Small Rant - SBS 2008 - Where is the Small Business?

[marley1]

I have to save did another SBS 08 setup this weekend. Where does Small Business fall into this Server OS? Isn't SBS meant to be easy and intuitive.

64 bit printers - still pain in the ass, installed the printers to a print server for a big plotter

Exchange - why the hell do you need GUI for almost everything, Public Folders were pain in ass

Firewall - WTF, Trying to install ESET which I have done many times now, coudln't get the workstation to connect. Uninstall and reinstall just for the hell of it. Couldn't telnet to the port. Go to server, and I was amazed that a full firewall was put in, not like in SBS 03.

Everything else is easy enough but some of those features are a bit annoying to get to. Lots of digging around for stuff. I just dont see how any Small Business without some knowledge of it would get this up and running.

Enough rant, system is pretty much done, need to go finish the public contacts and getting all the iPhones going. The autodiscover feature is very nice.

O yeah Backup still limited, I have Veritas running, Intronis Online, and Paragon going =)

 

[IntelOwnz]

Well the SBS title just means it comes with everything a small business would need to run. It's a very nice package and it suits the needs of most small businesses (1 server, 1 platform, done)

Sure the install can be a pain in the ass, but you'd have the same issues or more if you installed everything seperately (windows server 2003 standard + exchange + sharepoint, etc)

The full firewall is actually simple to use, sure sometimes obtrusive because it's pretty strict. You can make it less so, but I'd recommend against it for security reasons. As far as backup, Veritas obviously works, the builtin Server Backup is amazing too - give it a shot sometime.

 

[Xipher]

Not SBS specific but the Firewalls configuration can be confusion to those that don't go beyond the surface. I've seen plenty of times at work were the firewall gets disabled but really it's only the Public zone that has. Honestly though a default configuration locking every thing down is a good idea on Windows. Hopefully that's helped prevent more issues then it has caused by getting people to embrace a default deny approach.

 

[marley1]

Well the SBS title just means it comes with everything a small business would need to run. It's a very nice package and it suits the needs of most small businesses (1 server, 1 platform, done)

Sure the install can be a pain in the ass, but you'd have the same issues or more if you installed everything seperately (windows server 2003 standard + exchange + sharepoint, etc)

The full firewall is actually simple to use, sure sometimes obtrusive because it's pretty strict. You can make it less so, but I'd recommend against it for security reasons. As far as backup, Veritas obviously works, the builtin Server Backup is amazing too - give it a shot sometime.

I understand what SBS is for, but to me it was a step back from MS that you know need to access the Exchange CLI to do alot of things instead of a GUI like in SBS 03.

The product is great, with a bunch of revised features, but not really enjoying an hour or so of researching to figure out something that was so easy in SBS 03.

 

[TechieSooner]

I understand what SBS is for, but to me it was a step back from MS that you know need to access the Exchange CLI to do alot of things instead of a GUI like in SBS 03.

That's a function of Exchange itself, not SBS.
I've often wondered the same thing. I think Microsoft is planning on phasing Public Folders out... I'll deal with it when that day gets here.

 

[vertices]

SBS 2008 is a great product. Leave the firewall on. Use the wizards. Sounds like you need to learn a little more about it IMO.

 

[marley1]

don't know about that, this is my 3rd deployment and each time I feel the same way.

i know how to install sbs, and know not to go outside of wizard, but dont like how you need to do CLI for the Exchange public folders, in 03 you just went to the System Manager and created one.

so before you comment on my experience level on a server 03. i can install it all day long but some of the stuff that this client needed that others didn't brogt on little issues that took more time to research then deploy

and i see no reason for a firewall on the server, wasn't one in sbs 03 unless you had dual nic.

 

[TechieSooner]

i know how to install sbs, and know not to go outside of wizard, but dont like how you need to do CLI for the Exchange public folders, in 03 you just went to the System Manager and created one.

I'd concurr, but again... Function of Exchange and not SBS.

and i see no reason for a firewall on the server, wasn't one in sbs 03 unless you had dual nic.

Shut it off. I don't know why that's a big deal.

