Chapter 12: Managing Computers on the Network

< Day Day Up >

---

As you’ll learn in this chapter, Microsoft Windows Small Business Server 2003 streamlines client management tasks by making it easy to connect computers to the network and manage them remotely from the server. Windows Small Business Server doesn’t directly address keeping client machines up-to-date. See “Security Basics” in Chapter 6, “Completing the To Do List and Other Post-Installation Tasks,” for details about Microsoft Software Update Services (SUS), a free service that enables administrators to approve which Windows updates are applied to client computers.

Microsoft recommends using Microsoft Windows XP Professional, Microsoft Windows XP Tablet Edition, Microsoft Windows XP Media Center Edition, or Microsoft Windows 2000 Professional for all client computers on the network. (Member servers should use Microsoft Windows Server 2003 or Microsoft Windows 2000 Server.) Microsoft Windows NT 4.0 and Microsoft Windows 98 computers function adequately on a Windows Small Business Server 2003 network, but some features aren’t supported (such as automated software deployment and Microsoft Outlook 2003), and clients using these operating systems require extra management time and effort. Computers running Mac OS X or other operating systems usually can be made to work with Windows Small Business Server 2003 for basic tasks (as discussed later in this chapter), but have significant limitations and require more work on the part of the administrator. Therefore, this chapter focuses on clients running Windows XP Professional or Windows 2000 Professional but also includes discussions of other operating systems.

Connecting Computers to the Network

Connecting computers running Windows XP Professional, Windows Server 2003, or Windows 2000 to a Windows Small Business Server 2003 network is easy: just create computer accounts for the computer, establish basic network connectivity, and then use the Small Business Server Network Configuration Wizard to configure the rest of the client’s settings.

Tip

Add all routinely connected VPN clients to the domain. This enables computer authentication as well as user authentication, eliminates the need for remote users to provide credentials for every domain resource they access, and lays a foundation for L2TP VPN deployment. Because VPN client computers that are domain members must authenticate with the domain during logon, remote users can log onto their computers either via a dial-up VPN connection to the domain or by using cached credentials when they don’t want to establish a VPN connection.

Creating Computer Accounts for Client Computers

Before you connect a client computer to the network, you need to run the Set Up Computer Wizard on the Windows Small Business Server computer. This wizard creates computer accounts and optionally assigns software to the computers.

More Info

For information about connecting additional servers to the network, see the next section, “Creating Computer Accounts for Server Computers.”

To run the Set Up Computer Wizard, complete the following steps:

1. Log on to the Windows Small Business Server 2003 computer, click Start, and then click Server Management to open the Server Management console.

2. Click Computers and then click Set Up Client Computers to open the Set Up Computer Wizard.

3. Click Next. On the Client Computer Names page (Figure 12-1), create computer accounts for all client computers, and then click Next:

   • To create a new computer account, type the computer name in the Client Computer Name box and click Add.

   • To rename or remove a computer account you added, select the computer account and click Rename or Remove.

4. On the Client Applications page (Figure 12-2), select the applications to install on each client computer. To allow users to change which applications are installed during Client Setup, select the During Client Setup, Allow The Selected Applications To Be Modified check box. To force the client computer to log off after Client Setup completes processing, select the After Client Setup Is Finished, Log Off The Client Computer check box. Click Next to continue.

   
   Figure 12-1: The Client Computer Names page of the Set Up Computer Wizard.

   Note

   Users of Windows Small Business Server 2003, Premium Edition, should also assign the ISA Server Firewall Client to client computers (unfortunately, it’s not assigned by default). To do so, first add the Firewall Client to the list of available applications, as described in the “Assigning Applications to Client Computers” section of this chapter.

   
   Figure 12-2: The Client Applications page of the Set Up Computer Wizard.

5. On the Mobile Client And Offline Use page, select the Install Connection Manager and Install ActiveSync 3.7 check boxes to facilitate the client computers connecting remotely via VPN and synchronizing Microsoft Pocket PC and Microsoft SmartPhone devices. Click Next to continue.

6. Review the settings and then click Finish.

More Info

To edit the list of applications, see the “Assigning Applications to Client Computers” section of this chapter. To change client computer settings, see the “Viewing and Modifying Client Computer Settings” section of this chapter.

