Administration And Management Damian Leibaschoff Support Escalation Engineer Microsoft Ron Martinsen Senior Development Lead Microsoft
Mar 29, 2015
Administration And ManagementDamian LeibaschoffSupport Escalation EngineerMicrosoft
Ron MartinsenSenior Development LeadMicrosoft
AgendaSBS 2008 Administration Philosophy
User Management Group Management
Questions
SBS 2008 AdministrationGoal: Simplify management of an SBS network
Make it a repeatable deployment and management experience for you the partnerEmpower the occasional small business IT person to do simple tasks
StrategyOne stop shop Admin console
Amalgamate and organize most common/important tasks into an SBS management console Windows SBS console
Complex tasks made easyAmalgamate disparate native application tasks into easy to use SBS tasks
Organize tasks and resource information in a logical wayDo not organize tasks and resource information on the underlying technologies
Admin from anywhere Except from “dumb Internet terminal”
SBS 2008 AdministrationWho can access the console?
SBS administrator (domain administrator)
Where can we access the server/console from?
LocallyLog on to the server
IntranetDesktop link (TS/Remote Desktop)Vista – Admin gadgetRemote Web Workplace – link
InternetRemote Web Workplace – link
Administration
Demo
Admin Console Homepage
User ManagementGoal: Simplify and unify management of SBS users Strategy
One stop shop Admin console/users, user roles sub-tabs
Amalgamate and organize most common/important user management related tasks into one area
Complex user mgmt tasks made easyAmalgamate disparate native application tasks into single easy to use SBS user mgmt tasks
E.g., Add User wizard, edit user propertiesE.g., Add Multiple Users wizards
User ManagementUsers Sub Tab
Creation, modification and removal of user accountsManagement of user related features
E.g., Password policies
User Roles (templates) sub-tabManagement of user templates, which can then be applied to user creation and management
User Management
Demo
Group ManagementGoal: Simplify and unify management of SBS groupsStrategy
One Stop shop Administrator console/groups sub-tabs
Amalgamate and organize most common/important group management related tasks into one area
One task to create a group based on users scenario needs
E-mail distribution list/groupSecurity group
Mail enabled security group
Group Management
Demo
Partner Overview
Partner ProfileInterprom Inc.Barrie Ontario3 Employees25 contracted customers in the SMB spaceOur Focus: Outsourced IT and Managed ServicesMicrosoft Gold Certified Partner
TAP Customer ProfileBlevins Insurance Group20 EmployeesInsurance and Group BenefitsKey Pain Points: Remote access, mandated securityEnhancements to remote access features have enabled employees to have a seamless experience outside the office from their local desktops and windows mobile devices
A Real-World Perspective SBS 2003 provided great tools, but not the easiest interface for remote usersSBS 2008 provides a seamless environment
TS Gateway, published applications, TS WebSecurely exposed Sharepoint 3.0Outlook Anywhere!
We all remember that Remote Web Workplace was the big selling feature in SBS. Who knew it would come around again bigger and better!SBS 2008 provide partners the ability to push out applications – third party, and those developed on SharePoint
Start learning SharePoint 3.0Learn everything you can about Windows 2008 TSStart talking to your customers about Anywhere accessGet familiar with trusted certificates!!
Appendix
Console OverviewSingle Executable
PerformanceLimited dependency on IIS
Task orientedEach TAB does pre-requirement checks
ExamplesSystem Health: Are WSUS and IIS running?Users and Groups: Is AD running?
Advanced mode (Command line /a)ISV Extensibility
System Health tab
Console Overview
Demo
User And Group Management
Only SBS “Stamped” objects will show up
Mostly a migration type scenarioStamp users using the Change User Role wizard
Be aware of replacing permissions/settingsMake sure you display all users from AD
For groups we will provide manual documentation
User And Group Management
TasksUsers
Add a new User AccountAdd multiple user accountsChange user roleChange password policies
Default: Expire 180 daysStrong password enforced
Redirect user account’s folders to the serverManage Desktop Links (Vista Gadget)
User And Group Management
TasksUsers (contextual)
Edit user account propertiesGeneralRemote Access rightsE-mail quotaComputer Access rightsShared Folder quotaGroupsWebsite Access rights
Remove user accountReset user account passwordChange group membershipDisable user accountCreate a new role based on this user’s settingsPrint getting started page for this user
User And Group Management
TasksGroups
Add a new group
Groups (contextual)Edit group properties
Mail enable groupAllow Internet e-mail to the groupAllow archiving for the group
Change group membershipsRemove group
Computer ManagementUnder the Network tabOnly machines under
Default containers for new machines in ADMyBusiness\Computers\SBSComputersMyBusiness\Computers\SBSServersComputers in OUs under them are also displayed
Status is a combination ofARP and ICMP Responses (ping)SMB Access (tcp/445 or tcp/139)
Use: “Net view \\machine” to confirm
ProblemsStale DNS record pointing to a valid IP for another machineClient/server time offsetFirewall at the clientFile and Print Sharing not enabled on the client
Computer ManagementSecurity is a combination of WMI checks
Query the Security Center forAV enabledFirewall enabledAnti-spyware enabled (Vista only)
Similar problems to the status check plus potential WMI issues
Update Status is provided by WSUSBackup and other alerts through our monitoring service
Computer ManagementTasks
Connect computers to your networkHow to guide using online websiteUse portable media
Enable Power Management in Windows VistaBy default Power Management is disabled on domain joined Vista machines when plugged into AC power
Tasks (contextual)View server/computer properties
General information (as reported by WMI)Update information (as reported by WSUS)User access
Workstation Remote Web WorkplaceWorkstation access level
Changing The Company Information
Under Help, Edit Company Information
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
The information contained in this presentation relates to pre-release software product, which may be substantially modified before its first commercial release. Accordingly, the information may not accurately describe or reflect the software product when first commercially released. This presentation is provided for informational purposes only, and Microsoft makes no warranties, express or implied, with respect to this presentation or the information contained in it.