Disable the Windows Firewall on client computers in an SBS 2008 domain

There are 3 GPO’s that affect the firewall on client machines in an SBS 2008 domain.Open the group policy management console on the SBS and edit each of the 3 following GPO’s, or the ones that match the types of client PC’s you have. They can be found under My Business | Computers | SBS Computers or under Group Policy Objects:Windows SBS Client – Windows Vista PolicyWindows SBS Client – Windows XP PolicyWindows SBS Client The item to edit is:Computer Configuration | Policies | Administrative Templates | Network | Network Connections | Windows Firewall | Domain Profile | Protect All … Continue reading Disable the Windows Firewall on client computers in an SBS 2008 domain

Restrict Windows VPN Client Access by Source IP

   A frequent question is how to limit access to a VPN/RRAS server to users connecting from a specific IP. The following outlines using  RRAS  “Inbound Filters” on server 2003. Similar steps can be taken using Inbound filters with NPS on Server 2008 and newer. Please note: Using Inbound/Outbound Filters within RRAS should not be used in place of a proper firewall solution. As soon as filter rules are enabled, all other traffic is blocked by default and filters need to be configured for each service both incoming and outgoing You should have console access when editing RRAS features and … Continue reading Restrict Windows VPN Client Access by Source IP

Assign a Windows VPN Client a Static IP

On occasion there is a need to assign a VPN client a static IP. In active directory under the Dial-in tab of a user’s profile there is an option to “Assign a Static IP Address”, but this only applies to true dial-in clients.         There is a way to achieve this using Remote Access Policies though it is a little crude.  Remote Access Policies cannot identify a VPN client by MAC address or even user name, therefore it is necessary to use groups. The “crude” part is if you have multiple VPN clients requiring a unique static … Continue reading Assign a Windows VPN Client a Static IP

Microsoft announces "Windows Server 2008 Foundation"

  Microsoft unveiled an interesting new product this week called “Windows Server 2008 Foundation”. This is an entry level server which will only be sold by equipment manufactures such as HP and Dell, as a pre-packaged  hardware and software solution. Though it has several limitations, it should prove to be an ideal product for small businesses with less than 15 users.   The server is basically Server 2008 with a few limitations as listed below. It can function as a stand alone Domain Controller, or join an existing server as a member server or Active Directory Integrated Domain Controller. It … Continue reading Microsoft announces "Windows Server 2008 Foundation"

Determine if the Terminal Server console session is in use, from a command line

A couple of times lately I have been asked how to determine form a command line, if the console session is currently in use on a Windows 2003 server. One option is as as follows:  From a connected TS/RDP session you can run set sessionname This will return “console” or “RDP-Tcp#X” where X is the session numberHowever it only shows “console” if the user is at the physical console, not if they have remotely connected to the console session using mstsc /console  A better option is to use the query command:  query session This will return a list similar to: SESSIONNAME   USERNAME    ID     STATE     … Continue reading Determine if the Terminal Server console session is in use, from a command line

Remote support made easy

There are dozens of utilities available that allow you to support remote clients including Remote Desktop, Remote Assistance, VNC, Dameware, GoToMyPC, LogMeIn, and WebEx, only to name a few. Some of these are free, some are expensive, some offer encryption, and some require  router modifications at either the host or client site. I recently signed up for the new Citrix GoToAssist Express Beta Test which seems to offer all of the good features and more, of the aforementioned, and with none of the aggravations.  Though this service will not be free, it is well worth trying out, and consider adopting … Continue reading Remote support made easy

LMHosts and Hosts files

There are two files in the %systemroot%\system32\drivers\etc  directory that can be used for name resolution. The Hosts file, used for DNS name resolution, and the LMHosts.sam file used for NetBIOS name resolution. In an age where DNS dominates your network both locally and throughout the Internet, these two files are seldom ever used, but they can be very useful in a few situations. Both are simple text files that match names to IP addresses, and are very easy to create and implement. Most people are familiar with these files, but are often frustrated when they do not work as expected. … Continue reading LMHosts and Hosts files

VPN client name resolution

The most common problem reported with a VPN client is ” I cannot browse the remote network”. Most often if one thinks about the need to browse over a VPN connection, you quickly realize it is seldom necessary at all. You are using a VPN to access a known remote resource to which the location is well documented.  It can easily be accessed using the IP address or computer name.   Within the confines of a LAN, NetBIOS name broadcasts are the primary method for registering and resolving of names, for browsing purposes. Because broadcast packets are not routable, they … Continue reading VPN client name resolution

RRAS DHCP options

  I am frequently asked about assigning IP’s to Windows VPN clients though RRAS (Routing and Remote Access Service).  Most often this is done using DHCP, but there are several ways to handle DHCP within RRAS, and included are a couple of features that may seem a little unusual or unexpected.   The first option, just to get it out of the way as it is not often implemented, is to assign static IP’s to the VPN client. This is done through the user’s profile in Active Directory on the Dial-In page, under “Assign a Static IP”. Should this be grayed … Continue reading RRAS DHCP options