Creating Computer Accounts for Server Computers

Before connecting an additional server to the network, first run the Set Up Server Wizard on the Windows Small Business Server computer to create the computer account and optionally assign software to the computer:

1. Select Sever Management from the Start menu.

2. Click Server Computers in the console tree, and click Set Up Server Computers to launch the Set Up Server Wizard.

3. Click Next. On the Server Computer Name page, type the computer name you want to use for the server in the Server Name box, and then click Next.

4. On the IP Address Configuration page (Figure 12-3), select Obtain An IP Address Automatically By Using DHCP, or select Use The Following Static IP Address and type the static IP address of the server. Click Next when you’re finished.

   
   Figure 12-3: The IP Address Configuration page of the Set Up Server Wizard.

5. Review the settings and then click Finish.

Establishing Basic Network Connectivity

The first step in connecting a computer to a Windows Small Business Server 2003 network is to connect to the network and obtain a valid IP address. This process is pretty simple: plug the computer into an Ethernet switch on the internal network, and configure the system for Dynamic Host Control Protocol (DHCP). Wireless clients must first associate with an access point and provide a WPA/WEP key.

Configuring Windows XP and Windows Server 2003 to Use DHCP

To configure computers running Windows XP or Windows Server 2003 to use DHCP for TCP/IP configuration, complete the following steps:

1. In the Network Connections folder (available in Control Panel), right-click the appropriate network adapter (most likely Local Area Connection), and choose Properties from the shortcut menu.

2. In the Local Area Connection Properties dialog box, select the Internet Protocol (TCP/IP) component, and click Properties. The Internet Protocol (TCP/IP) Properties dialog box appears (Figure 12-4).

   
   Figure 12-4: The General tab of the Internet Protocol (TCP/IP) Properties dialog box.

3. Verify that the Obtain An IP Address Automatically and Obtain DNS Server Address Automatically options are selected, and then click OK.

Note

You might want to use static IP addresses for additional servers (print servers and additional domain controllers are two likely candidates). If you choose to use a static IP address, configure the server with an IP address in the excluded IP address range of 192.168.16.3 through 192.168.16.9, or add an appropriate exclusion in DHCP.

Configuring Windows 2000 to Use DHCP

To configure Windows 2000 clients and servers to use DHCP for TCP/IP configuration, complete the following steps:

1. In the Network And Dial-Up Connections folder (available in Control Panel), right-click the appropriate network adapter (most likely Local Area Connection), and choose Properties from the shortcut menu.

2. In the Local Area Connection Properties dialog box, select the Internet Protocol (TCP/IP) component and click Properties. The Internet Protocol (TCP/IP) Properties dialog box appears (Figure 12-5).

   
   Figure 12-5: The General tab of the Internet Protocol (TCP/IP) Properties dialog box.

3. Verify that both the Obtain An IP Address Automatically and Obtain DNS Server Address Automatically options are selected, and then click OK.

Associating with a Wireless Access Point

Windows XP clients can use the Zero Configuration Wireless feature to easily associate with wireless access points and provide appropriate network keys, as discussed in the following steps. All other clients must use the interface provided by the network adapter drivers.

Note

Pocket PC 2003 devices provide a feature called Zero Configuration Wi-Fi, which works almost identically to the Zero Configuration Wireless feature in Windows XP.

1. After installing and configuring a wireless network adapter, right-click the Wireless Network Connection icon in the system tray, and choose View Available Networks from the shortcut menu.

2. Select your wireless network in the Wireless Network Connection dialog box, shown in Figure 12-6.

   
   Figure 12-6: The Wireless Network Connection dialog box.

3. Type the network key (WPA or WEP) in the Network Key and Confirm Network Key boxes, and then click Connect. If you’re using 802.1X authentication, as discussed in Chapter 17, “Customizing a SharePoint Web Site,” leave the Network Key box empty and select the Enable IEEE 802.1X Authentication For This Network check box. (See Chapter 15, “Managing Connectivity,” for more help with 802.1X.) If you’re using WPA, see the Real World sidebar, “Getting Connected with WPA Authentication.”