 

[marley1]

yes it is a functionality of exchange 07, but SP2 was suppose to fix that and make it more GUI, but SBS doesn't like Exchange SP2 and it breaks some integration with the console.

from the stuff i have been reading disabling the sbs 08 firewall is not recommended

so this isn't a thread for people to shit on peoples experience. i have used the product alot on these 3 installs, each time i find something and learn more about it, but i havent found anything better compared to SBS03. everything requires more steps, which isn't a big deal but it doesn't seem that alot of good guide still on this product. before you couold google SBS 03 + problem, and find a direct answer, this stime its alot of side reasearch from some sitse and others.

feedback lately on this forum has been poor, just alot of "know it alls" shitting on others

 

[TechieSooner]

yes it is a functionality of exchange 07, but SP2 was suppose to fix that and make it more GUI, but SBS doesn't like Exchange SP2 and it breaks some integration with the console.

My version number is just 8.1, maybe SP2 doesn't auto-update... I need to go check that out.

from the stuff i have been reading disabling the sbs 08 firewall is not recommended

Any reasons why?
I've got the firewalls disabled on my server OS's, but granted they're behind a bunch of NATing and border devices. To the LAN clients there's no boundary though.

so this isn't a thread for people to shit on peoples experience. i have used the product alot on these 3 installs, each time i find something and learn more about it, but i havent found anything better compared to SBS03. everything requires more steps, which isn't a big deal but it doesn't seem that alot of good guide still on this product. before you couold google SBS 03 + problem, and find a direct answer, this stime its alot of side reasearch from some sitse and others.

Well I do think you need to remember SBS 2008 is rather new, and SBS 2003 will be around for some time to come. There's just alot more info out there on 2003. Just like there's alot more info out there on XP than there is about Windows 7.

 

[TechieSooner]

Installed Exchange SP2 and from what I can tell it's no better in the GUI and Public Folders, FWIW.
I actually can't tell what the heck changed.

 

[vertices]

I've never had to manage public folders with CLI. I always use the GUI. That was fixed in SP1 and since I didn't start deploying 07 until SP1, I always had the GUI. Not sure what the problem is here.

Having the firewall is an additional layer of security. If a worm gets past your AV, the internal firewalls can stop it. As an MSP, we have managed firewalls on every single host.

I would say the biggest thing I like about SBS 08 is native support for Client Side Preferences. That's nice. The new backups are awesome as well.

08 is simply an evolution of 03. Personally, I like it much better. Cleaner interface, easier to do stuff, easier to manage. Not sure what's not to like here.

How about autodiscover? That sure is nicer than on 03.

 

[YeOldeStonecat]

I've held off of SBS08 so far, I haven't installed one yet...so far this year I've still been doing SBS03.

Having done a very large amount of SBS2K and SBS2K3 installs as my bread and butter, the little bit of 08 that I've read about and seen..I'm not looking forward to it.

64 bit host means 64 bit drivers for the printers..and that makes a mess of sharing the printers to workstations.

The backup has been crippled as to what hardware it works on...severely limiting choices which are commonly used in SMB servers.

My colleague did one SBS08 install for an accounting client of his last spring, he hates it, has had issues with it. And he's a very well seasoned SBS guru.

 

[marley1]

How did you do the public folders ? We couldn't import into the default top level folder due to permission error, had to use a sub program to give permission from a workstation.

And yes the printer thing is a pain, but I know their is better gpo for printer maybe you can push them out that way with 32 bit, but that also requires some extensions on the workstation to be installed

 

[TechieSooner]

I've never had to manage public folders with CLI. I always use the GUI. That was fixed in SP1 and since I didn't start deploying 07 until SP1, I always had the GUI. Not sure what the problem is here.

How about assigning permissions...
Nope, either got to do that inside the CLI or run out to a machine with Outlook and configure it client-side with an account that has authentication on it.

Having the firewall is an additional layer of security. If a worm gets past your AV, the internal firewalls can stop it.

On clients that's no problem, but Microsoft doesn't support running a Domain Controller with a firewall.

Having done a very large amount of SBS2K and SBS2K3 installs as my bread and butter, the little bit of 08 that I've read about and seen..I'm not looking forward to it.

