SBS 2003 R2 more than just patching…
Download
Report
Transcript SBS 2003 R2 more than just patching…
SBS 2003 R2
more than just patching…
Wayne Small [SBS-MVP]
Technical Director
Correct Solutions Pty Ltd
[email protected]
www.SBSfaq.com
What is SBS 2003 R2?
Launched on July 11, 2006
Next revision of SBS 2003
Patch management
Increased mailbox size
Increased SPAM protection
Improved licensing options
Take us through to Cougar timeframe
Oops…
What is SBS 2003 R2?
SBS2003 with SP1
Separate disk with “R2 bits”
You don’t have to install the R2 components but
why wouldn’t you?
Not a free upgrade from SBS 2003 unless
Software Assurance
OEM technology guarantee (OEM 1/3/06-31/8/06)
www.microsoft.com/windowsserver2003/sbs/r2/upgrade.mspx
Available from August 2006
Key Improvements in SBS 2003 R2
Standard
Based on SBS 2003 SP1
Win 2003 Server SP1
FSRM
MMC v3.0
Exchange 2003 SP2
Up to 75GB Mailbox store
WSS 2003 SP2
WSUS 2.0 + SBS Wizards!
Key Improvements in SBS 2003 R2
Premium
As per STD plus
ISA 2004
SQL 2005 Workgroup Edition
Let’s talk Licensing…
Pre SBS 2003 R2
Allows for additional W2003 Servers without need for
W2003 CAL purchase
Still need to purchase W2003 Server License
Post SBS 2003 R2
As above PLUS…
Allows for additional Exchange 2003 and SQL 2005
WE servers
No need to purchase Exchange 2003 or SQL 2005
WE CALs
Just a licensing option – not a technical solution
How to… additional Exchange
Server
SBS supports multiple Exchange Servers
SBS wizards don’t “know” about them.
Wizard create mailboxes on first alpha server (not
always SBS)
OWA/Outlook over HTTP/RPC, ActiveSync will NOT
work for users on the 2nd server.
Need to purchase W2003 Server License
Need to purchase Exchange 2003 Server
License
DO NOT need to purchase additional Exchange
2003 CALs
How to… additional SQL 2005 WE
Server
Must have SBS 2003 R2 Premium
Need to purchase W2003 Server License
Need to purchase SQL 2005 WE Server License
DO NOT need to purchase additional SQL 2005
WE CALs
DO need to you have purchased SBS 2003 R2
Premium Edition CALS
How to… additional SQL 2005 SE
Server
SQL 2005 Standard Edition
Need to purchase W2003 Server License
Need to purchase SQL 2005 SE Server License
Need to purchase SQL 2005 SE CALs
SBS 2003 R2 – Update Services
It’s just WSUS right?
No it’s not!
Additional wizardry to make it easier to manage
SBS 2003 R2 – Update Services
Can WSUS do this???
Email you daily with your patch status on your network
Show you the computers that are not being included in
patching?
Auto approve some patches based on requirements?
Only download patches that are NEEDED
Install Process
Can only install R2 onto a computer running SBS 2003
SP1
Install Exchange 2003 SP2
Install Windows SharePoint Services 2.0 SP2
Don’t have any instances of MMC running
Must have SBS2003 Administration & Monitoring
components installed
Must be logged in as THE “500” administrator account
Need minimum 1Gb free space of Update Services &
8Gb (additional) free space for Updates Services content
Will upgrade existing WSUS installations
Needs fine tuning though
SBS 2003 R2 – Installation Routine
SBS 2003 R2 – Console
SBS 2003 R2 – Update Services
SBS 2003 R2 – Update Services
SBS 2003 R2 – The Basics
Wayne Small
Tech.SBSGuru
SBS 2003 R2 – Tips
First 48 hours
Get the critical updates and security fixes down and
installed
Beware – the false green tick
Console – use the Refresh link – not F5.
SBS 2003 R2 – Update Services
Maintenance
Dependant on settings
Will need to approve some updates
Windows Defender pattern files
IMF Updates
Malicious Software Removal Tool
SBS 2003 R2 – Under the covers
SBS Wizardry
Scheduled Tasks
Computer Groups
Group Policy
Manual Settings
SBS 2003 R2 – Scheduled Tasks
3 Tasks
Update Services Auto Approval Task
Runs hourly
Automatically approves updates for your network
Update Services Configuration Task
Runs ONCE - 48 hours after the initial installation.