Real World

Getting Connected with WPA Authentication

Using Wi-Fi Protected Access (WPA) for wireless client authentication and encryption is one convenient method of securely connecting wireless clients to an internal network, though you must clear a few implementation hurdles before everything works properly.

To use WPA for wireless authentication, clients must run Windows Server 2003 or Windows XP SP1 with the Microsoft WPA client program (discussed in Microsoft Knowledge Base Article 815485 and likely included in future service packs). To use WPA on other operating systems, purchase a third-party WPA supplicant unless one is provided with the network adapter drivers. Two popular third-party WPA supplicants are Funk Software’s Odyssey client (http://www.funk.com/radius/wlan/wlan_c_radius.asp) and Meetinghouse Data Communications AEGIS client (http://www.mtghouse.com/products/client/index.shtml).

Because many wireless network adapters rely on the Microsoft WPA client program for WPA support, computers that don’t have this or a third-party WPA supplicant installed might have to connect to the network via Ethernet cable to download and install WPA support, or install the latest service pack and WPA client from removable media before connecting to the network.

Using the Small Business Server Network Configuration Wizard

After you create a computer account and establish network connectivity, the next step in connecting a Windows XP, Windows Server 2003, or Windows 2000 computer to a Windows Small Business Server 2003 network is to log on to the computer, open Microsoft Internet Explorer, and launch the Small Business Server Network Configuration Wizard. This wizard configures the computer to run on the network by performing the following actions:

• Changes the computer’s workgroup or domain membership to be a member of the Windows Small Business Server’s domain.

• Installs operating system service packs and the Previous Versions client.

• Optionally migrates existing local user profiles stored on the computer to new domain user profiles, preserving the data and settings of local user accounts.

• Optionally installs Outlook 2003, the shared fax client, and any other software you assign to computers (as discussed later in this chapter in the “Assigning Applications to Client Computers” section).

• Optionally installs printer drivers and changes various Windows settings, as discussed later in this chapter in the “Viewing and Modifying Client Computer Settings” section.

More Info

Computers running operating systems other than Windows XP Professional; Windows XP Tablet Edition; Windows XP Media Center Edition; Windows Server 2003; or Windows 2000 must be manually connected to the network, as discussed in the “Connecting Alternate Clients” section of this chapter.

Real World

Connecting Clients Across VPN Links

Clients that frequently connect to the network via a VPN connection, such as telecommuters and wireless clients, should be added to the domain. This makes accessing domain resources easier, improves security by implementing computer authentication, and reduces the complexity of deploying L2TP VPNs. However, VPN clients can’t use the Network Configuration Wizard to join the network, and they can’t receive assigned applications either.

Because of this design decision (made so that VPN clients wouldn’t swamp a company’s Internet connection downloading assigned applications), VPN clients must connect directly to the internal network to join the domain and receive assigned applications. If this approach isn’t feasible (as would be the case with many telecommuters), manually add the clients to the domain using the following steps (clients will not receive assigned applications):

1. Open the System tool in Control Panel.

2. On Windows XP and Windows Server 2003 clients, click the Computer Name tab and then click Change. On Windows 2000 clients, click the Network Identification tab and then click Properties.

3. Select Domain, type the name of the Windows Small Business Server 2003 domain, and then click OK. Reboot the computer when prompted.

Caution

If clients are running previous versions of Outlook and you want to upgrade them to Outlook 2003, disable any COM add-ins before running the Client Setup Wizard.

To use the Small Business Server Network Configuration Wizard to join a computer to the network, complete the following steps:

1. Log on to the client computer using an account with local administrator privileges.

2. Open Internet Explorer. If the Internet Connection Wizard appears, use the wizard to connect to the Internet via a LAN connection.

3. In the Address bar, type http://sbssrv/ConnectComputer (where sbssrv is the computer name of the Windows Small Business Server computer) and press Enter.

4. On the Network Configuration page, click the Connect To The Network Now link.

5. If a Security Warning dialog box appears asking whether you want to install and run the SBS Network Configuration Wizard, click Yes. After a few moments, the Small Business Server Network Configuration Wizard appears.

6. On the User Account And Password Information page, type the user name and password of a domain user account, and then click Next.

