Biden PC's Small Business IT Blog

As great as it has been to work with Microsoft Windows Small Business Server 2003, SBS 2008 looks to be even cooler. There are a bunch of changes that are quite exciting.

1. The software works on 64 bit hardware. Only.
2. It deploys as Single-NIC only, with a router required as ISA Server will no longer be offered.
   
3. Setup automatically detects your router if addressed between at 192.168.x.1 and 192.168.x.255
4. A new Administrator account created during setup and the built-in is disabled out of the box. This means that the admin account can be locked out in the event that it is being bombarded with hacking attempts.
5. The system software versions have been updated to Windows Server 2008, Exchange Server 2007 SP1, Windows SharePoint Services v3, WSUS v3
6. "My Documents" redirection is no longer all or nothing. You can choose which users should have their "My Documents" redirected to a folder on the server
7. CALs for SBS 2008 Standard are now less expensive and you can get "Standard" CALs for users that aren't using the features in Premium.
8. CALs purchased in 1, 5, or 25 packs instead of just 5 or 20.

There are many more cool features in Microsoft Windows Small Business Server 200. And if this interests you, I highly recommend that you take a look over at Sean Daniel's SBS 2008 blog.

Happy Computing,
Tim

Labels: Computer Networks, Computer Upgrades, My Thoughts, SBS 2003, SBS 2008, software, Windows Server Tips

DiggIt! Del.icio.us

I recently ran into a blog by a guy named Sean Daniel. He is a member of Microsoft's Windows SBS Product team. That means that he is intimately familiar with Windows Small Business Server 2003 and 2008.

Sean posts new factoids to his blog just about every day. Some posts are about new features, others are about training opportunities and still others are actual "how to" posts. I am excited about his blog and I wanted to share it with you in the event that you are also interested in Windows Small Business Server 2003 and 2008.

Labels: Computer Networks, Computer Upgrades, General PC Advice, How To, SBS 2003, SBS 2008, Tech Talk, Windows Server Tips

DiggIt! Del.icio.us

I've been receiving lots of hits to my website asking how to change passwords in Microsoft Windows Small Business Server 2003.

If you don't have the legitimate Administrator password you (or your client) either forgot the password or you're trying to hack in to it. And if you're not my client, I won't tell you how to get in.

If you do have administrator access to your Small Business Server 2003 computer, changing users' passwords is extremely easy. Just follow these simple steps.

1. Go to the Server Management Console and click "Users".
2. Choose the user whose password you want to change and right-click on their name then click on "Change Password".
3. Type the new password in both boxes and click on "OK". Now the user can log in with their new password.

Simple huh? I thought so.

And if you are interested in a new server for your small business, Biden PC can install one (depending on your current computer network infrastructure) for less than $2000.00.

Happy Computing,
Tim

Labels: Computer Networks, How To, SBS 2003, Services Offered, Tech Talk, Windows Server Tips

DiggIt! Del.icio.us

I have a client who has a Microsoft Windows Small Business Server 2003 system on his network and he is asking me to compile a list of his users' passwords. The problem is that even with administrator access to the server, I can't see the employees' passwords. I informed him of this and gave him these 3 options as to how he can achieve such a list.

1. He can ask his employees for their passwords and compile the list himself.
2. I can create the list and adjust the users' settings so they can't change their passwords. I can then give them new ones.
3. The most secretive way is to perform a brute force attack within the server to attempt to discover the employees passwords. I would then create the list. If they change their passwords, I will have to perform another brute force attack.

There are problems with each of these solutions and I will go about them in the same order.

1. Asking the employees for their passwords could make them feel as though they aren't trusted and cause a feeling of resentment. It could also compromise the users' passwords for other accounts which is a complete lack of security.
2. If we state that we are changing the security policy and give the employees new passwords, it is a policy change and they have to accept that. Fortunately that would not compromise the employees' passwords for other accounts.
3. The brute force attack is costly. What it entails is essentially hacking his own employees accounts on his own server. It takes time to do this and if the employees find out, their trust in the company could suffer. And like the first scenario of asking for the passwords, this may end up in compromising employees' passwords for other their accounts.

My professional recommendation is to go with option number 2 because it has the fewest security options, is inexpensive and will create the least distrust within the company.

Having a Microsoft Windows 2003 Small Business Server on your network is a great way to increase the security and effectiveness of your small business computer network. It has many options to increase your network security. These options include maximum password life, minimum password complexity, how often you can reuse your passwords and in the event that you forget a password, the administrator can easily reset it. The administrator can't see the employees' passwords but they can reset them to something new.

