SBS

Windows MultiPoint Server 2012 Beta Available

Some of you know I'm a huge fan of Windows MultiPoint Server, and the next release is due out "soon". I've been testing it here and I'm really excited about the new features, especially the built in VDI support for both Win7 and Win8 clients. This will solve issues around power users in business environments where WMS has been limited by the Remote Desktop Protocol (RDP). With direct support for virtual desktops using VDI, that should be a non-issue.

To learn more about Windows MultiPoint Server 2012, check out the official blog post here. To join the public beta, go to the Connect directory at https://connect.microsoft.com/directory/ and click on the Join link for Windows MultiPoint Server 2012 Public Beta. (It's right at the top, at least for the moment. )

Windows MultiPoint Server 2011 UR 1.1 Released

Microsoft has released an update rollup to WMS. This update rollup replaces UR1, which had an installation order problem when installed on an SBS Essentials network (or with Windows Storage Server 2008 R2 Essentials). The details of the update are covered in MS KnowledgeBase article 2626067. UR1.1 is cumulative, so you can install it over the top of UR1 if you already have that installed, or you can install it on a plain RTM system. It will supersede UR1 on WU/MU/WSUS.

(note: if you already have problems because of installing the existing UR1, you need to re-install the SBS Essentials to correct the issue -- just connect to http://sbseservername/connect and re-install.)

Charlie.

Windows SBS 2011 Essentials GPO Add-In RTM

The Official SBS Blog is reporting that they’ve finished the “Windows 7 Professional Pack for Windows Small Business Server 2011 Essentials Add-In”. (Whew! Gotta love those snappy titles we get these days!) This is also known as the “GPO Plug-in) for those of us who’ve played with it a bit. The download will be available on August 12th.

The goal of the Add-In is to allow you to easily set group policies for clients on your SBS Essentials network, including security settings, folder redirection, automatic updates and others. Of course, these GPOs won’t work with non-Windows clients, nor will they work with Home editions of Windows, since these clients aren’t actually joined to the SBS Essentials domain.  Yet another reason I strongly believe that businesses need to be running a business edition of Windows.

If you’re running Windows SBS Essentials, I think you’ll find this Add-In a useful addition. It doesn’t do anything you couldn’t do manually yourself, but it sure makes it a lot easier to do it! And Sharon has a whole section on Group Policies in our Working with Windows Small Business Server 2011 Essentials book, which should be available by the end of August.

Protecting SBS Remote Web Access

I’ve been a firm believer in Two Factor Authentication (TFA) for a long time, and we use ScorpionSoft’s AuthAnvil here on all our servers and laptops. When we upgraded to Windows Small Business Server 2011 Standard early this year on our production network, one of the features that I was missing, and wasn’t happy about, was the lack of that TFA on the new Remote Web Access login page. When we contacted ScorpionSoft, they assured us it was coming soon, and asked us if we’d like to be on the TAP to get an early look at the product. Of course we said yes, and today I’m allowed to talk about it, and show a picture. So, first the picture - RemoteHomePage_01

See, looks just like regular RWA, except that it has an extra field for my AuthAnvil credential. That AuthAnvil credential is a combination of a PIN, and an 8 character one-time password. So, before any one can log on to my RWA site, they need to have three identification factors that assure me that they are who they say they are:

  • They must have an Active Directory account name and password that have permission to use RWA
  • They must know the PIN for that account
  • They must have the correct one-time password for that account

That one-time password (OTP) is generated at the time the user wants to log in from either their smart-phone, or from a hardware dongle. I’ve got both, but I have to say I end up using the generator on my iPhone 99% of the time.

The thing I like the most about AuthAnvil and RWWGuard is that it is completely transparent to my users. I don’t have to train them, make sure they’ve got some special card reader, or give them a different login page or anything. When I rolled out RWWGuard on my production server this morning, it just worked. And my users immediately recognized the new field and logged right in.

