appear in the list with the description you gave it. Now just start plugging webfiles into the directory that you chose and you're hosting multiple websites on your sbs box.

Too easy? Why did you read the entire post then? ;o)

Troubleshooting Tips
I thought I'd toss a few troubleshooting tips in here, since I ran into these:

  • If the webpage shows up as your default web site, your host header doesn't match what the browser is asking for, and the default web site will answer all un-answered calls

  • Get a page not found? your default start document is probably not one of the ones IIS will choose, try using default.htm or default.asp. You can change the default document in the properties of the website too

  • If you want SSL encryption, you're going to have issues with the SBS self-signed cert. Change your website to a new port that's not in use and ensure the port is open on your firewall (SSL bypasses host headers since the data is encrypted as it passes into IIS). But your users will always get a pop-up since the certificate on your SBS box is programmed to be linked to the primary domain via CEICW, and will always pop-up when the domain is different


Read on to Part 3.

Thursday, October 21, 2004

Hosting Multiple Domains on SBS 2003 (Part 1)

If you're like me, you own a couple of domains and you want to have SBS answer for each domain. How do you do this?

In the next few posts, I'll outline exactly what you need to do to have SBS answer for multiple domains on the Internet.

Let's start with E-mail
For E-mail, the first thing you need to do is make sure your Internet domain's MX records are pointing to your SBS server's IP address, feel free to use backup a MX record, or even dynamic dns (I do!), depending on your own situation.

For the first email domain, follow the normal SBS wizards (Primarily CEICW) to configure your first and primary domain that you will want to use. Congratulations, your first domain is configured! :)

Adding additional domains to Exchange
To do this, we're going to edit the default recipient policy:

  1. From Server Management, expand Advanced Management, First Organization, Recipients and select Recipient Policies

  2. Right-click on the Default Policy and choose Properties

  3. On the E-Mail Address (Policy) tab, click the New button

  4. Select SMTP Address from the list and click OK

  5. Type in the name of the domain in the format @domain.com and choose OK. Leave the check box checked

  6. Check the box next to your new domain in the Default Domain Properties window, and click OK

Now that you've added this into the policy, Exchange will become aware of this domain and start responding to mail from it. This change will take effect the next time Exchange updates its policies, let's not wait that long.

  1. Select the Recipient Update Service from the console

  2. Right-click on both policies on the right and choose Update Now

This forces Exchange to update the policies now, so you don't have to wait.

You will now be able to notice all of your users have an 3 email addresses:

  • user@domain.local - added by SBS for your internal domain. It's suggested you keep this email address for this user as it is used by some SBS tools

  • user@domain1.com - this is the first domain you added using CEICW

  • user@domain2.com - this is the second domain you just added

That's as far as I went, since I wanted all my users to receive email from both domains, but what if you don't want this?

Micro-manage!

To micromanage which users have which email addresses simply:

  1. Change to the Users' snap-in and right-click on a user

  2. On the E-mail Addresses snap-in, uncheck the box at the bottom that says Automatically update e-mail addresses based on receipient policy

  3. Remove any email address you don't want the user to receive email at and add any additional email addresses in your configured domains. Don't forget to keep the domain.local e-mail address!

  4. Set the primary one to be the email address the user will send email as

There you have it, if your domain MX records are configured correctly, the SBS box will receive e-mail for both domains!

You can add any number of domains using this process. Moreover, you can add any number of email addresses to a specific user within a given domain using micromanage tactics.

Read on to Part 2.

Wednesday, October 20, 2004

More Registry Fun with SBS Backup

An MVP asked me the other day; "how do I make backup appear like it's not been run?". It occurred to me to post a little note on the registry key:

HKLM\Software\Microsoft\SmallBusinessServer\Backup

I'm not going to tell you what all the settings do, as I think the names are pretty intuitive, but this is the location in the hive that the Backup Configuration Wizard uses to store all it's settings. If you remember my SBS Backup Hack on how to swap between tape and disk for the backup target, all I did was manipulate the registry.

How do you make Backup look like it was never run, just delete the entire /Backup registry, the wizard will run like it's brand new.

Of course you'll also have to navigate to %sbsprogramdir%\Backup in the shell and delete the Backup Results.xml and Small Business Backup Script.bks to give it a completely fresh start.

