MS 2003 SBS Installtion Tips?

I am going to be installtion MS 2003 Small Business Server for the first time ever on Monday. I would like some tips and comments from users on thinks i should watch out for, and how i should correctly go about things. I've been the IT person for a while, just have never set up a server before.

All comments will get points. (points will be split)

current network setup:

1. Netgear DSL Router
2. Intel Network Switches (computers and router plugged into this)
3. Computers on Workgroup (all xp pro)

I have read and go thru the various docs on the MS site, and it seems pretty simple to do. A few questions i have:

1. It seems that the server can push aplications to the client. Does this means that users cannot install their own applications? If so can i let them do so? (i don't want to be a dictator here.. the server is only to help them manage files not to control them)

2. Email is current using the isp POP3 email. I see you can set up exchange with the server, and i think that would be a really good for them to be using exchange. However, can i keep the POP3 from the ISP and some how integrate it with exchange?

3. Can you recommend any books that will guide me thru this.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

micamediaAuthor Commented:
- what order should i attack this? First set up the server complete, set up the new AV software (got Mcafee Small Business Managed). I'm thinking maybe i install that and include the Mcafee client as a pushed application? Then when done turn on all the computers and add them to the network?

- what will happen to the current set up of the client computers, will the lose anything?

- Do users automatically get a private home directly?

- All files are on varoius client computers now. Should i wait untill i get everyone on the network, copy files to the server, organize them there, and assign varoius rights to folders via user groups?

- We have 4 backup taps (using a DAT backup solution). What would be the best backup senario, that wouldn't require the users to switch tapes too often (every day it too often.. once a week or so is ok), as if they don't switch tapes and they need to, there goes the relability of the backup. One full backup will fit on one tape.

- will i be able to set it up so that me (the administrator) can remotely access the server, and thus any attatched computers, via remote desktop on my local XP (i'm offsite most of the time)

I'm sure i'm missing something here, please let me know. I want this to go very smoothly and not run into them calling me a few days later with "why can't i do this anymore.. " and have to go back..

Lee W, MVPTechnology and Business Process AdvisorCommented:
Hi micamedia,
> 1. It seems that the server can push aplications to the client. Does
> this means that users cannot install their own applications? If so can
> i let them do so? (i don't want to be a dictator here.. the server is
> only to help them manage files not to control them)

You can push applications using Active Directory.  Very handy.  For example, I put Office 2003 Pro on the server, made a share point, then a group policy for it.  Then I put the group policy on the OU the computers were a part of.  The next time they reboot, office is installed for you.  Any time it needs the CD to install a feature, it just goes to the server instead (no cd needed).  You can customize this (and other installs) or you can just go with the defaults.  Note: only .msi packaged software can be deployed this way.  You can package non-.msi files into an .msi - but given the size of a typical SBS install, I wouldn't bother going that far.

Unless you SPECIFICALLY disable the users ability to install software, they will still be able to install software on the PCs provided they have admin rights to the PC.  For security reasons, DO NOT make them all Domain Admins - They may all be HIGHLY trustworthy - but if one gets infected with a virus and they are a Domain Admin, they could infect EVERYTHING on the network instead of just their PC.
> 2. Email is current using the isp POP3 email. I see you can set up
> exchange with the server, and i think that would be a really good for
> them to be using exchange. However, can i keep the POP3 from the ISP
> and some how integrate it with exchange?

SBS Server, Exchange Server has a POP3 connector that can download mail from other POP3 servers and put it in your users' inbox in exchange, so you can keep the POP3 setup with the ISP and still use exchange.

> 3. Can you recommend any books that will guide me thru this.

Sorry, I don't know any.  I'm a "wing and prayer" kinda person - and I've been handling Windows systems for 10 years or so.

Two other notes though.  I find the offline files feature far more trouble than it's potentially worth.  I would recommend disabling it via group policy.  Second, the DO NOT rename the default OUs created in Active Directory - I'm referring to the ones like "MyBusiness" and things like that - you'll see what I mean when you install the system.  I had issues when I did that - issues that MIGHT have been linked to Offline files OR to the renaming of those.

