Administration And ManagementDamian LeibaschoffSupport Escalation EngineerMicrosoft

Ron MartinsenSenior Development LeadMicrosoft

AgendaSBS 2008 Administration Philosophy

User Management Group Management

Questions

SBS 2008 AdministrationGoal: Simplify management of an SBS network

Make it a repeatable deployment and management experience for you the partnerEmpower the occasional small business IT person to do simple tasks

StrategyOne stop shop Admin console

Amalgamate and organize most common/important tasks into an SBS management console Windows SBS console

Complex tasks made easyAmalgamate disparate native application tasks into easy to use SBS tasks

Organize tasks and resource information in a logical wayDo not organize tasks and resource information on the underlying technologies

Admin from anywhere Except from “dumb Internet terminal”

SBS 2008 AdministrationWho can access the console?

SBS administrator (domain administrator)

Where can we access the server/console from?

LocallyLog on to the server

IntranetDesktop link (TS/Remote Desktop)Vista – Admin gadgetRemote Web Workplace – link

InternetRemote Web Workplace – link

Administration

Demo

Admin Console Homepage

User ManagementGoal: Simplify and unify management of SBS users Strategy

One stop shop Admin console/users, user roles sub-tabs

Amalgamate and organize most common/important user management related tasks into one area

Complex user mgmt tasks made easyAmalgamate disparate native application tasks into single easy to use SBS user mgmt tasks

E.g., Add User wizard, edit user propertiesE.g., Add Multiple Users wizards

User ManagementUsers Sub Tab

Creation, modification and removal of user accountsManagement of user related features

E.g., Password policies

User Roles (templates) sub-tabManagement of user templates, which can then be applied to user creation and management

User Management

Demo

Group ManagementGoal: Simplify and unify management of SBS groupsStrategy

One Stop shop Administrator console/groups sub-tabs

Amalgamate and organize most common/important group management related tasks into one area

One task to create a group based on users scenario needs

E-mail distribution list/groupSecurity group

Mail enabled security group

Group Management

Demo

Partner Overview

Partner ProfileInterprom Inc.Barrie Ontario3 Employees25 contracted customers in the SMB spaceOur Focus: Outsourced IT and Managed ServicesMicrosoft Gold Certified Partner

TAP Customer ProfileBlevins Insurance Group20 EmployeesInsurance and Group BenefitsKey Pain Points: Remote access, mandated securityEnhancements to remote access features have enabled employees to have a seamless experience outside the office from their local desktops and windows mobile devices

A Real-World Perspective SBS 2003 provided great tools, but not the easiest interface for remote usersSBS 2008 provides a seamless environment

TS Gateway, published applications, TS WebSecurely exposed Sharepoint 3.0Outlook Anywhere!

We all remember that Remote Web Workplace was the big selling feature in SBS. Who knew it would come around again bigger and better!SBS 2008 provide partners the ability to push out applications – third party, and those developed on SharePoint

Start learning SharePoint 3.0Learn everything you can about Windows 2008 TSStart talking to your customers about Anywhere accessGet familiar with trusted certificates!!

Appendix

Console OverviewSingle Executable

PerformanceLimited dependency on IIS

Task orientedEach TAB does pre-requirement checks

ExamplesSystem Health: Are WSUS and IIS running?Users and Groups: Is AD running?

Advanced mode (Command line /a)ISV Extensibility

System Health tab

Console Overview

Demo

User And Group Management

Only SBS “Stamped” objects will show up

Mostly a migration type scenarioStamp users using the Change User Role wizard

Be aware of replacing permissions/settingsMake sure you display all users from AD

For groups we will provide manual documentation

User And Group Management

TasksUsers

Add a new User AccountAdd multiple user accountsChange user roleChange password policies

Default: Expire 180 daysStrong password enforced

Redirect user account’s folders to the serverManage Desktop Links (Vista Gadget)

User And Group Management

TasksUsers (contextual)

Edit user account propertiesGeneralRemote Access rightsE-mail quotaComputer Access rightsShared Folder quotaGroupsWebsite Access rights

Remove user accountReset user account passwordChange group membershipDisable user accountCreate a new role based on this user’s settingsPrint getting started page for this user

User And Group Management

TasksGroups

Add a new group

Groups (contextual)Edit group properties

Mail enable groupAllow Internet e-mail to the groupAllow archiving for the group

Change group membershipsRemove group

Computer ManagementUnder the Network tabOnly machines under

Default containers for new machines in ADMyBusiness\Computers\SBSComputersMyBusiness\Computers\SBSServersComputers in OUs under them are also displayed

Status is a combination ofARP and ICMP Responses (ping)SMB Access (tcp/445 or tcp/139)

Use: “Net view \\machine” to confirm

ProblemsStale DNS record pointing to a valid IP for another machineClient/server time offsetFirewall at the clientFile and Print Sharing not enabled on the client

Computer ManagementSecurity is a combination of WMI checks

Query the Security Center forAV enabledFirewall enabledAnti-spyware enabled (Vista only)

Similar problems to the status check plus potential WMI issues

Update Status is provided by WSUSBackup and other alerts through our monitoring service

Computer ManagementTasks

Connect computers to your networkHow to guide using online websiteUse portable media

Enable Power Management in Windows VistaBy default Power Management is disabled on domain joined Vista machines when plugged into AC power

Tasks (contextual)View server/computer properties

General information (as reported by WMI)Update information (as reported by WSUS)User access

Workstation Remote Web WorkplaceWorkstation access level

Changing The Company Information

Under Help, Edit Company Information

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The information contained in this presentation relates to pre-release software product, which may be substantially modified before its first commercial release. Accordingly, the information may not accurately describe or reflect the software product when first commercially released. This presentation is provided for informational purposes only, and Microsoft makes no warranties, express or implied, with respect to this presentation or the information contained in it.