Tuesday, October 19, 2004

Super secret hidden disabled items

So I'm running Lookout on my laptop, I can't get it to appear in the tool bar. Works like a champ on all my other machines. In resolving this one, you know what I find? A new place in Outlook (very uncomon for me to find a new place in Outlook) that disables "items".

Once an item gets into this list, Outlook owns you, the item will never appear, no matter how many re-installs of the app you do.

Check your list:

  • In Outlook go to Help, About Microsoft Office Outlook

  • Click on the button Disabled items at the very bottom of the page

  • Is that plug-in you can't get loaded in the list?, Remove it from the Remove list

Now we're back in business, and in my case, full text search.

Monday, October 18, 2004

Make it So ... (much faster!)

Outlook usually connects faster if you're on the local LAN, but sometimes that's not possible. Ever. You are stuck out in Outlook via the Internet land (RPC over HTTP). How do you make this connect faster? Tell Outlook to connect via RPC over HTTP even on fast networks!

  • In Outlook, go to Tools, Email Accounts...

  • Select View or Change Existing Email Accounts and choose Next

  • Select the Exchange Profile and choose Change

  • Choose More Settings

  • On the Connection tab, choose the Exchange Proxy Settings button at the bottom

  • Finally, check the box that says On fast networks, connect using HTTP first, then connect using TCP/IP

There you have it! Outlook will try RPC over HTTP first, so if you're outside of the network more often than inside, you can have a faster experience.

Friday, October 15, 2004

Looking for Something?

Search; I've never really paid that much attention to it in the past, but I'm starting to realize how important it is. When you think of search you probably think Google but I'm not talking about searching the Web. I want to search my local LAN!

I've calculated that I have roughly 30gb of data stored on my LAN that I want to search through; that's a lot of time waiting on that Windows XP little dog to dig and wag it's darn tail and Outlook isn't much better!

I needed something faster, something Google fast.

Naturally, I checked out the beta of Google's Desktop Search. As expected, Google fast, but here's what I don't like about it (although it is in beta):

  • You have to open IE to search your hard drive (why can't you just search from the task bar?)

  • It only searches your local machine, not the entire LAN, this is big for me, since I have a server to search!

  • Finally, the privacy statement about what they search on your hard drive is a little skimpy, what do they actually consider private?

I still haven't found the exact tool I'm looking for (I feel like a Jedi: "This isn't the tool you're looking for"), but there is something close! A plug-in for Outlook called Lookout.

This plug in requires Outlook 2000 or later, which is the bad part (wish it just sat in the task bar). The other bad part is it doesn't search the web. The good news is, you get lightning fast searches of email, local documents, shared documents (UNC), SharePoint and public folders! Moreover, it keeps all the documents, emails, contacts, etc intact so you can still use them in their respective form. Double click on the item and it'll open in Word, or Excel, or Outlook, just like you're used to.

Other than having to open Outlook & the lack of searching the web; Lookout Rocks.

Please be sure to read the comments of this post. Apparently I didn't learn all the features of the Google Desktop before expressing my opinion. Moreover, I have modified this post to reflect any miss-conceptions. Thank you to my readers for clearing up the confusion.

Recovering that we shall not speak of

So you just hosed your SharePoint site, your boss is breathing down your neck because his kids pictures he shared with everyone are now gone.

Don't panic, SBS' got your back.

That's right, by simply completing setup (As Mir puts it) and following the To-Do list, you've got a great backup of your SharePoint site in your SBS backup and you don't even know it. No, I'm not talking about having to run that funky stsadm.exe command every night (because even though I gave you the steps, I forgot to do it .. whoops!).

So how can you recover SharePoint from just a bunch of WMSDE database files? Give these steps a try:

  1. Un-install the SharePoint WMSDE instance

  2. Un-install SharePoint

  3. Install the Intranet component again using Add/Remove for SBS (Also known as maintenance mode)

  4. Un-extend the virtual server using the stsadm.exe command:
    stsadm -o unextendvs -url http://companyweb

  5. Detach the databases from the clean install:
    osql -E -S {server}\SharePoint
    this will connect you to the osql console, then run these commands:

    • sp_detach_db 'STS_Config'

    • sp_detach_db 'STS_ServerName_1'

  6. Attach the old database files (which will require you to restore them first)

    • sp_attach_db 'STS_Config', '{path to original dbs}\STS_Config.mdf', '{path to original dbs}\STS_Config_log.ldf'

    • sp_attach_db 'STS_ServerName_1', '{path to original dbs}\STS_ServerName_1.mdf', '{path to original dbs>\STS_ServerName_1_log.ldf'

  7. Almost there, now just Extend the virtual server using the command: stsadm -o extendvsinwebfarm -url http://companyweb -vsname companyweb

That's all there is to it, you should be able to browse to http://companyweb and impress your boss with your mad DOS typing skills.

