1 / 23

Small Business Server 2003

A great platform for mobility. Small Business Server 2003. Dean Calvert – SBS MVP Principal Consultant & Managing Director Calvert Technologies, Adelaide. Defining Mobility. Mobility can mean different things to different people LAN access around the office Email access beyond the office

mikko
Télécharger la présentation

Small Business Server 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A great platform for mobility Small Business Server 2003 Dean Calvert – SBS MVPPrincipal Consultant & Managing Director Calvert Technologies, Adelaide

  2. Defining Mobility • Mobility can mean different things to different people • LAN access around the office • Email access beyond the office • Remote access to company data • Remote access to company applications • What do you need to gain access to, and how?

  3. Mobility Support and SBS • Remote Web Workplace • Companyweb • Outlook Web Access • Application sharing server • Remote desktop • Download VPN connectoid for Windows PCs • SBS remote connectivity requires only 4 ports • HTTPS (TCP 443) • RPD proxy (TCP 4125) • Companyweb (TCP 444) • PPTP (TCP 1723, GRE) • Hint: Run the CEICW!!

  4. Mobility Support and SBS • Outlook Web Access • https://server.fqdn/exchange • Outlook Mobile Access • https://server.fqdn/oma • Support for Direct Push with Exchange 2003 SP2

  5. Mobile Devices • Requires only HTTPS (TCP 443) for OMA • Windows Mobile 5 devices require some “tricks” to get self signed certificate onto the device • Edit registry of device • HKLM\Security\Policies\Policies\00001017 = 144 • Regedit tools: Regedit.NET 1.0 from www.pocketgear.com(http://www.pocketgear.com/software_detail.asp?id=17108) • Hint: download the 7 day trial & you don’t really need to provide your email address to download it. Make sure you have .NET installed on your PC first. Can uninstall Regedit tool after the certificates have been installed

  6. Mobile Devices • Certificates viewable under Start/Settings/System/Certificates/Root • Export certificates from server or PC local store & copy to device. Doubleclick to install and verify certificates are installed from the above location • Hint: use ActiveSync 4.2 (download from MS). *** Avoid ActiveSync 4.0 *** • http://www.microsoft.com/downloads/details.aspx?FamilyID=7269173a-28bf-4cac-a682-58d3233efb4c&DisplayLang=en • Test certificate by visiting OWA site of server • https://server.fqdn/exchange

  7. Mobile Devices • Configure device via ActiveSync to sync with Exchange Server for: • Email • Watch the size downloaded to minimise GPRS costs • Set to download attachments to storage card • Calendar • Contacts • Tasks

  8. ActiveSync Hints • Hint: make sure you have the correct Connection Settings specified in ActiveSync on your computer when in the office or remote • Hint: if your server has private IP on external interface you need to create a DNS zone for your external domain name and enter a host record for the server’s FQDN with the external private IP

  9. ActiveSync Troubleshooting • Upgrade to ActiveSync 4.2 • Refer to www.microsoft.com/windowsmobile/help/activesync/default.aspx • Corporate environment help: www.microsoft.com/windowsmobile/help/activesync/troubleshoot.aspx

  10. Configuring Exchange Server • Pre-requisite – SP2 must be installed for Direct Push

  11. Other Mobile Tricks • Remote desktop connection • Use VPN connection into your network then terminal service client to connect to server • OR if you have TCP port 3389 open on your firewall you can connect straight in • Hint: DON’T DO THIS!!!!! • Security settings • Refer to Exchange security policy previously shown • Beware the data stored on memory cards of devices in case they get lost or stolen • Hint: crystal based screen protectors are a fantastic low cost purchase for your precious PDA

  12. Beyond The Desk • Mobility is not just mobile devices outside the LAN • What about wireless? • Can it be secure? • ABSOLUTELY • Refer to http://home.comcast.net/~clearviewtc/ for Owen Williams jnr’s article on “Configuring Secure Wireless Network Access with Microsoft Windows Small Business Server 2003” • Digital certificate based authentication & encryption keys that are dynamically generated for each wirelessly connecting computer (aka 802.1x with EAP-TLS & WPA)!!

  13. Real Outlook Remotely • Combine SBS 2003 with Windows XP SP2 and Outlook 2003 to get RPC/HTTPS • Computer does not need to be a member of the domain • Works with XP Home too so ideal for those users with home computers connecting to the corporate LAN and you don’t want them to VPN in • How do you do this?

  14. Outlook Over The Internet • Install external certificate onto PC • Visit https://server.fqdn/exchange • View the certificate • Install the certificate • Configure Outlook 2003 • When connecting you are prompted to authenticate • Provide domain\username and password • Voila!

  15. More Mobility • Access companyweb without a VPN • Specify to make this available when running the CEICW and ensure any external firewall/router you are using allows TCP port 444 through to the server • Users will be prompted to authenticate when accessing the URL – https://server.fqdn:444/ • Some web parts may not display but you can access stored documents

  16. Where To Next? • Continually developing space • Managed servers/software as a service is gathering steam • Means mobility will be part of the norm • Means security becomes even more important • Pass phrases NOT pass words • 2-factor authentication • Regular security audits and tests

  17. Offline Files (Client Side Caching) • When it works it’s great, when it doesn’t it’s very painful • Synchronise changes over VPN • Not all file types supported – MDB, PST… • Configurable on the client or through group policy • CSC is stored in %systemroot%\CSC which is hidden by default

  18. Troubleshooting CSC • “Unable to merge offline changes on \\server\share_name. The parameter is incorrect” • Reinitialise the CSC • Open Folder Options, select Offline Files tab • Hold Ctrl-Shift and click “Delete Files” button • Answer Yes twice to restart

  19. Troubleshooting CSC • Option 2 • HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache • Key: FormatDatabase • Type: DWORD • Value: 1 (it’s actually ignored) • Restart server • DELETE THIS REGISTRY KEY AFTER RESTARTING!!!

  20. Resources Microsoft Windows Small Business Server 2003 Home http://www.microsoft.com/windowsserver2003/sbs/default.mspx Microsoft Windows Mobile Solutions, Applications and Handheld Devices http://www.microsoft.com/windowsmobile/default.mspx ActiveSync Help & How Tos http://www.microsoft.com/windowsmobile/help/activesync/default.mspx Small Business Server 2003 Best Practices book http://www.smbnation.com/products.htm Advanced Windows Small Business Server 2003 Best Practices http://www.smbnation.com/products.htm Susan Bradley’s Blog http://msmvps.com/blogs/bradley/archive/category/1578.aspx Chris Rue’s Remote Device Wipe Page http://www.chrisrue.com/funcave/2006/08/solving-a-problem-with-remote-device-wipe.html

  21. Resources List Servers SBS2K: http://groups.yahoo.com/group/sbs2k/ SmallbizIT: http://groups.yahoo.com/group/smallbizIT/ Newsgroups:Public: - Server: news.microsoft.com Newsgroup: microsoft.public.windows.server.sbs Partner: - Server: privatenews.microsoft.com Newsgroup: microsoft.private.directaccess.smallbizserver2003 Usergroups: http://www.sbsusers.org/ http://groups.yahoo.com/group/melb-SBSusers/ http://www.sbsfaq.com/default.aspx http://www.smallbusinessserver.com.au/ http://www.sbsusers.net/

  22. © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related