wintensivetech
asked on
How to remotely manage a network using a SBS2003 server
My question is about some options for managing a network with a SBS2003 Server tha I want to learn to use.
I finally cleaned up the domain users so everyone has a logon of their own, etc. Now I want to see if I can manage all the computers on the domain from the server. For example: In server management -> manage client computer, there is an option for remote controlling qany computer on the network. Please let me know what the minimum requirements are to make this work. Do you have to setup the client just like a regular remote desktop client?
Finally, I would also like advice on the best way to manage the updates of the server and the 25 systems. Can that also be done from the consoles in the SBS Server. This is all ideal because I have remote access to the server, but don't want to setup remote access through the router directly to all clients obviously...but if I could remote access them all through the server, I could at worst, manually update system if I can't automatically do it with the server.
I finally cleaned up the domain users so everyone has a logon of their own, etc. Now I want to see if I can manage all the computers on the domain from the server. For example: In server management -> manage client computer, there is an option for remote controlling qany computer on the network. Please let me know what the minimum requirements are to make this work. Do you have to setup the client just like a regular remote desktop client?
Finally, I would also like advice on the best way to manage the updates of the server and the 25 systems. Can that also be done from the consoles in the SBS Server. This is all ideal because I have remote access to the server, but don't want to setup remote access through the router directly to all clients obviously...but if I could remote access them all through the server, I could at worst, manually update system if I can't automatically do it with the server.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another way:
You can make a policy to enable remote desktop for all computer and, from the server, to which you can connect remotely, you can use the remote desktops snapin that can be found in adminstravie tools. If it is not present you can install adminpak.msi on windows server cd in forlder i386.
For updates use Wsus. Initially it need some work, but after a while you'll be happy.
You can make a policy to enable remote desktop for all computer and, from the server, to which you can connect remotely, you can use the remote desktops snapin that can be found in adminstravie tools. If it is not present you can install adminpak.msi on windows server cd in forlder i386.
For updates use Wsus. Initially it need some work, but after a while you'll be happy.
ASKER
OK Guys! Thanks for the info. Let me try that out and get back to you. I may take a few daysk or so to implement this across the network and come back for some clarity, but allo input so far is great!
ASKER
MPECS - that site for connectcomputers has not been setup and when I try to connect and set it up it says The Small Business Network Configuration Wizard cannot run on a domain controller..."
Where can I find the remote web workplace portal? Is that different from the http://mysbs/connectcomputer Web site? Explain a bit more about this. And I will update the server and get WSUS going. That sounds like the answer
Point: I saw this at first and tried to do it. It won't let me connect to most clients probably because they are not set to allow RDP. How can I setup that policy from the SBS server to allow me to control the clients from the sbs server?
I'm going to try it each way and decide which is best for us. Thanks again!
Where can I find the remote web workplace portal? Is that different from the http://mysbs/connectcomputer Web site? Explain a bit more about this. And I will update the server and get WSUS going. That sounds like the answer
Point: I saw this at first and tried to do it. It won't let me connect to most clients probably because they are not set to allow RDP. How can I setup that policy from the SBS server to allow me to control the clients from the sbs server?
I'm going to try it each way and decide which is best for us. Thanks again!
It sounds like the wizards were not used to properly configure the SBS box ... oh oh.
The CEICW is designed to run on SBS ... not a domain controller per se ... in that SBS is an integrated suite of products. Windows Server 2003 would be something else altogether.
Are the default SBS Consoles installed? One link should be a the top of the Start Menu.
If not, there is a lot more going on here that meets the eye.
RWW internally: https://mysbs/remote
Externally, the ISP would have an A record pointing to the static IP of your SBS box or router like: remote.mysbsdomain.com.
Philip
The CEICW is designed to run on SBS ... not a domain controller per se ... in that SBS is an integrated suite of products. Windows Server 2003 would be something else altogether.
Are the default SBS Consoles installed? One link should be a the top of the Start Menu.
If not, there is a lot more going on here that meets the eye.
RWW internally: https://mysbs/remote
Externally, the ISP would have an A record pointing to the static IP of your SBS box or router like: remote.mysbsdomain.com.
Philip
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi All,
OK, I haven't forgotten and I appreciate everyone's help.
I haven't been able to try this solution yet because the domain is still being fixed. The previous admin was a control freak and removed all clients from the DOMAIN and set all local user accounts to "limited". Then he wondered why the network was not operating right...