I've had trouble gotten this to work when using a funky downloaded web-part. If this is your case, you can still browse into the Companyweb via WebDAV and extract all the files, that's at least something!

Of course the easiest way to backup and restore your SharePoint site are scheduling a task to run this command:
"%SystemDrive%\Program files\Common files\Microsoft shared\Web server extensions\60\Bin\Stsadm.exe" -o backup -url http://Companyweb -filename {target_path} -overwrite
Then you can simply follow the steps in the Backing Up and Restoring Small Business Server white paper, starting on page 16.

Thursday, October 14, 2004

All Work and No Play, Doesn't Get your Door Swapped for a Prison Door

You heard me correctly. I spent much of my time at work building a product known as Small Business Server 2003. But sometimes, an opportunity just presents itself to deviate from the norm ... Like when your manager leaves for his honeymoon, that's an opportunity!

Seizing opportunities is probably the single most important thing you can do in life. So, consider opportunity seized.

Welcome to married life ... Boss


PS. I can neither confirm, nor deny I had anything to do with this
PPS. MVPs, what number is that? I think you printed it on a shirt?

What's up with Self-Signed certificates? Why do we need 'em?

Security is important. We all know this, but how can we get the best security and keep our wallets fat?

SBS 2003 provides the ability to create and self-sign it's own certificate.
Why is this good?
If you try to purchase a signed certificate from Verisign today, you're looking at over $600 for a .cer file!!!! that's crazy, just to get 128-bit encryption. SBS gives you similar security included in the price of the server.
Why is this bad?

  • Any user browsing to your SSL website will get a security pop-up complaining the site is not trusted by a trusted authority

  • Some SmartPhone 2002 devices will never synchronize against the server

So how do Certificates work?
Windows (and mobile devices) ship with major root certificates built into the root certificate store. Curious as to which ones there are? Check 'em out:

  • Start, Run, mmc.exe

  • File, Add/remove snap-in...

  • Click the Add button on the Standalone tab

  • Choose the certificates for the computer account

  • Choose the local computer & OK out of the boxes

  • Back in the MMC snap-in, expand the Trusted Root Certificate Authorities and then click on Certificates

On the rigth hand side, you can see all the certificates that your PC currently trusts.

When you purchase a certificate from one of these companies, once they have verified you are who you say you are (and you're not a spy), they issue you a certificate. Placing this certificate on your website, will have browsers check:

  • The certificate is still valid and hasn't expired

  • The certificate name matches the website you are trying to visit

  • The root certificate from the website matches a root certificate already in the local store

If one of these items fails, the user will get a pop-up and be asked if they want to continue, continuing will use the certificate for 128 bit encryption.

What's this problem with SmartPhones?
I get asked this question a lot, so I wanted to clairfy this. SmartPhone 2002 OS does not understand the type of certificate SBS creates, and cannot be added to the phone. Pocket PC Phone Edition can be configured to work using KB 322956. On the SmartPhone, you have to disable the certificate verification. This will still use SSL for the connection, but will just not verify the 3 items mentioned above before performing the sync.

I still say the benefits to the 2003 devices, over the certificate issues are worth the upgrade. Verizon and AT&T bot can upgrade the Samsung and M200 devices to 2003, so have it done!

And now you know how certificates work.

Wednesday, October 13, 2004

Argh! Outlook won't save my password when it connects via the Internet!

If you're like me, you wonder why that Outlook 2003 Authentication box doesn't remember your password when using Outlook via the Internet (also known as RPC over HTTP).

I was frustrated by this, so I wanted to find out why. Turns out it was pretty simple reasoning.

If you follow the instructions on the Remote Web Workplace for your Small Business Server 2003 box, you'll probably be setting the Proxy Authentication Settings to Basic Authentication. Basic Authentication will send the password in clear text over the internet. Don't fret! you're still SSL encrypted, so it's not really clear text!. Basic Authentication is not remembered via the system, (since it would also store the password in clear text). This could give hackers or Spyware that runs on your system a chance to get this password and send it out to another source.

