Hello and welcome to my review of Harry Brelsford's Small Business Server 2003 Best Practices. I hope you have read my review of Eriq Neale's book. If not, go ahead and do it, I'll wait right here until you get back. The book is 14 chapters long. I intend to review every chapter except chapter 13 which covers ISA2K. Since ISA2K4 is the standard, I can't see going backwards. Without further adieu, here is chapter 1.

Harry gives a list of SBS features. He then gives a history of SBS. He gives a good talk about people who do use and who should use SBS2K3. Harry then talks about the Finder, Minder and Grinder. The Finder gets the business. The minder is the manager type and the grinder is the worker bee. Harry then talks about the business of SBS and the philosophy of SBS. He then talks about 4 walls. That means SBS should be only in one location. That is, it should not be used for branch office situations. Later on though, that seems to be reversed.

The chapter then covers the SBS market. The three keys are attitude, affluence and expertise. The next couple of pages goes through each of these points. He spends 2 or 3 areas talking about the various numbers of small businesses. He does admit that a majority of these businesses are overseas.

The chapter next moves into the architecture of SBS. Harry has a nice picture of the architecture. He carries the topic to the single domain and having all the 5 FSMO rules. It should be the only DC, but member servers can be used. The discussion then looks at the client side and business applications. Mainly those that will run on the server using SQL. The apps are not named, but a general discussion is used.

Competitors are now discussed. The first one is Windows 2003 Server. MS vs. MS! XP in a peer to peer setup. It can happen is small shops. Novell Small Business Suite is the final competitor discussed. It is based on Netware so that is that. Harry finishes by talking about the product launch and then a short summary.

Chapter two covers Design and Planning. I will try to get through it quickly, but it may not happen. I am going on vacation to Colorado this Saturday for a week. I pull out at 5:00 AM and will not be back until late the following Saturday. Therefore, it may be awhile before I can get through chapter 2. Just giving you a heads up. Take care until we meet here again. Thanks for reading.

Chapter 23

Here is the last review for Eriq Neales wonderful book, SBS2K3 Unleashed. These last two chapters cover ISA. Chapter 23 is entitled "Internet Security and Acceleration Server 2004 Basics". The chapter begins by telling us ISA is a firewall. It then moves into firewall appliances and a bit about the debate between hardware and software firewalls. Hint: ISA is just as good at protecting you as the hardware guys. What runs the hardware? If you said software, give yourself 5 extra bonus points and thanks for playing.

The chapter admits that ISA is tough to master. However, learning the basics and a few advanced topics should get you through most of what you need to know. Some free resources are mentioned to learn the product. The one most often mentioned in these 2 chapters is http://www.isatools.org.

New features of ISA2K4 are discussed next. The ISA management MMC. the ISA Networks, Apply or Discard changes, and Administration Delegation. The ISA Management MMC is spiffed up and broken into three panes. ISA Networks no longer trusts the internal network out of the box. It now knows five networks instead of two and it trusts none of them. The LAT is gone. VPN Quarantine puts your users in a sandbox until they are checked and verified. It is a scriptable environment. Apply or Discard is two big buttons at the top of your window when you make changes. Administration Delegation allows you to setup someone else with three different monitoring roles. This way, your setup cannot be changed by these administrators. Several pages discuss this last topic at length.

ISA has three different client types. They are; SecureNat, Web Proxy and the Firewall Client. The Firewall topic is covered the most with explanations for setting it up, deploying and the like.

Log information comes next. ISA logs everything by default. It can be a nice picture of what happened, but it also requires a  lot of space to create these logs. ISA keeps 16 GB of log files by default. Lucky we all have large hard dives these days! However, you are shown how you can cut that down to size, but not below 4 GB.

ISA has a lockdown mode. If the firewall service stops, ISA automatically locks itself. It does not shut down, it just isolates and protects itself. The book tells you exactly what all that means.

Client connections are limited to 160 with a new install and only 40 if you upgraded from ISA2000. ISA does cache web pages still, but it is just a small part of its functions. The default cache size is 100 MB. This chapter does not have a troubleshooting section. It closes with a Summary section and Best Practices.

Chapter 24

Chapter 24 is called "Internet Security and Acceleration Server 2004 Advanced Administration". By the name, you can see we have moved past the basics and are going into the advanced side. ISA2K4 is very advanced as you will see.

The chapter discusses customizing the dashboard. It is limited as to what you can do, but you can roll up things you don't care to see and unroll things that you want to see. Alerts can be acknowledged or reset. How you wish to handle it will be up to you and your client. If you use a DHCP to assign an address to your external NIC, it can be spoofed. Bottom line, go static and you'll get no static! You can setup a wireless access point for your wireless clients easily.

You can and should enable intrusion detection on ISA. Several pages are devoted to showing you how and explaining the concepts in rather good detail. Turning on detection is easy and can save you a world of grief. The next topic up is configuring automatic detection for the firewall client. This feature allows laptops to connect from anywhere without reconfiguring.

Application  and Web filters are next. Bad dreams of the OSI model come back to you here, but not too much. You can only enable or disable these filters. The majority are enabled by default.

