Wednesday, February 28, 2007

More (unsupported) methods of getting that self-issued cert onto WM5

So, over the past few days, I've ran into two more methods for getting that self-issued SBS certificate over to your mobile device so you can sync it against your server.

Method #1
Some mobile devices (and I say some, because I don't know why this is the case... yet), like the cert better if you export it as .DER encoded. You can go to your servers "certificate" store through mmc.exe and export the public cert as .DER encoded. It's possible this may install on your WM5 device. This one is actually supported, but may still be blocked by the security model on your phone.

Method #2
A friend of a friend of a friend of a friend used Bernt Lervik's method. I can't say it's a supported method, and as always, messin' around in the registry may wreck your device, but it just might work. I have not tried this method, and it may void support on your device from Microsoft or your provider!

And in other news. Windows Mobile 6 has released, you'll probably start seeing these devices around Christmas time. Looking to update your existing Windows Mobile 5 device? Keep your eyes on your provider and manufacturers websites.... and good luck!

Monday, February 26, 2007

Understanding the Flow of Mail through Exchange Anti-spam Architecture

I have to admit, I've been a little lazy in the blog posting, after spending all day writing specifications for the next version of SBS, I haven't got the fingers left to dance over the keyboard to share my knowledge with you. Plus of course, my knowledge is confidential (for the most part) at this time.

No, I don't wear an ear-plug and answer to the name of "Agent 3".

Anyways, looking at our specs for Exchange 12 anti-spam configuration, I came across something that's public, and will probably help you understand how the Anti-spam engine works on Exchange. This is of course for Exchange 2007, but most of it applies to Exchange 2003. The full article is available over on TechNet. But for the purposes of this blog, here's the meaty detail:

Tuesday, February 13, 2007

Configuring the Vista Firewall by Group Policy

Adding a Firewall rule in Group Policy to a Vista client is a little more difficult than Windows XP. It's not because it's harder, it's because there is no ADMX configuration file for the Vista Firewall.

But there is hope...

It is recommended that you only use this procedure to open the path for applications to connect through Windows Vista Firewall when you have installed the application consistently to the same program path across the network since this procedure applies to the entire domain. Alternatively, if you don't use the policy the user can accept the prompt at each computer when the application attempts to access the firewall.

  1. From a Vista client (this is the main difference, you can't edit the policy from the server) connected to the domain, log on as the domain administrator

  2. Open gpmc.msc

  3. Navagate through your domain to the Small Business Group Policies

  4. Right-click Small Business Server – Windows Vista policy (which will be available with the Vista Update coming soon), and then click edit. The Group Policy Object Editor appears

  5. Computer configuration -> windows settings -> Windows Firewall with Advanced Security -> Windows Firewall With Advanced Security (no, this isn’t a repeat of the UI)

  6. Right-click Outbound Rules, and then click New Rule

  7. On the Rule Type page, accept the default of Program, and then click Next.

  8. On the Program page, type the exact path used for installing the application on your client computers, for example, c:\path\program.exe

  9. On the Action page, select the option to Allow the Connection

  10. On the Profile page, select the types of network location that the rule will apply to (Domain, Private, or Public)

  11. On the Name page, type a name and description for this program rule and the click Finish.

  12. Close the Group Policy Object Editor and then close Group Policy Management

Note – to apply the policy immediately, you can run "gpupdate /force" using an elevated command prompt from the client

Why didn't the SBS team do this?
SBS didn't automatically configure the Vista Windows Firewall, because the new Vista firewall requires you to specify fully qualified paths to your installed applications. Since we have no way to know if you installed all the applications to the default locations, we chose not to open the firewall for applications that (1) may not exist, and (2) may be in a different location. Take extra care when creating such policies to not create exceptions in your client firewalls for applications that do not exist, or are installed in different locations.

Usually 642-432 and 642-825 are easy enough and do not require any background knowledge. However, if you plan to go for more than 642-825, maybe something like 220-601 or 70-290. it is best to cover 70-528 as well. Only then will you be eligible to go for mcse.

Check Out the Latest Microsoft Business and Technology Assessment Toolkit

On the SBS Usergroup tour, you learned about the Small Business Assessment Toolkit. Well, here is an update for you...