The other option in this drop down is NTLM Authentication. This type of password is encrypted, and hence can be stored by the system. The problem is, NTLM authentication isn't good at passing through firewalls. Seeing as there are a lot of firewalls on the Internet (chances are if you're running XP SP2, and your server is SBS your going through at least 2 firewalls, possibly 3 or even 4!).
So while Basic can work through any number of firewalls that it may encounter, it cannot store this on the system (for security reasons), NTLM has the exact opposite problem. In many cases, NTLM won't even connect, so it doesn't matter it can save your credentials.

So that's why you can't save your password in the Outlook 2003 RPC/HTTP dialog box.

Tuesday, October 12, 2004

Do you want to be a Keyboard Kowboy?

I remember back in University, my friends and I used to race to see who could do things faster on a computer. I usually lost, and it wasn't because I wasn't movin' that mouse, it was because I didn't know all the short cut keys. Since then I've stayed more on the keyboard than the mouse.

Windows provides a lot of shortcuts to help you be productive, you just gotta know them. Learn your tools, they will make you productive. :)

Here's some shortcuts for you to know as an IT person

  • Win+L - Lock workstation

  • Win+E - Open Explorer

  • Win+R - Open the Run dialog

  • Win+F - Search (although I can't say I use this one much)

  • Win+B - focus on the system tray (although I can't see what's going on, but if you start pressing enter and use the arrow keys, you'll launch things from the system tray, seems like this is a good idea, but needs some improvement)

  • Win+D - Toggle minimize all, and restore all windows (I suppose it's "D" for desktop)

  • Win+M - Minimize all windows

  • Win+Shift+M - restore all windows

  • Win+U - Utility manager (pretty cool, the PC starts speaking to you!)

  • CTRL+SHIFT+ESC - Launch the task manager

  • CTRL+ESC - Open the Start Menu (you can also just press "Win", but some old keyboards don't have this shortcut)

  • Win+Break - System properties Window

  • ALT+Enter - Display the properties (commonly used in Windows Explorer)

  • ALT+Space - Window Menu (follow the keystroke by an "n" to minimize the single window)

I'm sure there are more system ones, but I wanted to share some IE ones also:

  • Backspace - Back button

  • CTRL+mousewheel - Change the font size (this only works if the font size is not specified on the page using a "pt" font size)

  • F6 - Jump to the Address Bar (Also can use ALT+D)

  • Home - Top of the page

  • End - Bottom of the page


That's all for now. Did I miss some? Drop them in the comments and let's all become keyboard kowboys together!

Monday, October 11, 2004

RFC: What do you want to see here?

Well, by now I've probably amassed 1 or 2 RSS'rs to my Blog (If I'm lucky). I'm not fresh out of posts yet, but I'm taking a pole. What do you want to see here? Write me a comment and let me target my posts to you! I'm trying to stick to the genre of SBS, Windows and other productivity applications. Now is the time for you to ask you questions, if I can get to it, I can do the research and post the answer here.

And before it starts; I don't know anything about Longhorn ;o) . Isn't it a bar at the base of Whistler?

Running out of Disk Space? Toss the Big Dog on a New Volume. [aka move the Exchange Store]

Sometimes when you're running out of space, you need to take action: Fast. Here is the simple (no explanation) method for moving the Exchange store to a new location, preferably a new volume.

Moving the database & Log files:
  1. Open Server Management

  2. Expand " (Exchange)"

  3. Expand "Servers"

  4. Expand "<server name>"

  5. Expand "First Storage Group"

  6. Right Click "Mailbox store"

  7. Click on "Properties"

  8. Select the "Database" tab
    Change the location of the "Exchange Database" by browsing to a volume with more space
           -Note: DO NOT CHANGE THE DATABASE NAME

    Change the location of the "Exchange streaming database" to the same location
           -Note: DO NOT CHANGE THE DATABASE NAME
  9. Choose OK
           ** This dismounts, moves and remounts the store and make take some time to complete.

Repeat the same steps for the "Public Folder Store" (If you want to move these)

Next, if you want to move the log files to another location too, you can follow these steps:
  1. Right Click on First Storage Group

  2. Choose Properties

  3. On the General tab
    Choose Browse for each of the "Transaction Log Location" and "System Path location"

  4. Choose Yes to the: Are you sure dialog
           ** This dismounts, moves and remounts the store and make take some time to complete.
Also note, that while you do this your Exchange Server is down, meaning you cannot send or receive mail, your Outlook clients will not be able to connect to the server.