Anatomy of a Firewall Policy is now up to bat. The components are named that make up these policies. A new feature is, these can be copied, renamed then configured to your liking. Components are listed as: Access Rules, Protocol definitions, User set, Schedule, Content filter and Domain name and URL sets. The meanings of each of these are laid out. Next, we are treated to creating new firewall policy rules in a step by step manner. You can use this to restrict websites by the time of day or by certain users. This can come in handy in controlling who sees what. You can also deny certain websites to everyone if you choose. You  can also find free or buy some add-ons to help you limit porn sites, gambling, etc. Is that needed today or what?

If certain websites need direct access, you can configure that so that no proxy is in the way. This is usually caused by sites that have scripts that do not use the standards. You should complain to the web master if ever you have cause to do this.

Port 443 is SSL by default. Some sites may use a different port. You can download a script and easily add this into ISA. The details can be found on page 599.

FTP is our next discussion point. Outbound FTP is not on by default. However, you can configure it if needed and page 601 will walk you through the procedure.

You can publish a web server and pp 602-604 cover that. It also covers the question, should you host your own site. The answer mostly is no just for security alone. Find a good provider that patches consistently and has a good uptime and pay them to host your site. However, if you are determined to do it on SBS, you certainly can go right ahead and do it.

Our chapter comes to a close with Troubleshooting, Summary and Best Practices summary. This not only closes out the chapter, but also the book. My overall impression of this book is, it is very ambitious in its coverage. Think of all we have covered. We started with a condensed MBA program, covered installation, networking, security, exchange, web technologies, client connectivity, administration and management which covered back up, monitoring, group policy, workstation management and patches. Finally, our two ISA chapters closed out the book. These are HUGE topics and all of it is covered in good detail throughout the 605 pages.

Will this book make you an SBS genius? No. However, I think if it is read carefully 2-3 times through, it could make anyone proficient with the product. I can honestly recommend this book to anyone interested in this technology. I would like to thank Eriq and all his compadres for writing this book. It deserves a large following. Please pick one up for yourself and use it. I intend to read through this book again on my own.

Now that we have finished this book, what next? I am going to do another book. That book is ...........drum roll please................... Windows Small Business Server 2003 Best Practices by some guy named Harry Brelsford! ;-> It is the third printing. This book has 14 chapters. We will go over that once I start. I truly hope you enjoyed my review. I thank you for coming by and reading and I hope you'll drop by when I start this next book. See you then!

Hello again everyone. I have not had an Internet connection since Thursday night. Thanks Comcast/Time Warner. Great start! Anyway, if you read the title, you know this review will cover 3 chapters, 20-22. These chapters cover Group Policy, Managing Workstations through Group Policy and Security patches and hotfixes. I'm glad to be doing these three chapters together because they really flow well together. You may ask how security patches and hotfixes flow with group policy. That is a very good question. Please continue reading to discover that answer.

Chapter 20 covers Group Policy as I said above. This chapter is 29 pages long. It is a fairly long chapter in this book. It starts with a nice overview of group policy, what it is and how it can be used by the administrator. A table on page 480 sets the stage. Group policy can help you assign scripts, redirect folders, manage applications and modify registry settings.

Next, group policy is broken down into its elements. software settings, windows settings and administrative templates are contemplated. Next, group policy ordering is discussed. How is GP applied? Local settings, Site settings, Domain settings and finally, Organizational settings are applied in that order. Therefore, contradictory policies can be overwritten if a later policy contradicts an earlier policy. The exception to this is enforced policies.

The next major topic is the GPMC or the Group Policy Management Console. Most of you know that Windows is full of consoles.  Navigating and viewing policies kick off this section. Several screenshots show the GPMC to help you in the discussion. GP details show who created the policy, owns it, modified it as well as other information. GP settings will show you the policies that are setup on your system for easy review. GP delegation shows the permissions for various security groups.

The chapter next turns to GP modeling and results. Here is where the true power of GP can be tested and viewed before you destroy your network! :-> That is, you can setup policies, determine their effects on your network before you apply them. If they do not do what you need, tweak them before deploying. You are shown how to setup the modeling report in a step by step fashion. Creating the report follows. Again, a step by step method is used for your benefit.

The next section covers 8 pages. It is Default SBS Group Policy Objects. It is all the details of GP objects. It begins with the windows firewall and gives you all the policy elements and their respective settings. This continues with the Internet Connection Firewall, client computers, remote assistance, lockout policy, domain password policy, default domain policies, auditing policies and default domain controllers policy. The preceding sections will show you just how indepth of a subject GP is. Books have been written on this subject. Therefore, this chapter will not make you a GP guru, but it will help you to master the policies you need for SBS.

The next section covers creating/modifying GP Objects. It runs the gamut from planning to testing the GPO to modeling it as in another previous section. Finally, the chapter concludes with troubleshooting GP and GP disaster recovery. What is GP DR? In a word, backup.

