Best Practices for Managing Windows Small Business Server 2003
Applies To: Windows SBS 2003
For information about best practices for upgrading your server, see Windows Small Business Server 2003 Upgrade Best Practices (http://go.microsoft.com/fwlink/?LinkId=47031).
Managing users and groups
Use the user account templates in the Add User Wizard to add users to the Windows Small Business Server domain.
The Add User Wizard enables you to create a user account based on user templates. The user template settings are based on the needs of a typical business and include common user properties, such as group memberships, disk space and e-mail quotas, Windows SharePoint Services site group memberships, organizational unit placement, and company address information. Creating a user account that is based on a user template reduces the need to manually enter account properties. When creating a new user account, you enter the unique information, such as user name, e-mail alias, and password, and then the new account inherits common properties from the template you apply.
Windows Small Business Server 2003 has four predefined user templates based on the needs of a typical small business—User Template, Mobile User Template, Power User Template, and Administrator Template.
You can either use these templates to create your user accounts, or you can create new templates. For more information about the predefined user templates, see Managing user templates. For information about creating a new user template, see Add a user template.
For information about modifying the templates, see Change user template properties.
Use the user account templates in the Change User Permissions Wizard to update properties for existing user accounts.
For more information, see Reapply templates to existing users.
Apply Group Policy.
If your client computers are running Windows XP or Windows 2000 Professional, you can set up Windows Small Business Server to use Group Policy features. Group Policy enables an administrator to define and customize many Windows settings for users or client computers, including items that are available on the Windows desktop, logon scripts, available menu items, and security settings. You can define Group Policy settings that apply to a particular computer, a specific user, a domain, or an organizational unit.
To access Group Policy Management from Server Management
Click Start, and then click Server Management.
In the console tree, click Advanced Management, and then click Group Policy Management.
From the Group Policy management console, you can add, remove, or edit Group Policy settings. For more information about configuring Group Policy, see "GPMC How to…" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=53410).
Disable or delete user accounts that you no longer need.
Windows Small Business Server 2003 offers two ways to remove a user account, by either disabling it or deleting it. If a user is permanently leaving the organization, it is recommended that you delete the user account rather than to disable it. However, if a user is temporarily unavailable but expected to rejoin the organization at a later date, you might consider disabling the account rather deleting it.
For more information, see Disable a user account.
Configure connection filtering to block unsolicited e-mail.
Exchange 2003 supports connection filtering based on block lists, which are lists that can be queried by your Exchange server to identify verified spam sources. Connection filtering leverages external services that list known sources of unsolicited e-mail, dial-up user account lists, and servers open for relay based on IP addresses on block lists that they maintain. Connection filtering complements third-party content filter products. You can also configure connection filtering without using a block list provider by creating global accept and deny lists of SMTP addresses from which you want to globally accept or deny all e-mail.
To configure connection filtering, you must first create and configure a connection filtering rule, and then apply it your SMTP virtual server. For more information, search for "Configure Connection Filtering" in Exchange server Help. To access Exchange server Help, click Start, click Server Management, and then press F1.
Monitoring your server
Use server usage reports to evaluate resource needs and plan for future requirements.
Server usage reports include a predefined collection of statistics that can help you understand how clients access and use the Internet, e-mail, fax, remote connectivity, and Outlook Web Access features. By proactively monitoring this information, you can determine how employees are using the key resources on the server, evaluate resource needs, and plan for future requirements that can help make employees more productive and your network more supportable.
For example, if a server usage report suggests high Web activity, and you are using a modem to access the Internet, you might want to replace the modem connection with a DSL connection. Or, if a usage report shows a lot of faxes activity, you might consider adding another fax device on your local network.
For more information, see Monitoring overview.
Use the Change Server Status Report Settings task to change settings of performance and usage reports.
It is recommended that you use the Change Server Status Report Settings task in the Monitoring and Reporting snap-in when you need to change the settings of performance and usage reports. Do not use Task Scheduler to change settings of performance and server reports because it can potentially break the e-mail reports.
For more information, see Monitoring overview.
Delete old log files generated as a result of monitoring the computer running Windows Small Business Server 2003.
When you run the Monitoring Configuration Wizard and select the Usage Reports option, logging is automatically enabled for the following services:
Internet Information Services
Remote Access Service
Because log files can be very large, it is recommended that you delete the log files to free disk space on your server. If you need to save log files, you can create a backup of the files, or save them at a different location. For more information about monitoring log files, see Monitoring log files.
Backing up and restoring data
Create a scheduled task to back up your internal Web site.
By scheduling a task to back up your internal Web site, you create a copy of your Windows SharePoint Services database on your hard disk. If a file or list item is accidentally deleted from the internal Web site, you can restore it from the backup copy on your hard disk without needing to perform a full recovery from backup media. You do not need to include the backup copy of the database in your full server backup. The original copy of the Windows SharePoint Services database is included in the server backup.
