Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

WSUS 3.0 - are you using this? And what else are you doing to SBS 2003 R2 as best practices?

We're building an SBS 2003 R2 server in our lab and documenting all that we are doing.  

Besides the to do list, what are you doing on a new server / is there a list of steps out there?

One thing that comes to mind is WSUS 3.0.  R2 gives you 2.0.  Are you using 3.0?

What else are you doing on a new server?

thanks!

0
babaganoosh
Asked:
babaganoosh
  • 4
  • 4
1 Solution
 
mmcodefiveCommented:
We are using 3.0 and it is much better then 2.0. The reporting is a lot better and the interface is better. One thing on an SBS server R2, if your going to install SP2 on that server you probably want to disable advanced networking features like TCP offloading and RSS. There are a few MS articles on this. http://support.microsoft.com/kb/936594
0
 
babaganooshAuthor Commented:
thanks!  That's 2 things to do to a new server (actually 3?).  anything else that's standard?!

upgrade wsus to 3.0
Configure WSUS (that's not on to do list)
Disable TCP offloading and RSS

and some other things I've been building:
Enable larger exchange store
Enable IMF
Create abuse mailbox (this was something that dnsstuff.com points out is a requirement for proper compliance with RFC 2142, although I rarely hear it mentioned: http://www.ietf.org/rfc/rfc2142.txt?number=2142)
Rename the administrator account and give it a long, complx password (since the administrator account doesn't get locked out, hackers try that one?  If the name administrator doesn't exist, that slows them down even more?'

what else!?  I know I am only scratching the surface!

0
 
mmcodefiveCommented:
Dont remove the administrator account. Just create a strong lock out policy. I set mine to 10 passwords and then a lockout for an hour. Your going to need the windows 2003 support tools. The rest of the install is group policy, DNS if it is a domain controller, DHCP if needed, etc and then setting it up as a file server or whatever your going to use it for. The SBS servers are really easy to configure and pretty much have a wizard for anything you want to do.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
babaganooshAuthor Commented:
no, not remove the administrator account, just change it's name.  and I thought administrator account was exempt from any lockout
0
 
mmcodefiveCommented:
You can use Passprop.exe to set a lockout for administrator. I think it is in the windows support tools.
0
 
mmcodefiveCommented:
You can use Windows Small Business Server 2003 Best Practices Analyzer tool. http://support.microsoft.com/default.aspx?scid=kb;en-us;940439

If you have any other questions I will be happy to help, if else please close the thread.
0
 
babaganooshAuthor Commented:
I still feel there's loads of things that the BPA doesn't touch on (like increasing the size of the exchange store).  I have to make a new question for that though - that wasn't the intent of the question, which you did answer right away!  THANKS!

0
 
babaganooshAuthor Commented:
Great!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now