>

Windows Small Business Server 2011 installation and configuration – Part 11 Configuring “Add a new user role”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 10 Configuring “Add a new group” we go to the “Users and Groups” page of the SBS console and then the Users Roles tab.

A user role is a sort of template set of rights, group member ship and some default settings. You can use the roles to control rights, membership and settings for a group of user accounts. Also as template for creation of new user accounts so the account will have a default set of rights, membership and settings.

By default there are 3 user roles configured, Standard User, Network Administrator and Standard User with administration links. You can change or create user roles as you like.

We are going to create a new user role, choose “Add a new user role” in the task pane.

Give the user role a logical name and description. Then you have to choose if you would like to base the new role on an existing role or start from scratch.
Check “The user role appears as an option in the Add New User Account Wizard and in the Add Multiple New User Accounts Wizard” if you would like to use the new user role or uncheck if you will not give the new user role free for now.
Check “The user role is the default in the Add New User Account Wizard and in the Add Multiple New User Accounts Wizard” If you would like this role default for creation of new users.

Choose Add to add the security and distribution groups user who get this role must be member of.

Now we can choose to enforce a mailbox quota and the size of the quota or to turn off the mailbox quota. Also we can configure if members may access Outlook Web Access.

Here we can configure if these users may or may not have Remote Web Access or Virtual private network (VPN) access.

Configure if the users may or may not have Quota on Shared Folders. Also you can enable folder redirection to the server, when enabled, the local (my) documents and desktop folder will be synchronized to the server. You can choose to put a Quota on this folder as well.

The new user role was added successfully. You can now choose to directly create (multiple) new user accounts. For now we choose finish, Add a new user account will follow in the next part.

Go back to Part 10 Configuring “Add a new group”
Continue with Part 12 Configuring “Add a new user account”

Posted in Blog, Howto, SBS 2011 at February 10th, 2011. No Comments.

Windows Small Business Server 2011 installation and configuration – Part 10 Configuring “Add a new group”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 9 Configuring “Add a new shared folder” we go to the “Users and Groups” page of the SBS console and then the Groups tab.

In the next parts we are going to create User Groups, Roles and Accounts. My advice is to start with the creation of User Groups because these groups can be used with the creation of User Roles. User Roles are a set of rights, membership and settings that can be attached to User Accounts.

Choose “Add a new group” on the tasks pane.

The wizard starts with an overview about what we are going to do.

Give the group a logical name and description. Then decide if the group is a Distribution group (used to send an e-mail message to all user accounts that belong to this group) or a Security group (used to set security and access right to files, folders and/or applications). It’s also possible to mail-enable the security group so this can also be user to send email to all members.

Add immediately user accounts as members of the group.

The new group has been created.

Now we return to the SBS Console. If you would like to change some settings, you can choose in the (right) Tasks pain.

Choose Edit group properties.

On the General part, you can change the group name or description. Also you can choose Add… to add new group members.

On the E-mail part, you can enable or disable (in case of a Security group) and set or change a e-mail address for the group and set the option receive or not receive e-mails from people outside of your organization. In the case of a security group you also have the possibility to archive the e-mail in a public folder.

Go back to Part 9 Configuring “Add a new shared folder”
Continue with Part 11 Configuring “Add a new user role”

Posted in Blog, Howto, SBS 2011 at February 7th, 2011. No Comments.

Windows Small Business Server 2011 installation and configuration – Part 9 Configuring “Add a new shared folder”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 8 Configuring “POP3 connector” we go to the “Shared Folders and Web Sites” page of the SBS console and the Shared Folders tab.

Choose “Add a new shared folder” on the tasks pane.

Now we are going to select a folder we would like to share, choose Browse.

Browse to the folder you would like to share. If you have not created a folder yet, you can create one with Make New Folder.

After we selected the folder, you can choose to do or do not change the NTFS permissions. If you already set them you can skip these by choosing No. I have not set the permissions so we choose for Yes, change NTFS permissions and choose Edit Permissions…

By default the file permissions are set to Administrator and System have Full Control access, Users only Read & Execute and Creator Owner may create files and folders. This means everyone can create files and folders but only change the ones created by them. Others can only read those files, so we gave the Users group Modify rights so everyone can change files and folders.

Now we are going to give the share a name, in this case we haven’t installed NFS so we are not able to set this. Just give the share an appropriate name, if you add a $ sign at the end of the share name it will be a hidden share and not visible if someone browse the network.

Here we are able to set some additional features, so choose Advanced…

On the User Limits tab we can limit the number of users that can access the share, default value is maximum allowed. The other option we can set is access-based enumeration, this is a really nice option, when this is enabled users only see folders if they have access permissions.