7. On the Assign Users To This Computer And Migrate Their Profiles page of the wizard (Figure 12-7), select all domain user accounts that will use the computer from the Available Users list, and then click Add.

   
   Figure 12-7: The Assign Users To This Computer And Migrate Their Profiles page.

8. To migrate existing documents and program settings that are stored in a local user profile to the new domain user profile, select the domain user account in the Assigned User column, and then select the local user profile to migrate in the Current User Settings box. Click Next when you’re finished assigning users to the computer and migrating user accounts.

   Note

   Use the Files And Settings Transfer Wizard provided with Windows XP to transfer user data and settings from a different computer, or to migrate user settings from an account in an existing domain to the new Windows Small Business Server 2003 domain. (See the Real World sidebar “Migrating Profiles from an Existing Domain” for a more thorough procedure.)

9. On the Computer Name page, select the computer name to use and then click Next. Only names created using the Set Up Computer Wizard and not already taken by another computer are listed.

   More Info

   For more information about the Set Up Computer Wizard, see the sections “Creating Computer Accounts for Client Computers” and “Creating Computer Accounts for Server Computers ” in this chapter.

10. On the Completing The Network Configuration Wizard page, review the settings and then click Finish. The Small Business Server Network Configuration Wizard adds the computer to the domain and then restarts the computer (typically two times).

11. Log on to the client computer using a domain user account. A Client Setup Wizard dialog box will appear automatically.

12. In the Client Setup Wizard dialog box, click Start Now to install assigned service packs and software immediately, or click Postpone to do it later.

13. On the first page of the Client Setup Wizard, click Next. On the Assigned Applications page (Figure 12-8), which appears if you selected the During Client Setup, Allow The Selected Applications To Be Modified check box when you created the client computer account, clear the check boxes next to any applications you don’t want to install and then click Next.

    
    Figure 12-8: The Assigned Applications page of the Client Setup Wizard.

14. If the Automatic Logon Information page appears, either type your password to permit the Client Setup Wizard to automatically log on during the Client Setup Wizard (one or more reboots might be necessary) or select Manual Logon to do it yourself. The automatic logon feature is disabled after Client Setup completes. Click Next when you’re finished.

    The Application Setup Progress page appears. The Client Setup Wizard installs the specified applications and service packs and reboots the computer a couple of times, if necessary.

Real World

Migrating Profiles from an Existing Domain

Although the Files And Settings Transfer Wizard in Windows XP is the simplest way to preserve settings in a domain account when switching domains or migrating from an old server, it doesn’t preserve all settings. To preserve the entire user profile, use the following steps to create a new local user account and copy the domain profile to that account.

1. On the client computer, create a new local user account using the Local Users and Groups MMC snap-in (accessible via the Computer Management snap-in) and add the account to the local Administrators group (you can make the local group memberships more appropriate after joining the domain).

2. Log on with the new local user account.

3. Open the System tool in Control Panel, click the Advanced tab, and then click Settings in the User Profiles section.

4. Select the domain account you want to migrate, click Copy To, and in the Copy To Profile box, type the path to a suitable folder on the hard drive (most likely a subfolder of the C:\Documents And Settings folder).

5. Click Change, click Locations, select the local computer in the Locations dialog box, and then click OK. This returns you to the Select User Or Group dialog box.

6. Type the name of the local user account you created and then click OK. Click OK again twice to finish copying the profile.

7. Open the Local Users And Groups snap-in, double-click the local user account you created, click the Profile tab, and then type the location of the folder to which you copied the profile in the Profile Path box. Click OK when you’re finished.

8. Open the System tool in Control Panel, click the Computer Name tab, and then click Change (on Windows XP and Windows Server 2003 computers). On Windows 2000 computers, click the Network Identification tab and then click Properties.

9. Select Workgroup, type a workgroup name (WORKGROUP is always popular), and then click OK. Reboot the computer when prompted, log on using the newly minted local user account, and then use the Network Configuration Wizard to join the domain and migrate the new local user account, which now stores the settings of the domain account you want to migrate.

Connecting Alternate Clients

Windows XP and Windows 2000 clients provide the best client experience on a Windows Small Business Server 2003 network and take the least amount of time to administer. However, clients running other versions of Windows as well as computers running Mac OS X can be connected to a Windows Small Business Server network if you’re willing to expend a little extra effort. The following sections show you how.