Now there are several vendors of two-factor authentication solutions, but the only one that has a product that integrates directly with SBS and with RWA is ScorpionSoft’s AuthAnvil and RWWGuard. And, frankly, their entire way of doing business recognizes that small businesses have just as compelling a need for secure authentication solutions as large businesses, and they’ve designed their product suite and business practices to scale from the large enterprise down to my small business. I like that, and it’s not an easy thing to do.

UPDATE: RWWGuard 2011 is officially available. And it's free to all AuthAnvil customers! Love it.

Starting Exchange Services after a Power Failure

In my environment, with a virtualized SBS 2011 Standard, there are occasionally Microsoft Exchange 2010 services that don't properly restart if there has been an abrupt power failure on the Hyper-V host. (Don't ask.)

Now, of course, the first time this happened, I just logged in to the server and started the services. But when it happened again, it's time to write a script. And it was a fun script, since it uses WMI and PowerShell remoting and other fun stuff.

# Script to start Exchange services on SBS 2011 Server after power failure
#
# Accepts a parameter of the exchange server name, but defaults to SRV2 if none entered
# Assumes you are logged in to the domain with Domain Admin credentials
#
# Created: 14/03/2011 by Charlie
# ModHist: 15/03/11 -switched to using WMI in the session to get StartMode
#
#
param ($ExchSrv = "SRV2" )

# first, open a session to the Exchange server
$srv = New-PSSession $ExchSrv

#Now use Invoke-Command with -Session
Invoke-Command -Session $srv -scriptblock {
   $exsvc = gwmi win32_service | Where-Object {$_.Name -like "MsExch*" `
     -and $_.StartMode -eq "Auto"   -and $_.State -eq "Stopped" }
   if ($exsvc ) {
      foreach ($svc in $exsvc ) {
         Start-Service $svc.name
      }
   }
}

The if statement in there is to prevent an error if all the services are running. Of course, for this script to work as it's written, you'll need to run it from a workstation in the SBS domain, and you'll have to enable PowerShell remoting on both the server and the client. If you haven't done that yet, I've posted a quick setup guide on TechNet.

I've posted this script up to the Microsoft Script Center, so if you have comments or suggestions to improve it, please comment there.

Charlie.

Changing the Maximum Message Size in Exchange 2010

This little script will change the maximum message size for an Exchange 2010 server. It’s not  tested and designed for use in very large Exchange organizations, but has been tested and works on single Exchange 2010 server environments such as Windows Small Business Server 2011 Standard.

edited: 19/2/2011. reminded by Brian Desmond that I really should use param($MaxSize). Thanks!

# Change-ExchSize.ps1
# Script to change the size of the maximum send and receive for
# a Windows SBS 2011 Standard installation with Exchange 2010
#
# Expects: maximum size parameter in MB or prompts
#
# Created: 19/2/2011
# ModHist: 19/2/2011 (changed to use param(). Thanks Brian

param($MaxSize)
if (! $MaxSize ) {
$MaxSize = Read-Host "What's the max size(in MB) you want for all mailboxes? "
}
$stMaxSize = "$MaxSize" + "MB"

"Setting Maximum Send and Receive Transport Size to: $stMaxSize"
Set-TransportConfig -MaxSendSize $stMaxSize -MaxReceiveSize $stMaxSize
Get-TransportConfig | ft -maxsendsize,maxreceivesize

"Setting Maximum Send and Receive Connectors to: $stMaxSize"
$ReceiveConnectors = Get-ReceiveConnector
$SendConnectors = Get-SendConnector

ForEach ($Connector in $ReceiveConnectors ) {
Set-ReceiveConnector -Identity $Connector.name -MaxMessageSize $stMaxSize
}

ForEach ($Connector in $SendConnectors ) {
Set-SendConnector -Identity $Connector.name -MaxMessageSize $stMaxSize
}

"The Maximum Receive Connector size has been set to: "
Get-ReceiveConnector | ft Name, MaxMessageSize

"The Maximum Send Connector size has been set to: "
Get-SendConnector | ft Name, MaxMessageSize