While we’re in the "this sucks" mode…


Chris added a lot of class to the SBSshow.

We bonded over SBS, Sharepoint and licensing….. and just because I won’t hear him as often as I did before…doesn’t mean he’s not still a vital member of the SBS community….

it’s still sucky nonetheless….his silver tongue added so much to the show.

Another Sucky Friday

Fridays suck.  They really really do this year…

I’ll give you examples:

  • We tend to get into the “we hate R2” on Fridays
  • On a Friday it was announced that SBS 2003 R2 was recalled
  • …and in a moment of unfortunate timing… on the same Friday Dr. J announced he was leaving Microsoft

Tomorrow also sucks.

…but in the spirit of Scarlett O’hara…there’s another day…another day to learn some more…to be taught a new lesson…

So what did I personally learn?… Let’s see…my own personal lessons from Dr. J:

  • Making the local admin password the same as the domain password is a stupid thing to do (I don’t do that anymore)
  • Thinking that power user was secure (I don’t EVEN want to acknowledge that my original GSEC essay was how I made everyone power user in my office and considered that was making folks secure…man was I dumb on that one…
  • When SMB signing is a security risk and when it’s not
  • and a whole bunch more…

.so I’ll do my best to ‘Go forth and do good’.  You should too.  I have a strong feeling … that we’ll all still be learning… a ton… even after one sucky Friday.

Finding out what breaks..

Tomorrow night is “Vista joining the SBS domain” night in the ol’ network and I need to see what stuff doesn’t work with Vista and Office 2007 in my office… I said I was going to do this before but didn’t get around to it…. and today on Sean Daniel.com’s blog is the “how to get Vista to play nice with SBS” information


Okay so Shadow copies on a usb drive are not a good idea…..

–update– we’re hearing more reports of “froze” grey screen servers… hang loose for more details.. a reboot that takes a longggg time appears to clear it up….

Event Type: Warning
Event Source: Ntfs
Event Category: None
Event ID: 50
Date:  8/31/2006
Time:  8:01:04 PM
User:  N/A
Computer: DOMAIN
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0000: 04 00 04 00 02 00 52 00   ……R.
0008: 00 00 00 00 32 00 04 80   ….2..€
0010: 00 00 00 00 b5 00 00 c0   ….µ..À
0018: 00 00 00 00 00 00 00 00   ……..
0020: 00 00 00 00 00 00 00 00   ……..
0028: b5 00 00 c0               µ..À   

Okay so in my infinite wisdom I enabled shadow copies and wanted to place them off the main harddrive… so …says I… why not stick them on a usb harddrive… brilliant right?  Well until the drive starts to go south and ends up freezing up the server in the process….

In the event viewer under WARNINGS… so mind you …they were not showing up in my daily email…. was this over and over and over again..

Event Type:    Warning
Event Source:    PlugPlayManager
Event Category:    None
Event ID:    257
Date:        8/31/2006
Time:        6:49:36 PM
User:        N/A
Computer:    DOMAIN
Timed out sending notification of target device change to window of “C:\WINDOWS\Explorer.EXE”

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

And because I was relying on only the critical… I didn’t see that the issue of that failing harddrive was about to smack me in the face tonight.

Bottom line…there are reasons to use usb drives.. like for backing up on a planned rotation.  But it’s not a good idea to use one as an external location for shadow copies.

Shadow copies now reenabled and on the proper hardware. Lesson learned for the evening.

P.S.  someone asked today what happens when they delete a file on the server does it go to the recycle bin and with shadow copies enabled I can get deleted stuff back.  It’s way cool and something you should be ensuring is fine tuned (I take a snap every hour on the hour) and show your clients how to restore a ‘shadow copied’ file.

"A better place to get ripped off"

VioSoftware.com – Buy Cheap Software Discount Sale Small Business Server Premium PG:

To whom it may concern at VioSoftware:

Just a little hint here… there is a suggested retail price for SBS 2003 and when the price is much lower than it should be, I smell a rat.

Knock it off.  It’s vendors like you that have made us get stuck with Windows Genuine Advantage and other such anti piracy stuff that we have to deal with in the small business world.

..and then what many a Microsoft partner doesn’t appreciate… is when they try to do the right thing and then firms like you still stay in business.  We’re getting headaches trying to make sense of licensing and Microsoft EULAs and you are ripping the rest of us off and getting away with it.

Microsoft never sells a CDO {cd only} version of SBS 2003.  So Vio Software?  Knock it off.  Stop screwing it up for the rest of us so that we have to deal with WGA these days. 

And while I’m in my ranting on EULAs and media kick tonight… a word for the folks at Microsoft… I updated my member server to the R2 version and it needed a product key code… thus giving me a warm fuzzy feeling that I paid for a product upgrade.  The retail SBS 2003 R2 upgrade that I got from buy.com that goes on top of the SBS 2003 sp1… it has no product key code on the back…now admittedly buy.com sent me old wrong media… so for all I know the real final R2 standard upgrade has a product key code…but if it doesn’t….for all of those folks that rant that R2 is just a bunch of service packs… not having a product key code on the Standard upgrade sort of reinforces that.  Next time when you have a product that you have us buy… stick a product key code on there no matter what.

