Got “companyweb” prompting you to log in?

This one has been bugging me for a while.


Nice shiney SBS2003 Premium and the network clients can happily access the companyweb intranet site. When we introduce a W2K3 terminal server into the mix though, whenever we go to access the companyweb it prompts for a username and password.


Hmmm – check event logs, security permissions etc etc but nothing makes sense. Even played around with ISA despite knowing this couldn’t be part of the equation.


In chatting with some fellow SBSers, most of them would suggest I check DNS and making sure companyweb is in the Internet Explorer “trusted sites” site. But it already was!!!


OK, thinking about this….it’s actually part of our own network, which we naturally trust anyway, and more specifically it’s our intranet. Check that site – nup, not there. So I added it in (got prompted about moving it from the trusted sites to the intranet sites – hit the OK button and you’re in) and voila – prompt removed.


I can now happily open and close my companyweb from my terminal server (aka remote desktop server) without being prompted. Time to go check group policy to see if I can have this done automatically for TS users.


So – remember the enhanced W2K3 Server IE security settings and that even though you can TRUST your SBS, you want it in your INTRANET site.

January Adelaide SBS users group update

The Adelaide SBS users group met tonight – it was a great night, even though the “demo gods” were against us (more on this later).
We had around 12 attendees, including me, plus our special presenter – George Alexandritis (from Trend Micro).
We started with introductions for new attendees and some notices including the impending release of Harry’s latest SBS book. Get your copy here from Feb 7th (this date possibly subject to change). Not only will it be a great addition to your library, it will give you incredible information from some of the best SBS brains on the planet (FYI I’m NOT a contributing author – not enough brain cells!!) including Jeff Middleton, Susan Bradley, Wayne Small, Andy Goodman, Steven Banks and many more. Harry refers to them as the ‘international “dream team” of the world’s leading SBSers’.
George presented the fantastic offerings from Trend Micro – designed to protect your network from virii, spam and spyware, from the servers and gateways all the way down to your PDA.
The installation of the CSM suite onto our Virtual PC SBS server (Lexi) went fine but the “demo gods” were against us when it came time to access the management console – something to do with the SSL certificates.
I think next time we’ll follow Kevin’s BLOG about installing CSM onto SBS – why try to reinvent the wheel? By the way, George did a great job – thanks George. You’re welcome back ANYTIME.
The meeting was well received and we had some great side discussions including a chat about swing migrations and backups (tape (9) vs disk (6) vs optical (3) and software used – SBS (5) vs Backup Exec (9) vs ArcServe (0) vs anything else).
Our next meeting is Monday Feb 21, starting 6:30pm at Enterprise House – 136 Greenhill Road, Unley (parking onsite). Please RSVP to info@sbsusers.net.


Oh – there were several articles we were looking for from the meeting.


Firstly there’s the article on the IPXFER tool – http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=5987


Secondly the ability to eliminate the pre-scan in the OfficeScan 3.5 client installation – Locate AUTOPCC.INI in the \AUTOPCC.CFG folder in the OfficeScan server. Search for the [INSTALL] section change the line


NoPrescan=0
to
NoPrescan=1
The prescan will be disabled next time the OfficeScan client program is deployed to clients.


Oh, thanks again to Kel for bringing the data projector.

Microsoft finger print scanner review

I bought, and started playing with, a Microsoft USB fingerprint scanner yesterday. I’ve only had a little play with it but so far it looks pretty cool.


I started by installing the software that shipped with it, following which you can plug in the device. Unfortunately I had a couple of BSODs which I’m guessing were related but to be honest I didn’t take the time to check the event logs – and the system automatically restarted anyway. After 2 of these it was fine so I soldiered on.


You start by scanning your fingerprint into it – selecting a few fingers from the wizard is ideal (I chose index and middle finger on right hand). There was no pain and certainly no blood, so I kept playing :)


When a web site with a login screen is displayed (both HTTP and HTTPS) you simply press your finger on the scanner, it then prompts you to enter your username and password, and you select the appropriate “login” button if it detects multiple buttons to choose from, and hit the OK button. You then place your finger on the scanner again and it logs you in – complete with a little noise as confirmation that it worked.


I’ve added several sites to its collection and am getting into the habit of reaching for the scanner rather than the keyboard when it’s time to log in.


The scanner itself is relatively small and unobtrusive. I guess my only real issue with it is the red light it uses to scan your finger is on all the time, so if you’re working in a dimly lit area it can be just a little distracting (perhaps incorporating a pressure switch that turns the light on when you place your finger on it would be good for version 2). The scanning surface is a soft plastic which gathers dust and finger prints quite easily – simply cleaned with a little sticky tape (the instructions say cello tape but I used scotch tape). At first I thought there was a protective covering on the scanning surface that needed to be removed before use – much like you get on the screen of a mobile phone when it’s new – but don’t be fooled, it’s not a protective coating so don’t go trying to remove it!