Also, if you're running out of space, make sure you're doing Exchange-aware backups (either with a 3rd party backup solution or the SBS 2003 backup solution). If you don't do an Exchange-aware backup, the Exchange log files will grow indefinitely using up all your space until the volume fills up! This can lead to very bad news if these files are left on the system drive.

Disclaimer, I stole this information from KB 257184 but I still get questions on how to do it, so I'm posting to my blog. Perhaps these steps aren't as scary looking? Sure, Exchange is the big dog of SBS, but deep down it's just a big puppy! :)

Sunday, October 10, 2004

Lock your workstation, with just the mouse?

In Windows 2000, locking your workstation was pretty tedious: CTRL+ALT+DEL, then press ENTER (or "k"). Windows XP took it to the next level, you press the Windows Key and then "L" (Why can't you change these Windows shortcuts, I can think of 26 more shortcuts).

Well, what happens if your primarily a mouse user? How do you lock your workstation then?

Well, now you can! Here are the steps:

  1. Create a New Shortcut, say, on the desktop, by right clicking and choosing New, Shortcut.
  2. For the location of the item, enter this string: %windir%\system32\rundll32.exe user32.dll,LockWorkStation.

  3. Name the Shortcut, in this case I'm going to use Lock Workstation

You can also change the icon to say, the windows lock? Now you can put this handy shortcut in the Quick Launch bar, in the Start Menu or wherever else you feel like putting it.

Execute the icon and lock your workstation with a click of the mouse!

Saturday, October 09, 2004

Prevent a Dictionary attack on your Exchange (SBS) Server

Worried about some spammer trying a dictionary attack on your Exchange server to find existing email addresses? Well, Microsoft has a fix that will be coming out with Server SP1, fortunately you can get this fix today!

KB Article 842851 explains the details on how to do this, you'll have to contact
PSS to get the hot-fix if you don't want to wait for Server SP1 (or SBS SP1 for that matter).

I know the KB doesn't say it applies to SBS, but I'm running it at home and it works like a charm, oh and I'm also having the article update ;o) to say it applies to SBS.

The nice thing is, after you've applied the QFE, if a server emails you and gets the email address wrong, then the server will wait up to 10 seconds before responding that this is incorrect, making the attacking server waste a lot of time dictionary attacking for email addresses.

Now this is one more way we can fight spammers!

Friday, October 08, 2004

Editing the SBS Admin Console

The SBS Admin console is a pretty cool idea, all your admin consoles in one place,
launched at login for you. You don't have to do anything else, just log into your box, and start the administration.

But what if you have SQL, Want to manage DHCP? What if you use AD contacts? All of these things are not in the admin console (well Contacts, are, but they are buried in the AD Users and Computers snap-in).

You can go ahead and right click the .msc file in C:\Documents and Settings\All Users\Application Data\Microsoft\SmallBusinessServer\Administration called itprosbsconsole.msc and choose Author. Any changes you make to this console are saved and launched on startup.

Some good ideas are:

  • Add a new query node for Contacts

  • Add the DNS, DHCP, ISA, SQL snap-ins to the advanced section

  • Change the startup section to save time

  • Make the console not open up full screen


Personally, I think it makes administration a little easier. If you actually use Power Users, you can do the same thing with the mysbsconsole.msc located in the same directory.

Thursday, October 07, 2004

There Can Be Only One (copy that is)

My most recent goal, is around data management. I want only one original copy of the data, but I want this data on multiple computers. Using SBS, I was able to easly redirect My Documents to the server. This allows me to share the same My Documents experience on both mylaptop and my desktop. There are a few issues with offline files that I don't want to dive into on this post, perhaps I'll save it for a later
post if there is any interest.

My next issue was with Favourites. I add a favourite on my laptop, and then get frustrated I can't browse there on my desktop.

Since Favourites are not included in My Documents, they are not redirected as part of the My Document redirection to the server, they still live on the client computer, and as a result, are a different experience on both my desktop and my laptop.

Attempting to tackle this problem, I came across a gem in the registry editor:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders This part of the registry tells the computer where your special folders are.

If you've already redirect My Documents, you'll notice the My Pictures, My Music, My Video and Personal are already redirected to the server, so here is what I did.

I changed the location of My Music from my profile to a generic share on the server, so I can share the Music with other people on the network. I also changed the location of Favorites (spelt incorrectly of course ;o) ) to point to \\servername\users\username\favorites just to keep them on the server.

