Windows SBS 2011 Essentials GPO Add-In RTM

The Official SBS Blog is reporting that they’ve finished the “Windows 7 Professional Pack for Windows Small Business Server 2011 Essentials Add-In”. (Whew! Gotta love those snappy titles we get these days!) This is also known as the “GPO Plug-in) for those of us who’ve played with it a bit. The download will be available on August 12th.

The goal of the Add-In is to allow you to easily set group policies for clients on your SBS Essentials network, including security settings, folder redirection, automatic updates and others. Of course, these GPOs won’t work with non-Windows clients, nor will they work with Home editions of Windows, since these clients aren’t actually joined to the SBS Essentials domain.  Yet another reason I strongly believe that businesses need to be running a business edition of Windows.

If you’re running Windows SBS Essentials, I think you’ll find this Add-In a useful addition. It doesn’t do anything you couldn’t do manually yourself, but it sure makes it a lot easier to do it! And Sharon has a whole section on Group Policies in our Working with Windows Small Business Server 2011 Essentials book, which should be available by the end of August.

Protecting SBS Remote Web Access

I’ve been a firm believer in Two Factor Authentication (TFA) for a long time, and we use ScorpionSoft’s AuthAnvil here on all our servers and laptops. When we upgraded to Windows Small Business Server 2011 Standard early this year on our production network, one of the features that I was missing, and wasn’t happy about, was the lack of that TFA on the new Remote Web Access login page. When we contacted ScorpionSoft, they assured us it was coming soon, and asked us if we’d like to be on the TAP to get an early look at the product. Of course we said yes, and today I’m allowed to talk about it, and show a picture. So, first the picture - RemoteHomePage_01

See, looks just like regular RWA, except that it has an extra field for my AuthAnvil credential. That AuthAnvil credential is a combination of a PIN, and an 8 character one-time password. So, before any one can log on to my RWA site, they need to have three identification factors that assure me that they are who they say they are:

  • They must have an Active Directory account name and password that have permission to use RWA
  • They must know the PIN for that account
  • They must have the correct one-time password for that account

That one-time password (OTP) is generated at the time the user wants to log in from either their smart-phone, or from a hardware dongle. I’ve got both, but I have to say I end up using the generator on my iPhone 99% of the time.

The thing I like the most about AuthAnvil and RWWGuard is that it is completely transparent to my users. I don’t have to train them, make sure they’ve got some special card reader, or give them a different login page or anything. When I rolled out RWWGuard on my production server this morning, it just worked. And my users immediately recognized the new field and logged right in.

Now there are several vendors of two-factor authentication solutions, but the only one that has a product that integrates directly with SBS and with RWA is ScorpionSoft’s AuthAnvil and RWWGuard. And, frankly, their entire way of doing business recognizes that small businesses have just as compelling a need for secure authentication solutions as large businesses, and they’ve designed their product suite and business practices to scale from the large enterprise down to my small business. I like that, and it’s not an easy thing to do.

UPDATE: RWWGuard 2011 is officially available. And it's free to all AuthAnvil customers! Love it.

Changing the Maximum Message Size in Exchange 2010

This little script will change the maximum message size for an Exchange 2010 server. It’s not  tested and designed for use in very large Exchange organizations, but has been tested and works on single Exchange 2010 server environments such as Windows Small Business Server 2011 Standard.

edited: 19/2/2011. reminded by Brian Desmond that I really should use param($MaxSize). Thanks!

# Change-ExchSize.ps1
# Script to change the size of the maximum send and receive for
# a Windows SBS 2011 Standard installation with Exchange 2010
# Expects: maximum size parameter in MB or prompts
# Created: 19/2/2011
# ModHist: 19/2/2011 (changed to use param(). Thanks Brian

if (! $MaxSize ) {
$MaxSize = Read-Host "What's the max size(in MB) you want for all mailboxes? "
$stMaxSize = "$MaxSize" + "MB"

"Setting Maximum Send and Receive Transport Size to: $stMaxSize"
Set-TransportConfig -MaxSendSize $stMaxSize -MaxReceiveSize $stMaxSize
Get-TransportConfig | ft -maxsendsize,maxreceivesize

"Setting Maximum Send and Receive Connectors to: $stMaxSize"
$ReceiveConnectors = Get-ReceiveConnector
$SendConnectors = Get-SendConnector

ForEach ($Connector in $ReceiveConnectors ) {
Set-ReceiveConnector -Identity $ -MaxMessageSize $stMaxSize

ForEach ($Connector in $SendConnectors ) {
Set-SendConnector -Identity $ -MaxMessageSize $stMaxSize

"The Maximum Receive Connector size has been set to: "
Get-ReceiveConnector | ft Name, MaxMessageSize

"The Maximum Send Connector size has been set to: "
Get-SendConnector | ft Name, MaxMessageSize