Chapter 21

Chapter 21 is called Managing Workstations Through Group Policy. Chapter 20 was concerned with GP for the SBS server. This chapter brings it down to the workstation level. This is where the work saving part comes in. Are you tired of visiting 5, 10, 25, 50 workstations to keep them up to date with applications, patches, antivirus, scripts, other applications, etc. ad nauseum? If so, GP is here to make your life easier.

The chapter starts with a discussion on why manage workstations. See what I wrote in the previous paragraph to find out some of the answer. Next, we turn to folder redirection and offline files. Most of you know that redirecting documents to the server is a no brainer wizard and it works very well. This can help you to make easy backups of all your users documents. Offline files can keep a copy of the documents on a laptop. When the laptop is not connected to the server, the user can still use the documents, update them and once back in the office, the documents can be synched and updated. There are plenty of GP's that can be set for offline policy. See page 515 for all of them.

Managing workstation access is our next topic. You can easily set logon restrictions for your users. Want to prohibit logons for certain hours? Easily done with a GP. Locking down users to protect your server and protect your users from themselves is up next. pp 517-520 shows what policies are enabled and disabled for just about every setting you can imagine from the Control Panel to IE and numerous other settings.

There are also many other GP uses. For instance, Office has a kit that has 11 different policies that you can use to control Office behavior and control what you want your users to see and use. As always, our chapter ends with some good troubleshooting tips.

Chapter 22

Our final review today is chapter 22 which covers security patches and hotfixes. Earlier I told you that this chapter flows well with the GP topic. I also said I would answer that here. Here is the answer. WSUS. You can establish WSUS on your server and then you can deploy these patches to your workstations and even your server at your convenience. Therefore, you can assure that your machines are patched in a timely and safe manner using WSUS and GP. There are some issues however. The laptop that is not connected. The workstation that is powered down will not get updated. What can you do? In a word, reschedule. You can reschedule these machines so they are patched. You can also train your users when patches are released to ensure the machine stays on for the night of the event.

This chapter starts off with the story about the moth in the vacuum tube. Debugging started back in the 40's and continues to this day. Makeup of a patch and how you are notified are discussed. What kind of patch do you have? Page 529 lays it out for you. Patch testing and risk analysis is discussed and some good resources are listed to keep one up to date  on this topic. The chapter has a strong thread that weaves throughout. That thread is, do not guarantee patching. That is, every patch is not tested against every possible scenario. Therefore, your client may have some third party applications or utility that breaks when a patch is applied. If you guarantee this will not happen, you will soon be in hot water.

Resources for patches are up next. Again, several good resources are listed to help you. WSUS and automatic updates are given as resources to obtain your patches. Office patches can be obtained the same way from the same site so you don't have to worry about patching them from the office update site separately. The MBSA is discussed on pp. 538-539. It can show you what patches you are missing. Another tool called Shavlik HFNetChk Pro is discussed. It is not free, but it can patch many things on your server, workstations and it even includes patching for some third party applications.

WSUS comes next in a large section. It covers installing WSUS, synchronizing, setting up GP on the server, and the approval process. As always, troubleshooting brings it all to a close. Five KB articles are listed to help one troubleshoot update issues.

I hope you enjoyed these three reviews and learned something. Next, we move into premium technologies. The book only has two chapters left. They are 23: ISA2K4 Basics and 24: ISA2K4 Advanced Administration. These chapters are 22 and 20 pages long respectively. I will try to review them is separate posts. After I complete these two, I plan to go through and make a list of all the resource links in every chapter as a separate blog post. That should be useful for everyone of you out there. Please come back so we can finish this book. Once I complete this one, I think I may move on to one of Harry's books and review it in this space. I can't wait to get your feedback. Take care and I'll see you in a few days.

Chapter 19 covers Monitoring and Reporting. It is a fairly short chapter only 16 pages long. Since monitoring and reporting are so easy to setup, it is natural this chapter is so short.

The chapter starts off with the decision to monitor. Of course you should always monitor. Report and alert types are covered. The performance and usage reports are very easy to set up and will give you a good synopsis of your server and user activities. Remember to read these daily and to followup on any errors it reports to you. If no one will do anything with these reports, why run them? The reports will run at 6 am everyday and e-mailed to whomever you choose. You can change the time if you prefer. Performance alerts will be e-mailed to you immediately.

Monitoring and alerts topic is covered next. How do you setup monitoring? As with most other things SBS, here comes the wizard! Follow the wizard to setup the monitoring report. These reports can be viewed internally or externally.

Next, the chapter spends several pages breaking down what is in each report. Most things are self explanatory and the book admits to that. The default reports can be changed. Sending yourself log attachments is covered here. You can even add extra logs for monitoring if you choose to do so. Getting too many alerts can overwhelm you especially if you have multiple servers to care for. These parameters can be adjusted so you only get what is truly important to you.

Troubleshooting comes next. It's pretty simple. Rerun the wizard will fix the issue. Want to change the report name? Open up HKEY_Local_Machine\Software\Microsoft\SmallBusinessServer and double click RegisteredOrganization and type the name in the value field. The chapter closes with Best practices.

Chapter 20 will be next. It covers group policy. Something I sorely need to learn so I am looking forward to it. That chapter is 29 pages long, so stay tuned.