So putting all system back on the domain and fixing all the user and computer accounts has taken longer than I thought. When I am done getting all the clients back on the domain, I can test the policy creations mentioned here for the remote admin and also WSUS.
Probably another week before I can post those results.
OK, I haven't forgotten and I appreciate everyone's help.
I haven't been able to try this solution yet because the domain is still being fixed. The previous admin was a control freak and removed all clients from the DOMAIN and set all local user accounts to "limited". Then he wondered why the network was not operating right...
So putting all system back on the domain and fixing all the user and computer accounts has taken longer than I thought. When I am done getting all the clients back on the domain, I can test the policy creations mentioned here for the remote admin and also WSUS.
Probably another week before I can post those results.
User permissions can be quickly reset using the Change User Permissions wizard. For local admin, either script, or use the computer manager in the SBS console to manage the workstations and add the relevant user to the local admin group.
Process should not take more than an hour or two for a larger SBS installation.
Philip
Process should not take more than an hour or two for a larger SBS installation.
Philip
ASKER
MPECS - thanks - a follow up:
Is the Change User Permission Wizard on the Server?
If so, I still have to join the unjoined clients to the domian before this will work?
1) I need all clients joined to the domain (each system seems to use a different way - some work through the https://domain/connectcomputer, some you just change it in the network ident.
2) I need the local user account to be admin but the domain user account to be Power User.
Is the Change User Permission Wizard on the Server?
If so, I still have to join the unjoined clients to the domian before this will work?
1) I need all clients joined to the domain (each system seems to use a different way - some work through the https://domain/connectcomputer, some you just change it in the network ident.
2) I need the local user account to be admin but the domain user account to be Power User.
Permissions wizard is specifically for the domain users in the SBS Users console.
The client computers need to be added to the domain using the sbs/connectcomputer wizard. During the wizard, you can choose users ... and this will set their domain accounts as local admins.
I understand as far as splitting their permissions locally too. That you would need to do manually via the MMC you can reach in the SBS Computers console --> right click on the computer and Manage.
Philip
The client computers need to be added to the domain using the sbs/connectcomputer wizard. During the wizard, you can choose users ... and this will set their domain accounts as local admins.
I understand as far as splitting their permissions locally too. That you would need to do manually via the MMC you can reach in the SBS Computers console --> right click on the computer and Manage.
Philip
ASKER
I tried that, and the domain account is not listed in the local user folder. Only local accounts.So the account I am logged in to the machine on is not actually listed in there. This login connects to the domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi All,
Ok, I've gotten ahead of myself. The question was about how best to managing a network in terms of remote access and patch management. MPECSinc and Point both offered solutions for these things and it was much appreciated. MPECSinc was particularly helpful with the ongoing problems
However, what I really need to do is start opening up questions on getting this network/domain back together again so it can be managed at all. That has proven to be a bigger problem than I thought. (the guy in the office running the computers decided to take all systems off the domain and set all local accounts to limited. I need to get the domain back together and get everyone updated. This ha presented other problems for now.)
When I'm done I'll get back to management
Ok, I've gotten ahead of myself. The question was about how best to managing a network in terms of remote access and patch management. MPECSinc and Point both offered solutions for these things and it was much appreciated. MPECSinc was particularly helpful with the ongoing problems
However, what I really need to do is start opening up questions on getting this network/domain back together again so it can be managed at all. That has proven to be a bigger problem than I thought. (the guy in the office running the computers decided to take all systems off the domain and set all local accounts to limited. I need to get the domain back together and get everyone updated. This ha presented other problems for now.)
When I'm done I'll get back to management
Remote Assistance only works on XP clients with SBS 2003.
Use the Remote Web Workplace portal as your point of entry for the SBS network when there is a need to manage ... just as the users should be doing for everything but VPN.
WSUS is built into the R2 version of SBS. If so, update to WSUS v3 SP 1:
http://www.microsoft.com/downloads/details.aspx?familyid=F87B4C5E-4161-48AF-9FF8-A96993C688DF&displaylang=en
If no WSUS is installed, then download and install from the above link. Setup your GPOs as per the instructions in the release notes.
WSUS gives you full patch management of the servers and workstations on the SBS network.
Please use the native SBS tools.
Philip