Note

Windows XP Home Edition isn’t suitable for full-time use on a Windows Small Business Server network and should be upgraded to Windows XP Professional. However, for occasional use, Windows XP Home Edition can be made to work if you enable DHCP, join it to a workgroup with the same name as the Windows Small Business Server domain, and provide a domain user name and password when connecting to shared resources.

Connecting Windows 98 and Windows Me Clients

To connect Windows 98 and Microsoft Windows Millennium Edition (Me) clients to a Windows Small Business Server 2003 network, configure TCP/IP, install Windows Small Business Server clients, and connect to network printers and the shared fax service.

Note

Microsoft Windows 95 clients should be upgraded to Windows 98 (at a minimum). If you can’t easily upgrade Windows 95 clients, install the Active Directory client extensions or disable signed communications, as discussed in the “Disabling SMB Signing” section of this chapter.

Caution

Sensitive data stored on a Windows 98 machine is completely exposed to anyone with local access to the computer. If file security is important, upgrade the client to Windows 2000 or Windows XP and use NTFS permissions and EFS to encrypt files as necessary.

Configuring TCP/IP Settings To connect to the Windows Small Business Server 2003 computer, Windows 98 and Windows Me clients must first configure TCP/IP properly, as discussed in the following steps:

1. On the Windows 98 or Windows Me client, uninstall existing versions of the Shared Fax Client, Shared Modem Client, and Firewall client.

2. Open Control Panel on the client and double-click Network.

3. Select the TCP/IP component bound to the network adapter used to connect to the Windows Small Business Server computer, as shown in Figure 12-9, and then click Properties.

   
   Figure 12-9: The Network dialog box of a Windows 98 client.

4. On the IP Address tab, select Obtain An IP Address Automatically.

5. Click the WINS Configuration tab and select Use DHCP For WINS Resolution, and then click OK.

6. In the Network dialog box, click the Identification tab, type the appropriate computer name in the Computer Name box, type the Windows Small Business Server domain name (EXAMPLE, for example) in the Workgroup box, and optionally type a description of the computer.

7. Click the Access Control tab and select Share-Level Access Control.

8. Click the Configuration tab, select Client For Microsoft Networks, and then click Properties.

9. In the Client For Microsoft Networks Properties dialog box, select the Log On To Windows NT Domain check box (Figure 12-10), type the NetBIOS name of the Windows Small Business Server domain, click OK, and then click OK once more. Restart the computer when prompted.

   
   Figure 12-10: The Client For Microsoft Networks Properties dialog box of a Windows 98 client.

10. Open Control Panel, double-click Internet Options, and then click the Connections tab.

11. In the Dial-Up And Virtual Private Network Settings section of the Connections tab, specify if and when the client should establish a dial-up or VPN connection, and then click LAN Settings. (If the options in the Dial-Up And Virtual Private Network Settings section are unavailable, install the Dial-Up Network and Virtual Private Networking components from the Windows Setup tab in Add Or Remove Programs.)

12. If you’re using Windows Small Business Server 2003, Standard Edition, clear the Use A Proxy Server check box. If you’re using Windows Small Business Server 2003, Premium Edition with ISA Server, select the Use A Proxy Server check box, type the NetBIOS name of the Windows Small Business Server Computer in the Address box (SBSSRV, for example), type 8080 in the Port box (unless you changed it to something else), select the Bypass Proxy Server For Local Addresses check box, click OK, and then click OK again.

Installing Windows Small Business Server Client Software After getting a Windows 98 or Windows Me client up and running on the network, you should perform some additional tasks before considering the system ready for use:

• Install Active Directory client extensions for Windows 95/98 These extensions provide stronger authentication (NTLM version 2), site awareness for businesses with branch offices, and Distributed Files System (DFS) client support. Install the Dsclient.exe file from the \Clients \Win9X folder of a Windows 2000 Server CD.

• Install the firewall client If you’re using Windows Small Business Server 2003, Premium Edition, install the ISA Server firewall client by running Setup.exe from the \\sbssrv\mspclnt share (where sbssrv is the computer name of the Windows Small Business Server computer).