The new and refreshed toolkit (previously the Small Business Assessment Toolkit) can help you uncover opportunities across the Microsoft stack. New features include:
  • Easy installation and self-updating features.
  • New assessments that allow deeper evaluation of customers’ server, mobile, and desktop needs and help identify solutions using technologies based not only on Windows Small Business Server, but also on, Windows Mobile, the 2007 Microsoft Office system, and Microsoft Windows Vista.
  • A customizable question bank that allows you to tailor assessments to your customers’ specific scenario or to the your own business model.
  • A Windows-based platform that’s compatible with both Microsoft Windows Vista and the 2007 Microsoft Office system.

Assess and Win Free for Resale copy of SBS 2003 R2!
And while you’re using the toolkit, you can also get a free copy of Windows Small Business Server 2003 R2 Standard Edition (a US$599 value). Just use the toolkit to conduct business assessments with your customers and submit five assessments and complete a survey to qualify. And if you’re a Microsoft Small Business Specialist, you can also enter to win a Windows Mobile 5.0 Handheld Device as part of this offer.
Learn more at:

Friday, February 09, 2007

The Vista Update is Here!!!

The SBS Dev team has been working their buns off to get this update to you. Keep in mind that Vista could *always* join an SBS domain, just not using the http://server/connectcomputer website. You actually had to join the computer... manually.

And with any release that we work hard on, The SBS Team has put together this little blurb for you:

There has been a large amount of discussion in the community about the release of the Ripcurl update to allow Vista clients to participate in SBS domains (also known as the "Update for Windows Small Business Server 2003: Windows Vista and Outlook 2007 Compatibility (KB 926505)"). The updates you need are now available for download. (Yeah!)

Getting Started
First, start with the 31 page white paper. The white paper includes links to the downloads you need, as well as the manual steps you have to perform on the client and the server. The six downloads are: Notes, Highlights, and Gotchas from the White Paper:
  • Windows Vista Business, Ultimate, and Enterprise are supported by the SBS Client Setup tools. You can connect Home SKUs manually, but it's going to be a lot of work. Since they can't join the domain, you'll have to manually enter passwords to access emai, file shares, web sites, etc. from any of the Home SKU clients.
  • Older software will not, of course, be deployed to Vista clients. This includes older service packs, IE 6, ActiveSync 3.8 for all clients and Connection Manager in addition for 64 bit Vista clients.
  • ActiveSync has been replaced by Windows Mobile Device Sync Center.
  • If you have installed Office 2007, client setup does not install Outlook 2003.
  • Office 2007 is not a free download. Vista clients that do not have Office 2007 installed will have Outlook 2003 installed.
  • Don't attempt to install the SBS fax component on Vista. You will have to manually configure the Vista native fax client to connect to your SBS server. Steps will be posted on the Official SBS blog shortly
  • A new GPO is added called Small Business Server - Windows Vista policy for Vista Firewall settings to allow access to resources on the SBS server.
  • My documents redirection, if enabled, will automatically work with Vista clients, since Offline Files support is enabled by default in Vista.
    Remote Desktop is enabled by default and will allow connections from RWW to Vista client desktops.
  • Power management is set to always on if the computer is plugged in (i.e. has a power supply) to ensure access via RWW. The white paper has steps on how to modify these settings if you want to optimize on Vista's power management features.
  • Remote assistance only works Vista-to-Vista or from Vista to XP/2003 clients. Vista clients cannot request assistance from users on XP or 2003 machines. Use Remote Desktop instead for these scenarios.
  • You will need to manually install the SBS cert on Vista clients that are not joined to the domain. The white paper has complete steps for how to manually import the cert.
  • Bluetooth devices can cause problems with Connect Computer; disable them before accessing the site (i.e. attach a PS/2 or USB keyboard and mouse).
  • After installing the hotfixes on the server, run gpupdate /force to make sure that policies will be applied to all clients.
  • Spend some time with the troubleshooting sections at the end of the white paper- many known issues are covered there.
Didn't I tell you it was any day now? And I'm sure some of you didn't believe me.

Enjoy the Vista.