On the Caching tab you can set if and how files are available for offline caching.

Now we are going to configure the share permissions. Just keep in mind that when you set the share permissions to only read access, you only have read access on the files and folders, no matter what you have configured (modify or owner) over there.
If the default options don’t fit, you can choose Users and groups have custom share permissions: and choose Permissions…

By default the share permissions are set to Read, if people must modify files and folders you have to check Change.

You can apply quota settings to the share, there are six default quota policies defined. But you can create or edit these as you like, you have to do this via the File Server Resource Manager.

This is a nice feature you can apply a file screen to a share and block typical files. So if you have a data only share you can choose to block executable files for security reasons. There are five default file screens available, you can create or edit these screens via the File Server Resource Manager.

If you have configured a DFS namespace you can publish the share to the DFS namespace.

An overview of the options you have chosen, choose Create to create the share.

You have successfully created a network share.

Go back to Part 8 Configuring “POP3 connector”
Continue with Part 10 Configuring “Add a new group”

Posted in Blog, Howto, SBS 2011 at February 1st, 2011. 2 Comments.

Windows Small Business Server 2011 installation and configuration – Part 8 Configuring “POP3 connector”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 7 “Configuring Server Backup” we go to the “Network” page of the SBS console and the connectivity tab.

Right click on POP3 Connector and choose view POP3 Connector properties.

Here we choose Add… to add a the POP3 mail account(s)

Enter all information from you POP3 mail account. At the Windows Small Business Server e-mail account you choose a SBS account where the pop mail has to be delivered.
Because you have to choose an account here to deliver it is just like SBS 2008 POP3 connector not possible to use a catch all address and deliver directly to the e-mail addresses used in the header.

On the scheduling option you can configure the retrieve e-mail time, you cannot set a value lower than 5 minutes.
If you would like to force an immediate connection you can click Retrieve now.

Issue I ran into:

After I configured the POP3 connector and tried retrieving e-mail the mail disappeared from my isp but it didn’t come into my Exchange mailbox.
Some research led met to the C:\Program Files\Windows Small Business Server\Logs\pop3connector\ pop3service.log file. The following failure information was found:

[t 0] 01/22/11, 17:16:21: (SMTP) [RX] 550 5.7.1 Message rejected as spam by Content Filtering.
[t 0] 01/22/11, 17:16:21: Failure hrResult (0x800ccc69) trying to deliver message id 1:
[t 0] 01/22/11, 17:16:21: SMTPRESPONSE: * * * !Failed! * * *
[t 0] 01/22/11, 17:16:21: * * * * * *
[t 0] 01/22/11, 17:16:21: * * * 0x800ccc69 * * *
[t 0] 01/22/11, 17:16:21: Command: [SMTP_DOT]
[t 0] 01/22/11, 17:16:21: Completed: Yes.
[t 0] 01/22/11, 17:16:21: IxpResult:
[t 0] 01/22/11, 17:16:21: —> —> —> hrResult: 0x800ccc69
[t 0] 01/22/11, 17:16:21: pszResponse: 550 5.7.1 Message rejected as spam by Content Filtering.
[t 0] 01/22/11, 17:16:21: uiServerError: 550
[t 0] 01/22/11, 17:16:21: dwSocketError: 0
[t 0] 01/22/11, 17:16:21: pwszProblem:
[t 0] 01/22/11, 17:16:21: 550 is an ignorable error; will continue as if it were successful.
[t 0] 01/22/11, 17:16:21: Message saved to “C:\Program Files\Windows Small Business Server\Data\badmail\550\{908DEBAB-55D1-4048-AF50-558D65567607}”.
[t 0] 01/22/11, 17:16:21: (SMTP) [TX] QUIT

Read More…

Posted in Blog, Howto, SBS 2011 at January 27th, 2011. 47 Comments.

Windows Small Business Server 2011 installation and configuration – Part 7 configuring “Configure Server Backup”

Go directly to SBS 2011 index file. With links to all articles from this serie.

After we are finished with Part 6 configuring “Move server storage (data) to other partition(s)” and moved all data to another partition. We go back to “Home” page of the SBS console and choose for “Configure Server Backup”.

The wizard start with some information about what we are going to do.

In this screen you will see your attached external disk drives. Because I have installed SBS 2011 in a Hyper-V virtual machine I have to check “Show all valid internal and external backup destinations” so I can use a special created disk for backup purposes.

Advice is to use a minimum of 2 or better more disks for your backup, so you can always keep minimal one disk away from the server or better out of the office for something happens with the server or building.

Note that the disk you choose will be formatted and can only be used for backup storage and nothing else. If you use SCSI vhd files you can evenly hotswap the virtual drives from your SBS 2011 virtual machine.

