?
Solved

MS 2003 SBS Installtion Tips?

Posted on 2004-11-13
10
Medium Priority
?
264 Views
Last Modified: 2010-03-18
I am going to be installtion MS 2003 Small Business Server for the first time ever on Monday. I would like some tips and comments from users on thinks i should watch out for, and how i should correctly go about things. I've been the IT person for a while, just have never set up a server before.

All comments will get points. (points will be split)

current network setup:

1. Netgear DSL Router
2. Intel Network Switches (computers and router plugged into this)
3. Computers on Workgroup (all xp pro)

I have read and go thru the various docs on the MS site, and it seems pretty simple to do. A few questions i have:

1. It seems that the server can push aplications to the client. Does this means that users cannot install their own applications? If so can i let them do so? (i don't want to be a dictator here.. the server is only to help them manage files not to control them)

2. Email is current using the isp POP3 email. I see you can set up exchange with the server, and i think that would be a really good for them to be using exchange. However, can i keep the POP3 from the ISP and some how integrate it with exchange?

3. Can you recommend any books that will guide me thru this.

0
Comment
Question by:micamedia
  • 5
  • 5
10 Comments
 
LVL 1

Author Comment

by:micamedia
ID: 12577140
- what order should i attack this? First set up the server complete, set up the new AV software (got Mcafee Small Business Managed). I'm thinking maybe i install that and include the Mcafee client as a pushed application? Then when done turn on all the computers and add them to the network?

- what will happen to the current set up of the client computers, will the lose anything?

- Do users automatically get a private home directly?

- All files are on varoius client computers now. Should i wait untill i get everyone on the network, copy files to the server, organize them there, and assign varoius rights to folders via user groups?

- We have 4 backup taps (using a DAT backup solution). What would be the best backup senario, that wouldn't require the users to switch tapes too often (every day it too often.. once a week or so is ok), as if they don't switch tapes and they need to, there goes the relability of the backup. One full backup will fit on one tape.

- will i be able to set it up so that me (the administrator) can remotely access the server, and thus any attatched computers, via remote desktop on my local XP (i'm offsite most of the time)

I'm sure i'm missing something here, please let me know. I want this to go very smoothly and not run into them calling me a few days later with "why can't i do this anymore.. " and have to go back..



0
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 12577146
Hi micamedia,
> 1. It seems that the server can push aplications to the client. Does
> this means that users cannot install their own applications? If so can
> i let them do so? (i don't want to be a dictator here.. the server is
> only to help them manage files not to control them)

You can push applications using Active Directory.  Very handy.  For example, I put Office 2003 Pro on the server, made a share point, then a group policy for it.  Then I put the group policy on the OU the computers were a part of.  The next time they reboot, office is installed for you.  Any time it needs the CD to install a feature, it just goes to the server instead (no cd needed).  You can customize this (and other installs) or you can just go with the defaults.  Note: only .msi packaged software can be deployed this way.  You can package non-.msi files into an .msi - but given the size of a typical SBS install, I wouldn't bother going that far.

Unless you SPECIFICALLY disable the users ability to install software, they will still be able to install software on the PCs provided they have admin rights to the PC.  For security reasons, DO NOT make them all Domain Admins - They may all be HIGHLY trustworthy - but if one gets infected with a virus and they are a Domain Admin, they could infect EVERYTHING on the network instead of just their PC.
 
> 2. Email is current using the isp POP3 email. I see you can set up
> exchange with the server, and i think that would be a really good for
> them to be using exchange. However, can i keep the POP3 from the ISP
> and some how integrate it with exchange?

SBS Server, Exchange Server has a POP3 connector that can download mail from other POP3 servers and put it in your users' inbox in exchange, so you can keep the POP3 setup with the ISP and still use exchange.

> 3. Can you recommend any books that will guide me thru this.

Sorry, I don't know any.  I'm a "wing and prayer" kinda person - and I've been handling Windows systems for 10 years or so.

Two other notes though.  I find the offline files feature far more trouble than it's potentially worth.  I would recommend disabling it via group policy.  Second, the DO NOT rename the default OUs created in Active Directory - I'm referring to the ones like "MyBusiness" and things like that - you'll see what I mean when you install the system.  I had issues when I did that - issues that MIGHT have been linked to Offline files OR to the renaming of those.

