This week is another out of the office on Microsoft partner training – 4 days of SBS 2008…
Course code: 44CO120 – M6445 – Implementing and Administering Windows Small Business Server 2008
Where: QA Tabernacle Street, London, EC2A 4DT
Who: Mark Cresswell (firstname.lastname@example.org)
44CO120 – M6445 – Implementing and Administering Windows Small Business Server 2008
This four-day instructor-led course provides students with the knowledge and skills to plan, implement, and manage Windows Small Business Server 2008
This course is intended for technology consultants, system integrators, and in-house technology staff that serve small and medium- sized businesses
In addition to their professional experience, students who attend this training should have technical knowledge and skills equivalent to the following courses:
Course 6420: Fundamentals of a Windows Sever 2008 Network and Applications Infrastructure
Course 6424: Fundamentals of Windows Server 2008 Active Directory
Course 5115: Installing and Configuring the Windows Vista Operating
Course 5116: Configuring Windows Vista Mobile Computing and Applications
Delegates will learn how to Install Microsoft Windows Small Business Server 2008.
Migrate to Microsoft Windows Small Business Server 2008.
Configure Windows Small Business Server 2008 using the Windows Small Business Server 2008 Console.
Manage users and groups in Windows Small Business Server 2008.
Manage messaging and collaboration in Windows Small Business Server 2008.
Manage and monitor Windows Small Business Server 2008.
Secure a Windows Small Business Server 2008 network.
Expand a Windows Small Business Server 2008 network
Top tips & links picked up during the course…
Microsoft SBS docs – http://tinyurl.com/sbs-docs
Known Post Installation Event Errors from SBS 2008 – http://support.microsoft.com/default.aspx/kb/957713
Microsoft blog guide to WSS3/MOSS alternate access mappings – http://tinyurl.com/wss-aam
more tiny urls.. /sbs-rsg, /sbs-docs, /sbs-grp
Microsoft OEM site – http://oem.microsoft.com
Top 100 public SharePoint sites – http://www.wssdemo.com/Pages/topwebsites.aspx
Free Block List provider – http://www.spamhaus.org/zen
This is gold! add zen.spamhaus.org to your Block List Providers and switch on connection filtering.
One caveat to note, every time an email is processed by your server it performs a lookup to zen.spamhaus.org – if they receive too many lookups they will suggest that you take up their paid service. The threshold for this is huge (100,000 SMTP connections per day or 300,000 lookups), and you must not be using it commercially i.e. providing a managed service incorporating their service.
Why disable or rename the Administrator account… because it has a well-known SID! (… -500).
Use child domains for all external domain records just like the default remote.yourdomain.com so to get round duplicate maintainence of internal and external resources (and prevent confusion when vpn’d in!)
SBS default groups have an attribute that mark them as created by the SBS setup process or management console.. so be mindful if creating outside of the console!
Fool it by opening AD Users & Computers, open the attribute editor for the group and edit the msSBSCreatedState to ‘Created’
Roaming profiles – SBS has not been designed to support roaming profiles and Microsoft will not support issues with them (in this context), e.g. production of a SBS specific hotfix to address an issue.
Advised not to use roaming profiles bar controlled environments such as standard build, lack of local admins, quotas, group policy lockdown, etc.
Client migration – above half a dozen client machines consider using the User State Migration Toolkit (USMT) to script the process, ROI should be worthwhile in configuration time vs time saved at the desktop.
Segway! – the BBC iPlayer program is a P2P service that shares out content, based on Ch4 4oD package – remove it!
Need to inject drivers into WinRE or WinPE boot environments..? don’t be scared! use drvload and PEImage, more on TechNet Edge – http://edge.technet.com/Media/WinRE-and-free-stuff-with-Sean-Kearney/
SSL certs for SBS – don’t buy single certs unless you have to. Host headers and ssl is tricky, has to be a ucc cert or wildcard cert to support.
Default cert purchase from now on will be a wildcard cert, unless a bloody good reason (or lots of small ones… read $’s) not to!
Security cost triangle – you can have any two but not all 3!
low cost, usability, security
Relability and Performance monitor – what a gem!
migration to SBS2008..
My recommendation is to start with Philip Elder’s great posts at http://blog.mpecsinc.ca/
SBS 2008 deployment checklist – http://blog.mpecsinc.ca/2009/05/sbs-2008-setup-checklist-v111.html
SBS2003 to 2008 migration guide – http://blog.mpecsinc.ca/2009/06/sbs-2003-to-sbs-2008-migration-guide.html
Exchange & Circular Logging…
A potential for lots of debate, but I’d agree with Mark that whilst migrating mailboxes, if circluar logging is not enabled, enable it otherwise run the risk of filling up disks with log files!
Disable circular logging post event and let the Exchange aware backups submit the log clear down. However, if the store data and logs are on the same spindle you may as well leave circular logging on as you get little or no recovery benefits.
How to remove the last legacy Exchange server from an organisation – http://technet.microsoft.com/en-us/library/bb288905.aspx (http://tinyurl.com/sbs-exmig)
Common mistakes when upgrading Exchange 2000/2003 to 2007 – http://support.microsoft.com/kb/555854/en-us
Microsoft Desktop Optimization Pack
Advanced Group Policy Management – http://technet.microsoft.com/en-us/library/cc749396(WS.10).aspx
Asset Inventory Service – http://www.microsoft.com/windows/enterprise/products/mdop/ais.aspx
Microsoft Diagnostics and Recovery Toolset (DaRT)
System Center Desktop Error Monitoring (DEM)
Microsoft Asset Inventory Service (AIS)