Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

WSUS 3.0 - are you using this?  And what else are you doing to SBS 2003 R2 as best practices?

Posted on 2007-11-14
8
288 Views
Last Modified: 2010-04-21
We're building an SBS 2003 R2 server in our lab and documenting all that we are doing.  

Besides the to do list, what are you doing on a new server / is there a list of steps out there?

One thing that comes to mind is WSUS 3.0.  R2 gives you 2.0.  Are you using 3.0?

What else are you doing on a new server?

thanks!

0
Comment
Question by:babaganoosh
  • 4
  • 4
8 Comments
 
LVL 6

Accepted Solution

by:
mmcodefive earned 500 total points
ID: 20280604
We are using 3.0 and it is much better then 2.0. The reporting is a lot better and the interface is better. One thing on an SBS server R2, if your going to install SP2 on that server you probably want to disable advanced networking features like TCP offloading and RSS. There are a few MS articles on this. http://support.microsoft.com/kb/936594
0
 

Author Comment

by:babaganoosh
ID: 20281854
thanks!  That's 2 things to do to a new server (actually 3?).  anything else that's standard?!

upgrade wsus to 3.0
Configure WSUS (that's not on to do list)
Disable TCP offloading and RSS

and some other things I've been building:
Enable larger exchange store
Enable IMF
Create abuse mailbox (this was something that dnsstuff.com points out is a requirement for proper compliance with RFC 2142, although I rarely hear it mentioned: http://www.ietf.org/rfc/rfc2142.txt?number=2142)
Rename the administrator account and give it a long, complx password (since the administrator account doesn't get locked out, hackers try that one?  If the name administrator doesn't exist, that slows them down even more?'

what else!?  I know I am only scratching the surface!

0
 
LVL 6

Expert Comment

by:mmcodefive
ID: 20283316
Dont remove the administrator account. Just create a strong lock out policy. I set mine to 10 passwords and then a lockout for an hour. Your going to need the windows 2003 support tools. The rest of the install is group policy, DNS if it is a domain controller, DHCP if needed, etc and then setting it up as a file server or whatever your going to use it for. The SBS servers are really easy to configure and pretty much have a wizard for anything you want to do.
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 

Author Comment

by:babaganoosh
ID: 20283790
no, not remove the administrator account, just change it's name.  and I thought administrator account was exempt from any lockout
0
 
LVL 6

Expert Comment

by:mmcodefive
ID: 20283847
You can use Passprop.exe to set a lockout for administrator. I think it is in the windows support tools.
0
 
LVL 6

Expert Comment

by:mmcodefive
ID: 20288668
You can use Windows Small Business Server 2003 Best Practices Analyzer tool. http://support.microsoft.com/default.aspx?scid=kb;en-us;940439

If you have any other questions I will be happy to help, if else please close the thread.
0
 

Author Comment

by:babaganoosh
ID: 20289299
I still feel there's loads of things that the BPA doesn't touch on (like increasing the size of the exchange store).  I have to make a new question for that though - that wasn't the intent of the question, which you did answer right away!  THANKS!

0
 

Author Closing Comment

by:babaganoosh
ID: 31409330
Great!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question