• Install Previous Versions client (shadow copy client) This provides access to previous versions of files stored on the Windows Small Business Server computer. To install the Previous Versions client, launch the Shadowcopyclient.msi file from the \\sbssrv\ClientApps\ShadowCopy share where sbssrv is the name of the Windows Small Business Server computer. (To install the Previous Versions client, you must have Windows 98 Second Edition or Windows Me.)

• Install Internet Explorer 6 Installing Internet Explorer 6 ensures that the client can use the Intranet properly and increases the security and compatibility of general Web browsing as well (although you can, of course, use a different Web browser). To install Internet Explorer 6, launch the Ie6setup.exe file from the \\sbssrv\ClientApps\Ie6 share where sbssrv is the name of the Windows Small Business Server computer.

• Install the latest updates from Windows Update Use Windows Update on the client to download the latest security patches and updates.

• Configure Outlook to work with Exchange Outlook 2003 won’t install on Windows 98 computers, so you’re stuck with earlier versions or Microsoft Outlook Web Access (OWA). If you’re going to use an earlier version of Outlook, configure Outlook to use the Exchange Server by opening Control Panel, double-clicking Mail, clicking either E-Mail Accounts (Outlook 2002) or Add (Outlook 2000), and then using the resulting dialog boxes to add a new Microsoft Exchange Server account.

Connecting to Printers and Shared Faxes To connect to printers and shared faxes, complete the following steps:

1. Click Start, choose Run, type \\sbssrv in the Open box, and then press Enter (where sbssrv is the computer name of the Windows Small Business Server computer).

2. Double-click the printer or fax to which you want to connect and then click Yes to set up the printer.

3. On the first page of the Add Printer Wizard, specify whether to enable printing from MS-DOS–based programs and then click Next. If you chose to enable printing from MS-DOS–based programs, click Capture Printer Port, select the first available printer port (LPT1), click OK, and then Click Next.

4. If the wizard does not recognize your printer, you are asked to select the printer manufacturer and model. If the printer isn’t listed, use the installation disk that came with your printer.

5. Type a name for the printer, specify whether you want to use it as the default printer, and then click Next.

6. If asked to print a test page, make a selection and then click Finish. If prompted, provide the location of the printer drivers. If you chose to connect to the shared fax printer, the first time you send a fax you are asked whether you want to install the Shared Fax Client so that you can monitor faxes as they’re sent. Click Yes to install the Shared Fax Client, which also creates shortcuts on the Start menu for sending faxes.

Connecting Windows NT 4.0 Clients

To connect Windows NT 4.0 clients to a Windows Small Business Server 2003 network, configure TCP/IP, add the computers to the domain, install Windows Small Business Server clients, and connect to network printers and the shared fax service.

Configuring TCP/IP Settings and Domain Membership To connect to the Windows Small Business Server 2003 computer, Windows NT 4.0 clients must first configure TCP/IP and create computer accounts in the Windows Small Business Server domain. Follow these steps:

1. On the client, open Control Panel and double-click Network.

2. Click the Protocols tab, select TCP/IP Protocol, and then click Properties.

3. Select the network adapter used to connect to the Windows Small Business Server computer, and then select Obtain An IP Address From A DHCP Server.

4. Click the WINS Address tab, and select the Enable DNS For Windows Resolution check box. Click OK, click Close, and then restart the computer. Once the connection process completes, Windows NT obtains an IP address and subnet mask from the DHCP server, as well as the IP addresses of the default gateway, DNS server, and WINS server.

5. Open Control Panel and double-click Network.

6. Click Change on the Identification tab to display the Identification Changes dialog box (Figure 12-11). Select Domain and type the domain name of the Windows Small Business Server. Select the Create A Computer Account In The Domain check box, type a domain user name and password, and then click OK. Close the Network dialog box, and then restart the computer when prompted.

   
   Figure 12-11: The Identification Changes dialog box of a Windows NT 4.0 client.

7. Open Control Panel, double-click Internet Options, and then click the Connections tab. (If you’re still using Internet Explorer 2, install Internet Explorer 6 before performing this step.)