If you use your SBS 2011 as a virtual machine you can also attach your usb disk connected to your host, read here how to attach your usb disk.

Give your disk a meaningful label. You will see here all disk you checked in the previous window.

Choose the partitions you would like to backup.

Choose your backup schedule, you can create it the way you like.

An overview of your selections.

You get a warning because now your disks will be formatted and all data on the disks is lost.

Depending on the size, type and number of the disks it could take some time.

Your server backup is now configured.

You can find the backup job under Backup and Server Storage and then the tab Backup.

This is also the place where you can change the backup job, schedule, selected partitions, remove or add backup disks and restore a backup job.
I would write something about restoring a backup job later.

For how to do a full server restore click here.

Go back to Part 6 configuring “Move server storage (data) to other partition(s)”
Continue with Part 8 Configure “POP3 connector”

Posted in Blog, Howto, SBS 2011 at January 22nd, 2011. 16 Comments.

Windows Small Business Server 2011 installation and configuration – Part 6 configuring “Move server storage (data) to other partition(s)”

Go directly to SBS 2011 index file. With links to all articles from this serie.

When you finished part 5 “Add a trusted certificate” and returned to the SBS Console you now choose for the “Backup and Server Storage” part. You find this option in the header options of the SBS Console. Then you choose for the “Server Storage” tab.

In the upper left panel you see your disk partitions. In the bottom left panel you see witch storage data options are on that specific partition. In the right panel you see the different tasks you can perform. In this case we can move the different storage data options: Exchange Server, SharePoint Foundation, Users’ Shared, Users’ Redirected Documents and Windows Update Repository Data. Because the procedure and wizard is the same for all options I will only show the Exchange Server option.
So we choose for “Move Exchange Server Data”

The wizard starts with some information what we are going to do.

When you do not have configured Windows server backup you get this warning.

Here we choose the partition where we would like to move the data to.

Depending on the size of the storage and disk / server performance this could take a while.

Moving data is successful finished. You see a warning that if you use a third party backup application you must ensure to include the new location in your backup job.

Please note that this wizard only moves the Exchange database files. So corresponding log files are not moved to the other partition. If you would like to move these files as well and then open Exchange Management Console.

Go to Organization Configuration, Mailbox and on the tab Database Management right click the Mailbox Database you would like to change and choose Move Database Path…

Change the Log folder path to the other partition and or other location then choose Move

Warning because the database will be temporarily dismounted so connected user will lose their connection for a little time.

The log folder path had been changed successful.
Please note that you have to repeat this action for all mailbox (public folder) databases.

Go back to Part 5 configuring “Add a trusted certificate”
Continue with Part 7 configuring “Configure Server Backup”

Posted in Blog, Howto, SBS 2011 at January 18th, 2011. 26 Comments.

Windows Small Business Server 2011 installation and configuration – Part 5 configuring “Add a trusted certificate”

Go directly to SBS 2011 index file. With links to all articles from this serie.

When you finished part 4 configuring “Configure a Smart Host for internet e-mail” and returned to the SBS Console you now choose “Add a trusted certificate” to start the wizard.

By default the SBS server is installed with a self-signed certificate. We are now going to prepare an installation of a trusted certificate from a service provider. The reason you would install a trusted certificate is you don’t have to install the self-signed certificate on all devices that are used for remote connections, owa, activesync, outlook anywhere, remote web workplace, etc.

The wizard start with given you information what you are going to do.

If you already have a certificate and installed it on this server than choose for “I want to use a certificate that is already installed on the server”. We are going to choose for “I want to buy a certificate from a certificate provider” because we don’t have a certificate yet.

You now have to enter some information, all fields are required. Most fields will be entered already and taken from information supplied earlier. Make sure you enter correct information otherwise you may have to buy a new certificate.

This is the certificate request information. You need this information to buy a certificate from a service provider. So now go to the certificate service provider of your choice and order the certificate.

I would advise to buy a certificate from a well-known provider as, VeriSign, digicert, godaddy, thawte, … Another thing I would advise is to buy a multi name, UCC, SAN certificate so you can add multiple names to the certificate. The default name I would use is the name given in part 3 configuring “Setup your internet address” remote.domainname.extension and beside that you should also put autodiscover.domainname.extension and servername.domainname.local on the certificate. If you have places left for some names you would like to use, think about another name for companyweb or if you use a specific name for the send connector or something else.

So if your certificate service provider is really fast and you have got your certificate than choose “I have a certificate from my provider.” to continue directly. If your provider needs some time, you can choose “My certificate provider needs more time to process the request” If you choose this option the wizard will finish for now. At the time you got the certificate from your provider you just start the wizard again and the wizard will continue here.