You can probably set these via Group Policy, but seeing as I only had 2 computers, I did them by hand. I will probably want to setup a Group Policy so that more computers added to my network will have these settings, without much configuration needed by me.

There are two problems I've discovered with this approach, which I think I'm ok with, so you will have to decide for yourself if you are ok with them.

  • If "Offline Files" does not turn on but you still cannot access the server, IE will crash, creating a "Links" directory on the desktop. This commonly happens when you are joined to a network that has the same servername as your server, but you do not have access to this other server.

  • When you look at My Music in the Lunar start menu, it will actually say something like "Music on ServerName" instead of My Music, and if you put a description on the server, that whole description will appear there as well. It makes the start menu look a little busier, but that's it as far as I can tell.


Despite the issues, I feel this keeps my data in order (and backed up via the Server), moreover, if I add a favourite on my laptop, after a synch with the server, the favourite appears on my desktop, and vice-versa.

Happy Computing!

MapPoint shows me North America, where's the personalization?

If you're an avid Microsoft MapPoint user like I am, you probably get sick of having to zoom in to your small driving area from the entire map of North America. Here's a little trick I learned, which will probably also work for Streets & Trips (although I've not tested it)

Zoom in to the selected area of the map you'd like to start MapPoint at. Choose File/Save As..., then navigate to c:\Program Files\Microsoft MapPoint\Templates>. Then change the Save As Type to Map Template (*.ptt). You should see a file called "New North American Map.ptt". Select this file and copy and paste it (for a backup) using CTRL+C then followed by CTRL+V, this will copy and paste it while in the browse window, creating the file "Copy of New North American Map.ptt".

Finally, reselect the "New North American Map.ptt" and choose Save. Choose Yes to replacing the file.

Now when you open MapPoint, it will start in your custom zoomed map, so you don't have to zoom in forever just to see where to turn left.

Makes driving safer too :o)

Wednesday, October 06, 2004

Want to Create a User Without an Email Address?

In some cases you want to create a user, but don't necessarily want this user to have an email account. Perhaps you want someone to look at the server to help out, or perhaps you want to use SharePoint as an extranet, and you want to allow a certain group of users to access SharePoint, but you don't want to host email for them. If you use the SBS Add User Wizard it forces you to create an email account right? Right?

Wrong.

In the SBS Add User Wizard, you can simply delete the email alias from
the User Account Information page and then complete the wizard.
Poof, a domain account that doesn't have an email address!

Having Trouble Trusting Exchange From the Start?



I've been to a few network configurations where the small company was
upgrading from a peer-to-peer environment to Small Business Server 2003,
and they wanted to continue to use their Pop3 settings on each
individual client until the server was up and stable.

Personally, if you ask me, I think you should just get yourself some
solid hardware, install SBS and put the peddle to the metal! SBS just
works best in that scenario.

But, for those of you who have trust issues, here is a little tip that
might help out. By default, each time a user logs into their client
computer a script is run to change the default Outlook mail provider to
the Exchange server (SBS in this case).

Don't want this to happen?

No problem, create a DWORD in the registry under
HKLM\Software\Microsoft\SmallBusinessServer\ClientSetup called
"NoTransportOrder" and set the value to "1" (without quotes).

The next time the user logs on, the transport order won't get changed,
and you may see the following in the logs: "DoOutlookTransportOrder() -
skipping because NoTrasportOrder was set."

The down side of this method is when you do decide to move over to
Exchange (and I strongly suggest you do), you'll have to go and touch
all your clients again.

Why not just configure the pop3 connector on the server instead?

UPDATE:
One thing you might consider, and might give you troubles that has recently come to my attention, is if you opted not to install fax (and hence the fax outlook transport is not installed from the server), and set this registry key, then if you ever DID decide to install fax; fax would now be the default profile. This could cause some issues, so just be aware of it.

Tuesday, October 05, 2004

SBS 2003 Backup Hack

I wanted to write and share a Windows Small Business Server 2003 backup tip with my reader(s) (is it possible I have more than 1 yet?). Since I am somewhat active in the SBS community, and I tend to listen to our Most Valuable Professionals (MVPs), you can thank Wayne Small for asking questions about this. Wayne mentioned he wanted to backup to USB 2.0 hard drives during the day, and Tape drives at night. Interesting concept, I guess you can't be too secure with your backups right?