Good luck


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
micamediaAuthor Commented:
- How do i make sure they are admins of their PC (so they can install software) but not domain admins. I assume i'm the only domain admin, and when i add them in as a user i just use the standard user template. However, they are already admins on the local computer. So do i just make sure I use the same user name?

Now what if i wanted to make new user names, would i then have ot change their local user names first before they connected?  Just wanted ot make sure they all remain local admins, but not domain admins
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

micamediaAuthor Commented:
Also.. can 98 connect to the server as well. All the examples show xp pro. Some of the machines have 98. I assume it will still work. (yes i know they shoudl updated.. but that cost money. money i finally conviced them to spend on a server)

So as per your email suggestion.. i should go ahead and set up exchange.. and use the pop3 connector. Will this basicaly let me assign a pop3 server, username and password to each user? and it will go and get the email there..

Lee W, MVPTechnology and Business Process AdvisorCommented:
I've heard some people have problems getting 98 to connect - but conceptually, it should work.  Note: a lot of the features and management capabilities 2003 provides won't work with 98 - 2003 needs an NT based OS (NT4/2000/XP).

I would setup exchange but don't rush out and move everyone to it.  Create accounts for them, but make a test account and get it working first.  Then move people one at a time.  Sounds like you're the only support they have so going slowly will let you learn and teach them and not create chaos.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Sorry - gotta run now - will be back later to answer the other questions - or someone else might in my absence
Lee W, MVPTechnology and Business Process AdvisorCommented:
Turns out my plans changed.

What I would recommend as best practices will inconvenience people but will also help protect them from viruses, spyware, and addware.  Specifically, make all users no more than Power Users.  On their PCs, put the Domain Users group into the Power Users Local Group.  Then, on each system, create an admin account for that user ONLY.  Then teach them to either 1) use the RunAs service (command) to run applications as that admin user when they need to, or 2) log off as themselves, log in as the admin, do the install, log off, then log back in as themselves.

The simpler but riskier approach is to set put their domain user account into the local computer's Administrators group.  

Even for your own account - don't make it the domain admin.  make a seperate non-admin account for yourself and use that most often.  (when a virus hits it runs with the privilages of the logged in user - if that logged in user is a domain admin, it can cause havoc).

I'm assuming you don't have a domain right now.  Having a domain means having a centralized database of accounts.  This also means that the users, using one account, can log on to potentially any system on the network.  They change the password on one, they change it on all.  If your users already have local admin accounts on the PCs, I'd leave them - they are "familiar" with them.  But then give them new accounts (same name is fine) on the domain.  To access network resources they have to use the domain logins.  This will "lose" all their profile info, but I've heard this can be resolved with other tools that can effectively copy the profile and registry to a different user (I never bothered, I always just copied the contents of relative folders from one profile to another; preferred to start off relatively cleanly than to import stuff).
micamediaAuthor Commented:
No i don't have a domain right now, but will be setting up the system with a domain starting on monday.

When the users power up their client computers, will they have the option of loggin into the domain or not? It seems normally they would login to the domain, but when they wanted to install something they would login as their local admin account correct?

I think this is best.
micamediaAuthor Commented:
Also, DSL is going to be offline for a week (we are moving to a new building) can i still set everything up without internet? Should i skip the internet and email setup untill dsl is online?

Lee W, MVPTechnology and Business Process AdvisorCommented:
Yes, users will be given an option of logging in to the domain or their local computer.  And you're correct, when they want to install software, they log in to the local computer, install it, and log out and back in as themselves on the domain.

Yes, you don't NEED internet connectivity to set things up - but a couple more notes, I'd suggest choosing your domain name and ending it in .local - fro example, mycompany.local (instead of  You may have to activate the server, but you should have a few days to do that and you can always activate by phone too.  As soon as you get internet connectivity, I'd update Windows though - Microsoft's not known for making products that are truly secure
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.