P.S.  Eli.. Microsoft doesn’t sell a “CDO” only SBS product.  It’s a clear rip off and was confirmed in the mssmallbiz yahoogroups by Microsoft employees.  This isn’t a rant.  They are clearly ripoffs and pirates.

There are three ways to buy SBS – retail, OEM, VL.  That’s it.  And when the price tag is too good… you know it’s counterfeit.

P.S.S.  I agree with Keith there is a “media only kit’ which I myself have purchased.. BUT.. it’s like $40 someodd bucks and I already paid for the license via the Open license/volume licnese channel.  If you are a VL/OL customer… you are being ripped off buying “CDO” software.  Folks…there is no 1/2 agreement… this firm is ripping people off.

Can SBS work in more than one location?

Hi susan


Please advice us on the best possible solution for this scenario.

  Currently we have only one office in B__. We are running SBS 2003 on our network. We use windows authentication extensively and also exchange for email. Right now we are not using Sharepoint server at all. All clients are Windows XP/Office 2003 Standard.

 This month we are setting up a new office in D__i and within 2-3 months we will have another office in M__i followed by offices in all the metros. I wanted to set up a local windows server in each office to cater to the authentication needs of the systems in that office. Also, in the B__ e office I would like to setup a backup domain controller (to replicate active directory).

All employees (across offices) will need domain.com email address. I have configured Outlook over http and want to use that for the time being. Hence, I require only Windows 2003 Server (with replicated active directory) at the branch offices. At a later point, I want to setup local exchange server as needed.

All offices are connected with ADSL lines to the internet and there is no inter-office link. This setup will not change (meaning we won’t have inter-office linkage)

I did some research on this and found that SBS cannot support this scenario. Is that true? If yes, what is the best way to go about it?

Hi back at ya…. first off I’d like to bring up the idea of “branch offices” versus “branch computers”

Remember that with a SBS network we cannot do domain trusts..but we can have additional domain controllers to assure domain authentication.  With the R2 era we can also add additional Exchange servers without adding cals.

Now then … there is no wizards in this setup and any additional Exchange server would be manually set up.  But that doesn’t mean that SBS cannot be the base server of a small firm’s domain.  As long as you stay with the single domain setup …and given that I know someone running umpteen computers in a workgroup… I personally think this is a do-able setup.  Persistent VPNs and what not…but we’re doing these sort of setups now with the SBS server as the base.

The problem is that SBS is just way too good of a base to not use in a small firm.  Okay okay, the cheapness is a strong thing in it’s favor…but given that SBS is the only one with RWW and the wizards it has.. it’s too dang good to give up.

Microsoft tends to say that SBS is not for a branch office setup…but the other day Chad had a SBS network with 13 offsite “branch” connections to that SBS server …all locations with one or two workstations. All with persistent VPNs. Is that a branch office?  Probably not in Microsoft speak…but in a SBS domain? 

..if it works… it works.

More Security Docs of interest

Gain valuable information on how to monitor the overall security level of an environment and the security level for existing equipment.

Learn about the challenges, needs, and solutions associated with protecting a network environment from unmanaged clients. This security guidance provides information about how to automatically notify and/or disable distrusted systems when they attach to a network.

RWW-Guard – I’m in love

Okay so I started testing RWW-Guard from Dana and I’m in love…. you can do staged paranoia… you can track log ins into RWW (but not log outs…but it’s better than we have now), it will ultimately provide a two factor authentication for RWW and even if you don’t use it on all accounts (you can exclude some accounts) …man the ability to better protect the Admin account ALONE is priceless.

Check this out!

What can you take onboard the plane to SMBnation?

As a veteran from traveling the other day…

  • Laptops can go on board

  • Gels and liquids need to be checked

  • Contact lens solution of less than 4 ounces can go on board

  • RXs of a small liquid amount can go on board

  • Liquid makeup must be checked

  • Liquid mascara must be checked

  • Solid deodorant can go on board

  • Gel deodorant has to be checked

  • Hair gels, hair spray, toothpaste must be checked

..and is it any wonder that the Cake Mascara from Sephora was sold out in Seattle when I went there?


So ya wanna control all your printers?

So here you are an IT admin and you want to control all your printers in one place…. so how do you do that remotely?

Well one way if you have a member server is to upgrade it to the R2 platform.  There is a Print Management console that you can then control not only network attached printers but any locally attached printer as well. 

To get this, you need to install the Windows 2003 R2 on a member server (it can’t go on the SBS box) and then add the Print server role to that server.  Then you can manually add all the print servers you want….and in this case “print servers” can also mean local printers on workstations.  You can even print test pages remotely… this could be fun as I freak out folks at the office….

(just a reminder…this is not in SBS 2003 R2.. it only goes on normal R2 servers)