This got me thinking about my home setup, I have a tape drive and a USB hard drive: can I use both?

I wanted to backup to USB Monday through Saturday, then on Sunday, backup to tape (primarily so I could take the tape offsite on Monday morning). I quickly realized that adding a scheduled task to simply run NTBackup to tape wasn't going to display the backup status in the SBS Monitoring Reports. I needed another plan.

Outlined below is my solution that is currently implemented on my home SBS machine. Just to be clear, this procedure is not endorsed by Microsoft, or the SBS team.
The first step is to create some registry files that we can use to "toggle" the backup media.


  1. Configure SBS backup (using the wizard) to backup to the USB disk

  2. Export HKLM\software\Microsoft\smallbusinessserver\backup to BackupToDisk.reg and save this in the "%sbsprogramdir%\backup" directory

  3. Configure SBS backup (using the wizard) to backup to the Tape drive

  4. Export HKLM\software\Microsoft\smallbusinessserver\backup to BackupToTape.reg and save this to the "%sbsprogramdir%\backup" directory


The next step is to take advantage of these registry files. In my case, I ran the Backup Wizard and scheduled to disk 7 days a week. Next, I scheduled a separate task, following the steps below, for Sunday before the backup and Monday before the backup to toggle to Tape and then back again.

When you choose to toggle the backup media, schedule a task that runs the following command line: regedit /s "%sbsprogramdir%\backup\BackupToTape.reg" or regedit /s "%sbsprogramdir%\backup\BackupToDisk.reg" depending on which media you want to target.

That's all there is to it: hacky, but effective. Now the backup to disk and the backup to tape appear in the SBS Monitoring reports, and are easily monitored via email.

Finally, don't forget to attach the backup logs to the SBS Monitoring reports, so in the event you had a failure, you can just check what happened directly from your Inbox.



UPDATE
I wanted to update this article to reflect something Steven T. found when working on his own solution of this, and it's something that I just missed from the start. So thanks Steve!

One of the comments he had was around the "Last Log File ID" and "Last Backup ID" registry keys. We probably shouldn't be replacing those each time we flop between disk and tape. My suggestion would be to open both of the .reg files created above and remove these (using notepad) from the .reg file. Thus they will not be replaced each time the script runs.



Monday, October 04, 2004

If You Can't Beat 'Em, Join 'Em

Blogging isn't new to me; I've been following blogging, and specifically
some blogs (listed to the left) for quite some time now. I've been
planning on adding a blog to SeanDaniel.com since Susan Bradley sat me
down about a year ago and said "have you heard of RSS feeds?". It's not
often when someone can come up to me and ask me if I've heard of
something on the Internet and I have to say no.

So began the investigation that has been completed with this weblog.

I thought I'd make my first post a qualification about this blog. I
wanted the blog to be hosted on SeanDaniel.com, stretch the limits of
SBS, I pursued the route of using the ASP.Net .Text blog application.
The setup, while confusing, looked possible on SBS without much trouble.
Then I started thinking about Syndication. Running this site out of my
home on home-user bandwidth, with even a few people syndicating the site
every 15 minutes (if I'm so lucky) would be higher bandwidth traffic
then I wanted to offer out of my house.

Time to look into hosted blogging.

Why did I choose blogger.com? Well, first of all, it happens to be
linked in with my trusty Google toolbar (http://toolbar.google.com) So I
can blog easily from any webpage I'm surfing on the web, second, my
friend (Jimbo) started using this blog engine, so it was kind of mutual
to help each other figure things out, and finally, the graphics on
blogger.com are just really cool!

Also, Blogger.com enabled me to get the look and feel of SeanDaniel.com,
without having to serve up syndication feeds. All the graphics on this
website are loaded from SeanDaniel.com, which might slow load time a
little, but I'm ok with that. If you got to the blog from
SeanDaniel.com, chances are the graphics are mostly cached on your local
client anyways.

So that's the story, here I am blogging.

What's the topic you ask? I'm planning on keeping it pretty much the
same as the rest of SeanDaniel.com; everything. If I can get around to
it, I hope to have random thoughts, possibly some good jokes, some
tech-tips, and a touch of SBS that I actually can share with the
community.

Oh, and for those of you who know my "day-job", this website is not, and
will remain unaffiliated with Microsoft. Postings here are as is,
confer no rights, and do not represent the thoughts (or support) of
Microsoft.