Good luck


Cheers!
0
 
LVL 1

Author Comment

by:micamedia
ID: 12577166
- How do i make sure they are admins of their PC (so they can install software) but not domain admins. I assume i'm the only domain admin, and when i add them in as a user i just use the standard user template. However, they are already admins on the local computer. So do i just make sure I use the same user name?

Now what if i wanted to make new user names, would i then have ot change their local user names first before they connected?  Just wanted ot make sure they all remain local admins, but not domain admins
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
LVL 1

Author Comment

by:micamedia
ID: 12577167
Also.. can 98 connect to the server as well. All the examples show xp pro. Some of the machines have 98. I assume it will still work. (yes i know they shoudl updated.. but that cost money. money i finally conviced them to spend on a server)

So as per your email suggestion.. i should go ahead and set up exchange.. and use the pop3 connector. Will this basicaly let me assign a pop3 server, username and password to each user? and it will go and get the email there..

Dan
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 12577175
I've heard some people have problems getting 98 to connect - but conceptually, it should work.  Note: a lot of the features and management capabilities 2003 provides won't work with 98 - 2003 needs an NT based OS (NT4/2000/XP).

I would setup exchange but don't rush out and move everyone to it.  Create accounts for them, but make a test account and get it working first.  Then move people one at a time.  Sounds like you're the only support they have so going slowly will let you learn and teach them and not create chaos.
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 12577176
Sorry - gotta run now - will be back later to answer the other questions - or someone else might in my absence
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 12577205
Turns out my plans changed.

What I would recommend as best practices will inconvenience people but will also help protect them from viruses, spyware, and addware.  Specifically, make all users no more than Power Users.  On their PCs, put the Domain Users group into the Power Users Local Group.  Then, on each system, create an admin account for that user ONLY.  Then teach them to either 1) use the RunAs service (command) to run applications as that admin user when they need to, or 2) log off as themselves, log in as the admin, do the install, log off, then log back in as themselves.

The simpler but riskier approach is to set put their domain user account into the local computer's Administrators group.  

Even for your own account - don't make it the domain admin.  make a seperate non-admin account for yourself and use that most often.  (when a virus hits it runs with the privilages of the logged in user - if that logged in user is a domain admin, it can cause havoc).

I'm assuming you don't have a domain right now.  Having a domain means having a centralized database of accounts.  This also means that the users, using one account, can log on to potentially any system on the network.  They change the password on one, they change it on all.  If your users already have local admin accounts on the PCs, I'd leave them - they are "familiar" with them.  But then give them new accounts (same name is fine) on the domain.  To access network resources they have to use the domain logins.  This will "lose" all their profile info, but I've heard this can be resolved with other tools that can effectively copy the profile and registry to a different user (I never bothered, I always just copied the contents of relative folders from one profile to another; preferred to start off relatively cleanly than to import stuff).
0
 
LVL 1

Author Comment

by:micamedia
ID: 12579178
No i don't have a domain right now, but will be setting up the system with a domain starting on monday.

When the users power up their client computers, will they have the option of loggin into the domain or not? It seems normally they would login to the domain, but when they wanted to install something they would login as their local admin account correct?

I think this is best.
0
 
LVL 1

Author Comment

by:micamedia
ID: 12579251
Also, DSL is going to be offline for a week (we are moving to a new building) can i still set everything up without internet? Should i skip the internet and email setup untill dsl is online?

0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 12579346
Yes, users will be given an option of logging in to the domain or their local computer.  And you're correct, when they want to install software, they log in to the local computer, install it, and log out and back in as themselves on the domain.

Yes, you don't NEED internet connectivity to set things up - but a couple more notes, I'd suggest choosing your domain name and ending it in .local - fro example, mycompany.local (instead of mycompany.com).  You may have to activate the server, but you should have a few days to do that and you can always activate by phone too.  As soon as you get internet connectivity, I'd update Windows though - Microsoft's not known for making products that are truly secure
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question