8. In the Dial-Up And Virtual Private Network Settings section of the Connections tab, specify if and when the client should establish a dial-up or VPN connection, and then click LAN Settings.

9. If you’re using Windows Small Business Server 2003, Standard Edition, clear the Use A Proxy Server check box. If you’re using Windows Small Business Server 2003, Premium Edition with ISA Server, select the Use A Proxy Server check box, type the NetBIOS name of the Windows Small Business Server Computer in the Address box (SBSSRV, for example), type 8080 in the Port box (unless you changed it to something else), select the Bypass Proxy Server For Local Addresses check box, click OK, and then click OK again.

Installing Windows Small Business Server Client Software After getting a Windows NT 4.0 client up and running on the network, you should perform some additional tasks before considering the system ready for use:

• Install Service Pack 6a Service Pack 6a is required by many software packages. Download it from http://www.microsoft.com. Oddly enough, a clean installation of Windows NT 4.0 can’t connect to the Microsoft Web site to download SP6a or install Internet Explorer 6. However, it can download Netscape (http://www.netscape.com) or Mozilla (http://www.mozilla.org), which can then be used to install updates.

  Note

  Windows NT 4.0 clients prior to SP4 don’t support Server Message Block (SMB) signing, and consequently can’t access files (such as service packs) on the Windows Small Business Server 2003 computer, unless you disable SMB signing, as discussed in the “Disabling SMB Signing” section of this chapter.

• Install the firewall client If you’re using Windows Small Business Server 2003, Premium Edition, install the ISA Server firewall client by running Setup.exe from the \\sbssrv\Mspclnt share (where sbssrv is the computer name of the Windows Small Business Server computer).

• Install Internet Explorer 6 Installing Internet Explorer 6 ensures that the client can use the intranet (and the Internet) and install the Windows Small Business Server 2003 client applications properly. To install Internet Explorer 6, launch the Ie6setup.exe file from the \\sbssrv\ClientApps\Ie6 share on the Windows Small Business Server 2003 computer.

• Install Active Directory client extensions for Windows NT 4.0 These extensions provide stronger authentication (NTLM version 2), site awareness for businesses with branch offices, and Distributed Files System (DFS) client support. To install the Active Directory client extensions, launch the Dsclient.exe file from the Windows Small Business Server 2003 Disk 3 in the \SBSSUPPORT\ADCLIENT folder.

• Install the latest updates from Windows Update Connect to the Windows Update site (http://windowsupdate.microsoft.com) on the client to download the latest security patches and updates.

• Configure Outlook to work with Exchange Outlook 2003 won’t install on Windows NT 4.0 computers, so you’ll have to stick with earlier versions or Outlook Web Access (OWA). If you’re going to use an earlier version of Outlook, configure Outlook to access the Exchange Server by opening Control Panel, double-clicking Mail, and clicking either E-Mail Accounts (for Outlook 2002) or Add (for Outlook 2000), and then using the resulting dialog boxes to add a new Microsoft Exchange Server account.

Note

Windows NT 4.0 doesn’t support the Previous Versions client.

Connecting to Printers and Shared Faxes To connect to printers and shared faxes, complete the following steps:

1. Click Start, choose Run, type \\sbssrv in the Open box, and then press Enter.

2. Double-click the printer or fax to which you want to connect and then click Yes to install the printer. If prompted, provide the location of the needed drivers. Click Yes to restart the computer if prompted.

Connecting Mac OS X Clients

Mac OS X is the most compatible Macintosh operating system ever. Out of the box, Mac OS X 10.2.x and Mac OS X 10.3.x can connect to file shares and printers hosted by a Windows Small Business Server 2003 computer and use Internet Explorer 5 for Mac OS X to participate on SharePoint intranet Web sites. Besides the built-in support, Microsoft Office is available on Mac OS X; Microsoft Entourage v.X 10.1.4 and later have native support for Microsoft Exchange; and there’s a free Remote Desktop Connection client for Mac OS X available at http://www.microsoft.com/mac.