After playing with the USB scanner for a day, I decided to bite the bullet and get the full kit – the keyboard with finger print scanner built in and wireless mouse (comes as a bundle). It was a simple matter of unplugging the USB scanner, installing the keyboard and mouse software, then plugging in the new devices.


Since the scanner is on the left side of the keyboard I had to cut the fingers off my hands and switch them around … no wait, that wasn’t necessary. After switching my fingers back to their correct sides (lucky I had some scotch tape left over) I simply scanned some fingers on my left hand using the wizard and that was it.


I’ll be playing with it a little more over the next days and weeks and will post back my thoughts as I learn more.


I must say one disappointing thing I found is it’s really only good for logging into web sites or using the fast user switching for Windows XP. Now this means it can’t be used on a machine that’s part of a DOMAIN (which puts us SBSers out of action for simple logins). I was hoping it could be used for logging into my computer but alas it’s not to be. In fact the instructions (yes I did RTFM) do say the scanner cannot be used for logins to a domain.


I guess I should clarify why I bought the scanner in the first place. I’d heard about the scanner and had been talking with a client who currently have a workgroup and will be moving up to an SBS network over the next few months. The users of this network are, how should I put it, not really technical when it comes to IT, so the thought was to use the scanners to help them adjust to logging into a network – a way of avoiding having to remember their username and password. I bought the scanner to do some testing for them but alas it’s not the solution they need.


In addition, I have a LOT of web sites I log into on a daily basis and this will help save me a little time each day – every bit helps. (in fact I used it to log into my blog and submit this post)


So, what’s the verdict so far? If you have a computer with mulitple accounts, which is in a WORKGROUP environment (ie can use fast user switching) then this is a great product for you. If you log into a lot of web sites during your working day then this is a great product for you.


If your computer lives in a DOMAIN environment, and you basically process email and use a few applications, with limited web site logins, then save your money and give these devices a miss – until they can handle domain logins. I guess it’s early days yet and newer versions may provide the domain login capability – or perhaps there are already products around that can do this. If there are and you know about them, please let me know – gives me an excuse to do some more playing…err…testing.

Made the press

Our state newspaper, The Advertiser, ran an article in last Tuesday’s (Jan 11) edition, in the “Business Owner” section that I’m particularly fond of.


You can see a copy of the article here


Whilst the journalist did take some artistic licence to the story (never let the facts get in the way of a good story!) it’s mostly correct.


Sarah Jessica-Parker was on the opposite page :)

It’s been a while since my last post…

actually it’s been waaaay too long, but I guess it’s OK when I consider how busy the last weeks have been.


I was just reading one of Chad’s older posts (http://msmvps.com/cgross/archive/2004/12/02/22108.aspx) and it made me think of one of the swing migrations we did a couple of weeks ago – this was a new client who’d had SBS2003 Premium installed for them by another provider but had not followed the wizards to any extent.


To begin with, the users on the network were still using PSTs for their email so they didn’t have any of the cool Exchange features available to them. Next, some of the machines on the network (XP based notebooks) were still in workgroup mode, so there was no possibility for them to take advantage of the power of group policy.


The “server” (which is just a PC acting as a server – a BIG no-no in my books) had a hardware IDE RAID card in it, but the 2 120Gb drives in the server were using software based mirroring which was placing a huge load on the server performance, so much so that at times their software became quite unusable.


The list went on and on. I had my first visit on new years eve to investigate a problem where the server would not boot properly – it would present a boot menu which the other providers had setup to allow booting from the mirrored drive, but the default boot option for SBS just didn’t work. Quick fix of the boot.ini file and restarts were fine again.


I investigated further – another problem was email had stopped coming in and was in fact bouncing back to the senders. I found an incorrect primary MX record for their domain and managed to get the owner of their ISP on the phone and arranged for their DNS records to be updated accordingly.


As I went through tidying things up I came to the conclusion that I was applying bandaids to the system and it really needed to be rebuilt. I simply told my client “You know what I’d really like to do with this server? I’d love to just wipe it clean and build it properly for you, so that I know it will work”. She was keen and after a brief discussion of when & how we agreed on my rebuilding the following weekend.


I knew I was going to use Jeff’s swing methodology to allow me to keep the Active Directory information which would mean the notebooks that were actually part of the domain could remain relatively untouched.


To make a long story short, we rebuilt the server whilst maintaining the AD settings, all notebooks are part of the domain complete with Exchange based mailboxes (with IMF happily running), anti-virus (went with Trend CSM on this one) and backups that work.


My client is very happy with the end result and I know that yet another SBS is running as it should.


So what’s the moral to this story? I guess if you’re an IT provider and you’re asked to install SBS for a client, if you don’t understand how SBS really works and why you need to use the wizards, please take your hands off that server and step away. If you just jump in like it’s “normal” Windows you’ll most likely break it, break the client, break yourself and damage SBS’s great reputation. There is a whole community out there to help you understand WHY you need to do things the SBS way, as well as HOW. (Also see here)


At the very least find and join your local SBS users/partners group where you can safely ask the hows and whys. Oh, that reminds me, need to promote the next Adelaide SBS UG meeting…