I hope this helps.

Happy computing,
Tim

Labels: Computer Networks, General PC Advice, My Thoughts, Services Offered, Windows Server Tips

DiggIt! Del.icio.us

I believe that the most important thing that you can put into your small business computer network to ensure its security is time. Yes, I said time.

Windows Small Business Server 2003 has recommended security measures that should be taken called "Best Practices". Another measure that should be taken is running MSBA (Microsoft Baseline Security Analyzer) and following the suggestions it makes. Most of these must be done only once or infrequently.

Another feature called the "Server Performance Report" tells you what features aren't functioning properly and not working as well as who has had failed attempts at logging into your server.

So what does this have to do with time? This report is emailed to you every morning at 6:00 and I seriously recommend that you read it.It takes time (just a couple of minutes) to read it and see who is having password problems or whose account is being hacked.

Hackers and script kiddies (junior hackers) have enumeration tools that can scan a network to find out what operating systems networked computers are running as well as what accounts are on those computers. Yes, they can tell if you're using Windows XP Pro or XP Home. They can tell if your server is Windows Server 2003 or Windows Small Business Server 2003. They can even tell if you have an account on your server that is still called "administrator" and if the notes designate it as the main admin account.

These tools are dangerous because they can see what accounts are on your server. As a small business, you probably don't have the funds to spend on a large intrusion detection system. You also can't afford to have your server to have your server hijacked and your data stolen.

This is where the time and "Server Performance Report" come into the picture. Take the time to:

1. Perform the "Best Practices"
2. Run MSBA
3. Enable password requirements
4. Require passwords to be changed on a regular basis
   
5. Enable account lockout policies
6. Rename and change the description of the "administrator" account
7. Setup (once) and read the "Server Performance Report" (daily)

If you don't read the report, it does you absolutely no good and it becomes just another piece of spam... But this one you send to yourself.

Happy computing,
Tim

Labels: How To, My Thoughts, Windows Server Tips

DiggIt! Del.icio.us

Do you own a small business? How many computers do you use at your location? What, you don't have a server? How do you back up all of your files from individual computers? How do you share important files among your employees?

A server really isn't as large an investment as most small businesses imagine and the benefits are immense! A server running Windows Small Business Server 2003 can cost as little as $1,500 and for this you can:

• Host your own email and website
  
• Store user's data on the server for backup or review
  
• Share a contact list and calendar
  
• Control who has access to your computer network
  
• Control which users have access to which public files and folders
• Access work computers from anywhere else in the world via a web browser
• Access email via a web browser
• Automate the Windows update service for user's PCs
  
• Control user's password complexity for security
  
• Reset a user's password in case one forgets theirs or leaves the company
  
• Share Printers
  
• Receive faxes via email
  

Windows Small Business Server is an excellent platform for small businesses because it has many of the features that a large company needs with a much smaller price tag. You get the Windows Server platform, Microsoft Exchange for email as well as to share appointments and calendars, Microsoft Web Server and in the Premium Version you can also get the Microsoft SQL Server 2005 Database.

Whether your company has 3, 25, 50 or even 75 computer users, your company can still use all the functions of Microsoft Small Business Server on just 1 computer. When you are ready to make your small business more efficient and take productivity to the next level, contact Biden PC for your free server consultation.

Remember, servers do more than just store files. They provide backup, security, increased productivity and peace of mind.

Tim

Labels: General PC Advice, Services Offered, Windows Server Tips

DiggIt! Del.icio.us

I was recently attempting to install PHP into Windows Server 2008 Web Edition with IIS 7.0 and I had to google how to do it. I found a few pages that gave instructions but all were incomplete. Whatever I tried I repeatedly got the message "The specified module required by this handler is not in the modules list." What the heck does that mean?

Well, in short I found a page by David Wang that tells you what text to put inside a batch file that installs PHP ISAPI in IIS7 (IIS 7.0). The text for the batch file begins right after where he typed "//David". So copy from "@IF ?%_ECHO%?==?? ECHO OFF" to "ENDLOCAL". Run the batch file after you close the Server Manager.

When you restart the Server Manager, you will then see "PHP-ISAPI" under your Handler Mappings heading. Once you see this, you know it's installed.

Tim

Labels: How To, Windows Server Tips

DiggIt! Del.icio.us