I think on NEW deployments it'd be great...
Think of it this way. There's still a crap ton of Server 2000 (Heck I even know some places still on NT4). Server 2003 will be around a LONG time to come.

But yea, I hear more bad things about 2008 than I hear good. Granted I haven't really gone through the process of testing it out or anything, haven't really had the time to do so.

 

[YeOldeStonecat]

H
On clients that's no problem, but Microsoft doesn't support running a Domain Controller with a firewall.

Well that one is interesting then. I'd love to see the KB or Technet article on that one...to see the details. Because even with 2K3..if you multi-homed it, the firewall service would be enabled. And as we see..SBS08 with even just 1 NIC has it enabled.

 

[TechieSooner]

http://support.microsoft.com/kb/555381
Granted there's ways you can work around it but- go read it- you're going to deal with huge hassles as long as you've got it.

A Windows Server 2003 SP1 Domain Controller does not function correctly when the Windows Firewall is enabled. The computer may fail to act as a Domain Controller or replication of some Active Directory objects (e.g. GPOs) may not get replicated.

Symptoms might include:
1. client computers can not establish secure connections with the Domain Controller
2. users can not logon at client computers with domain user accounts
3. users can not access domain resources (e.g. file or printer shares) on domain member computers
4. a computer that is promoted to be a Domain Controller fails to function as a Domain Controller
5. in the File Replication Service Event Log, Event ID 13508 "The File Replication Service is having trouble enabling replication from …" appears without a subsequent Event ID 13509 "The File Replication Service has enabled replication from …" or 13516 "The File Replication Service is no longer preventing the computer … from becoming a domain controller."
6. on a computer that is promoted to be a Domain Controller, the SYSVOL and NETLOGON shares are not present
7. on a computer that is promoted to be a Domain Controller, the %systemroot%\SYSVOL\domain\Policies folder does not get populated from another Domain Controller

 

[vertices]

Yes we do most PF management from Outlook. Always have, always will. But you can make your folders in the GUI. Nothing has changed for us for PF management from 03 to 07.

 

[TechieSooner]

Yes we do most PF management from Outlook. Always have, always will. But you can make your folders in the GUI. Nothing has changed for us for PF management from 03 to 07.

Make the folders, yep. But that's about all you can do.
In ESM I could at least assign permissions and you know, actually MANAGE the Public Folders... (Hence the name of the tool).

I just don't know what the thinking was taking away the options to do this in the GUI... I don't see a positive side to it unless they're truly trying to discourage use of Public Folders (Then why make it easy to CREATE them but not MANAGE them)... Just doesn't make sense.

 

[vertices]

Missed part of my post so reposting.



Yes we do most PF management from Outlook. Always have, always will. But you can make your folders in the GUI. Nothing has changed for us for PF management from 03 to 07.

As far as printers, just push out PushPrinterConnections.exe to all clients via GPO. XP is the only one OS that needs it. Vista or 7 won't install it. Now you can assign printers via GPO to all clients ising the Printer Server module in 08 Server Manager.

64bit for printers is not that big of a deal. Jsut install the 64 bit drivers, then also install the x86 drivers. It works fine.

Backups, just have them rotate some USB drives. Easy. Or backup to an iSCSI target, then sync that to a USB drive for offsite. No need for tape.

Firewalls ARE supported on DCs. They are just saying if you don't properly configure it, there could be problem. Firewalls are DEFAULT on 2008 server of all kinds, including SBS. In fact when you add the DC role to a 2008 server, it automatically configures the firewall for that role. Same thing with SBS. I have no idea why you would turn this off. It's a great feature.

 

[YeOldeStonecat]

http://support.microsoft.com/kb/555381
Granted there's ways you can work around it but- go read it- you're going to deal with huge hassles as long as you've got it.

Where in the flying F in that article do you see "Microsoft doesn't support running domain controller with a firewall"?

The article you link is titled "How to configure Windows Server 2003 SP1 firewall for a Domain Controller", which means they do support it, if you're having problems...refer to this guide.

Lets us not forget, with starting with Server 03, including SBS, if a server is multi-homed..Microsoft programmed Windows Server to kick in the firewall service. Since many supported setups have a Windows Server in a multi-homed environment with a WAN NIC on a public IP address.