Depending how your certificate provider delivers your certificate you have to paste the receive code or select the received file.

Go back to Part 4 configuring “Configure a Smart Host for internet e-mail”
Continue with Part 6 “Move server storage (data) to other partition(s)”

Posted in Blog, Howto, SBS 2011 at January 15th, 2011. 29 Comments.

Windows Small Business Server 2011 installation and configuration – Part 4 configuring “Configure a Smart Host for internet e-mail”

Go directly to SBS 2011 index file. With links to all articles from this serie.

When you finished part 3 “Setup your internet address” and returned to the SBS Console you now choose Configure a Smart Host for internet e-mail” to start the wizard.

Note: Before we start this wizard has only to be completed if you would like or need to configure a Smart host to send you mail through if you use DNS to send mail through you can skip this step.

So this is a really short wizard, started with some information about what we are going to configure.

We now enter the fully qualified domain name (fqdn) or ip address of the smart host we would like or need to use. You should configure a smart host if your isp blocks port 25 on their network.

If your smart host requires authentication than enter the user name and password.

You now have successful configured a smart host for outgoing mail.

Go back to part 3 “Setup your internet address”
Continue with Part 5 configuring “Add a trusted certificate”

Posted in Blog, Howto, SBS 2011 at January 14th, 2011. 48 Comments.

Windows Small Business Server 2011 installation and configuration – part 3 configuring “Setup your internet address” wizard

Go directly to SBS 2011 index file. With links to all articles from this serie.

When you finished part 2 “Connect to the Internet” and returned to the SBS Console you now choose “Setup your internet address” to start the wizard.

With this wizard we are going to setup your default domain name for use with the SBS server. This domain name will be setup for use as your e-mail address but also for remote web access (web workplace, outlook web access, etc).

If you do not have any domain name registered you can purchase a domain name via this wizard by choosing the option “I want to purchase a new domain name”. I never used this option because most company’s already own one or more domain names. I heard the options are limited only for a few top level domain domains like .com, .net, etc.

So we choose “I already have a domain name that I want to use.”

You can choose to let the server manage your domain name, only this is preserved for a couple of domain name providers. If you would like to use this option you have to move your domain name to one of these providers.
In this case I will choose for “I want to manage the domain name myself.” You have to configure your DNS records (if needed) manually.

Now we have to fill in our domain name with extension. By default SBS use remote.domainname.extension for remote access. If you would change the remote domain prefix to something different choose “Advanced settings”. Because we have chosen to manually configure DNS records, make sure that the chosen domain name has a record pointing to your server.

The wizard is now configuring you server for remote web access and adding the domain name to your Exchange server.

You have successfully configured your server to use domainname.extension.
The warning you see is because the wizard cannot configure the router for remote access. This is no problem but you have to setup your router to accept the used ports manually.

Go back to part 2 “Connect to the Internet”
Continue with Part 4 configuring “Configure a Smart Host for internet e-mail” wizard

Posted in Blog, Howto, SBS 2011 at January 12th, 2011. 164 Comments.

Windows Small Business Server 2011 installation and configuration – part 2 configuring “Connect to the internet” wizard

Go directly to SBS 2011 index file. With links to all articles from this serie.

When you finished installation as in part 1 you choose “Start using the server” or when you closed this window you can start the Windows SBS console icon on the desktop.

You will now see the main screen of your Windows Small Business Server Console, this is the central place where you can control, configure, monitor, etc. most tasks for your SBS environment.

First I will go to some basic configuration wizards, starting with the Connect to the Internet wizard.

This wizard will check your network configuration and if there is an internet connection available. This wizard will also configure a default DHCP scope and the DNS server to use root hints.

When you continue it will start a network scan to automatically detect your network settings and existing router.

When another device on your network had enabled a DHCP server you will get this error. You have to disable or disconnect the other DHCP server to continue the wizard.

When everything is right connected you will get this screen. If these settings are not right you can change them manually.

When no router could be detected you will receive this message.

Now it will do a DNS query to www.microsoft.com through root hints. When query fails you will get a message to manually configure your router and run the Test again. You will have to run the Test once, if it still fails you get a option to continue without running the Test.

When everything runs fine you have successfully completed the Connect to the Internet Wizard.

Choose Finish and you will return to the SBS Console. Place a check mark behind the connect to the internet option so you know you have finished the command.

Go back to Part 1 the installation process
Continue with Part 3 configuring “Setup your internet address” wizard

Posted in Blog, Howto, SBS 2011 at January 10th, 2011. 35 Comments.
Sharing Buttons by Linksku