Configures Windows Server Update Services for full
functionality
Update Services Synchronisation Task
Runs every 5 minutes
Ensures that Update Services has a complete list of
computers that are on your network
SBS 2003 R2 – Computer Groups
3 Groups
Membership based on OS type
Update Services Client Computers
Win2000 Pro/XP/Vista
Update Services Excluded Computers
Anything you don’t want patched
Update Services Server Computers
Win2000 & 2003 Server
SBS 2003 Server
Use the Wizard to move computers, not WSUS
SBS 2003 R2 – Group Policy
Small Business Server Update Services Client
Computers Policy
Automatic Update type and time
Small Business Server Update Services
Common Settings Policy
All master settings – WSUS server etc
Small Business Server Update Services Server
Computers Policy
Automatic Update type and time
SBS 2003 R2 – Manual Settings
Don’t mess with things too much
Change it too much and loose the Green Tick
SBS 2003 R2 – Troubleshooting
SBS Console Errors
0x80072ee2 – common error
Transient Issue
Server Side
C:\Program Files\Microsoft Windows Small Business
Server\Support
SBSUSSettings.log
ConfigurationHelper_Policy.log
Client Side
C:\Windows\WindowsUpdate.log
Windowsupdate = WSUS/MU
Windows Update = SUS/AU/WU
SBS 2003 R2 – Troubleshooting
Wuauclt /detectnow /resetauthorization
Use PSEXEC to run on remote machines
SBS 2003 R2 – Extending its
capabilities
Create additional Computer Groups
Manually move computers into the groups using the
SBS Wizard
SBS 2003 R2 – Mobile Users
Notebook users no longer use VPN
Still need to update them and monitor them
Options
Microsoft Update – but we loose visibility of updates
VPN into the LAN on a regular basis – troublesome for
the user
Extend SBS 2003 R2 Update Services
SBS 2003 R2 – Mobile Users –
Solution
Create alternate Computer Group
Create alternate GPO & assign to an OU
Move computers into the OU
Open up WSUS to the outside world
Port 8530
STD - IP Restrictions
Premium - ISA Publishing rule
Troubleshooting and Extending
SBS 2003 R2
Wayne Small
Tech.SBSGuru
Exchange Improvements
Exchange Server 2003 SP2
Recipient filtering turned on by default
IMF included with SP2 but not configured
IMF Autoupdate Enabled by default
Up to 75Gb PRIV & PUB
Need to regedit to increase size
Think about DR before doing this
Increased Backup Size
Increased recovery time
File Server Resource Manager
(FSRM)
Improved ability to restrict content of folder
shares
File type limits
Improved notification
SMTP email when limits are reached
FSRM - Installation
Not installed by default
Add/Remove Programs
Windows components
Management and Monitoring Tools
Select “File Server Resource Manager”
Insert Disk 1 when prompted, then the R2 components
disk
Server will require a restart
Uses the new MMC 3.0 interface
Wrap up
SBS 2003 R2 – much more than just WSUS
Licensing improvements
Patch Management Improvements
Antispam Improvements
SBS2003 R2
More information
https://partner.microsoft.com/sbs2003/r2
http://www.microsoft.com/windowsserver2003/sbs/r2/d
efault.mspx
Documentation:
http://www.microsoft.com/windowsserver2003/sbs/tech
info/productdoc/default.mspx
www.SBSfaq.com
Resources
Technical Chats and Webcasts
http://www.microsoft.com/communities/chats/default.mspx
http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certification
http://www.microsoft.com/learning/default.mspx
MSDN & TechNet
http://microsoft.com/msdn
http://microsoft.com/technet
Virtual Labs
http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroups
http://communities2.microsoft.com/
communities/newsgroups/en-us/default.aspx
Technical Community Sites
http://www.microsoft.com/communities/default.mspx
User Groups
http://www.microsoft.com/communities/usergroups/default.mspx
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.