For more information, see Enable recovery of individual SharePoint files.
Managing Internet access
Run the Configure E-mail and Internet Connection Wizard to connect your server to the Internet.
A key function of Windows Small Business Server 2003 is to configure Internet services to your small business network. To configure Internet services, use the Configure E-mail and Internet Connection Wizard. The wizard is designed to correctly configure settings for your network, firewall, secure Web site, and e-mail services that are used when connecting your computer running Windows Small Business Server to the Internet. Additionally, you can use the wizard to return your server's network configuration to its original state.
For more information, see Understanding the Configure E-mail and Internet Connection Wizard.
If you installed additional instances of SQL Server 2000 Desktop Engine (MSDE 2000), it is recommended that you download and run the SQL 2000 Critical Update Wizard to help protect your server against the Slammer worm.
Windows Small Business Server Setup installs MSDE 2000 SP3a for the instances of MSDE 2000 that were installed by Windows Small Business Server 2003.
Use the DHCP Server service provided with Windows Small Business Server 2003.
During Setup, if an existing DHCP Server service is detected on the local network, you are prompted to choose whether you want to use the existing service or if you want to disable the service and use the DHCP Server service provided with Windows Small Business Server 2003. It is recommended that you disable the existing DHCP Server service. Once disabled, Setup will install and configure the DHCP Server service on your computer running Windows Small Business Server 2003. By using the DHCP Server service provided with Windows Small Business Server 2003, you will ensure that your DHCP settings are properly configured for the local network.
If you decide to use the existing DHCP Server service, you can later configure Windows Small Business Server 2003 as your DHCP server. To do so, you must disable the existing DHCP Server service, install the DHCP Server service on your computer running Windows Small Business Server 2003, and then configure the DHCP scope.
For more information about installing the DHCP Server service, see "Installing a DHCP server" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=53419). To configure the DHCP scope for Windows Small Business Server 2003, see Configuring Settings for an Existing DHCP Server Service on Your Network in Appendix C of "Getting Started" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=46897).
Managing your intranet
Use the Windows Small Business Server tools to add or update user accounts in the Windows SharePoint Services site groups.
Users must belong to a Windows SharePoint Services site group to access the intranet. It is recommended that you use the tools, such as the Add User Wizard, Add Template Wizard, and Change User Permissions Wizard, to create, modify, or update user accounts. User accounts based on the user account templates are members of the Windows SharePoint Services site group by default.
For more information, see Manage intranet access.
Use Remote Web Workplace to access the company Web site from the Internet.
To access the company Web site through the Internet, you need to publish the site to the Internet. To do this, it is recommended that you use the Configure E-mail and Internet Connection Wizard. This will ensure that the proper permissions are set to allow only authorized users to access the Web services.
After your company Web site has been published, it is recommended that you use Remote Web Workplace to access the site from the Internet. Remote Web Workplace has security features that help prevent malicious users and programs from accessing your Windows Small Business Server network. For more information, see Understanding Remote Web Workplace security features and Allow access to Web services on the server.
Allow your Business Card Web Site to be discoverable by Internet Search Engines
Internet search engines use components called "Web robots" to automatically search and catalog documents and pages that are published to the Internet. The Web robots do this by following hyperlinks on the pages that have been published. But Windows SBS 2003 with SP1 and Windows SBS 2003 R2 prevent Web robots from automatically cataloguing any of the Web sites on your server by creating a file named “Robots.txt” in the %systemdrive%\Inetpub\wwwroot folder.
If you want your business card Web site indexed on the Internet, but you also want to hide the Remote Web Workplace logon page and other Web sites that are on your server, you can replace the default version of Robots.txt with an alternate version named Robots(AllowRoot).txt.
To allow the Business Card Web site to be discoverable on the Internet
In My Computer, navigate to %systemdrive%\Inetpub.
Right-click Robots(AllowRoot).txt, and then click Copy.
Navigate to %systemdrive%\Inetpub\wwwroot, and then paste Robots(AllowRoot).txt.
Delete the existing Robots.txt file in %systemdrive%\Inetpub\wwwroot.
Rename Robots(AllowRoot).txt to Robots.txt.
Managing remote access
Use the Remote Web Workplace to connect remotely to the Windows Small Business Server network in a secure manner.
It is recommended that users connect to the Windows Small Business Server network through the Remote Web Workplace. For more information, see Enable and configure the Remote Web Workplace. Alternatively, if you want to connect using a virtual private network (VPN) connection, use the Remote Access Wizard to configure the necessary settings.
Sign out of the Remote Web Workplace.
Signing out of the Remote Web Workplace when you are finished prevents unauthorized users from accessing network resources.