There are some caveats. First, the Windows Small Business Server domain shouldn’t use a domain name with the .local top-level domain (for example, example .local) because it conflicts with the Rendezvous automatic network configuration feature of Mac OS X 10.2.x and later. (See the Real World sidebar “Can’t Connect to .local Domains” for a somewhat awkward workaround.) Second, Mac OS X 10.2.x can’t log on natively to the domain (though Mac OS X 10.3.x can)—instead it acts as a workgroup member (unless you use Thursby Software’s ADmitMac). Even with these issues addressed, Mac OS X computers are still second-class citizens on a Windows Small Business Server 2003 network, with no support for the Previous Versions or Shared Fax clients, no remote administration capabilities, and limited support for the Remote Web Workplace.

Nonetheless, a few hurdles rarely stop a Mac user, so the following sections show how to use a Mac OS X 10.2.x computer with Windows file shares and shared printers, and how to disable SMB signing on the Windows Small Business Server network for Mac OS X 10.2.x clients (Mac OS X 10.3.x clients work fine with SMB signing enabled).

Connecting to Windows File Shares To connect to a Windows file share from a computer running Mac OS X 10.2.x, use the following steps. (Mac OS X 10.3.x clients look slightly different.)

1. Disable SMB signing on the Windows Small Business Server, as described in the “Disabling SMB Signing” section of this chapter. (This isn’t necessary for Mac OS X 10.3.x clients.)

2. Configure the computer to obtain its IP address using DHCP, if it doesn’t already.

3. Select Connect To Server from the Go menu of Finder.

4. In the Connect To Server window shown in Figure 12-12, browse to the computer or type the address of the Windows file share, using one of the following formats:

   smb://fullyqualifieddomainname/sharename

   smb://domain.name;servername/sharename

   For example, to connect to the Data share on the sbssrv.example.office computer in the example.office domain, type smb://sbssrv.example .office/Data.

   
   Figure 12-12: Connecting to a Windows file share.

5. Verify the workgroup or domain name, type an appropriate user name and password in the SMB/CIFS Filesystem Authentication dialog box, and then click OK. If you browsed to the computer, select a share and then click OK. The Windows file share appears on the desktop.

Real World

Can’t Connect to .local Domains

Apple computers running Mac OS X version 10.2 and later support automatic network configuration using a technology called Rendezvous. This is all fine and good until you try to use one of these systems on a domain that uses the .local DNS extension (which Windows Small Business Server 2003 uses by default). Simply put, the Mac system isn’t able to connect to any Windows systems via Server Message Blocks (SMBs)—the default file sharing protocol of Windows.

To remedy this situation, install a newer version of Mac OS X that fixes this issue (if one is ever released), read article 107800 in Apple’s Knowledge Archive (http://search.info.apple.com), or use the following procedure (unless you want to follow the advice from Microsoft and rename your domain to some other extension, such as .office or .work):

1. Open the Terminal program located in the Utilities folder, which opens a full-fledged UNIX command line. (OK, technically it’s not UNIX; it’s Darwin—an open-source variant of FreeBSD.)

2. Change to the /etc/resolver/ directory by typing the following commands, pressing Enter after each line:

   Cd /

   Cd etc/resolver

3. Log on as the root (administrator) user by typing sudo tcsh, and then typing the administrator password for the system.

4. Edit the local file using the text editor of your choice. To use pico (a simple text editor), type pico local.

5. Replace the listed nameserver IP address with the correct IP address of a DNS server on the .local domain that you want the Mac OS X system to access.

6. Replace the port number with 53.

7. Save the file by pressing Ctrl+X, and then Y, and then Enter.

Connecting to Networked Printers The easiest way to print to a printer shared by a Windows computer from a Mac OS X 10.2.x client is to install Print Services For UNIX on the Windows Small Business Server computer and then print using IP printing. (Mac OS X 10.3.x clients can connect directly to Windows print servers and don’t need this section.) To do so, complete the following steps:

1. On the Windows Small Business Server computer, open Add/Remove Programs and then click Add/ Remove Windows Components.

2. In the Windows Components Wizard, select the Other Network File And Print Services option, click Details, select Print Services For Unix, and then click OK. Click Next to install the component.

3. On the Mac OS X client, open the Applications folder, and then open the Utilities folder.

4. Double-click Print Center to open the Printer List dialog box.

5. Click Add.

6. Choose IP Printing from the box at the top of the sheet shown in Figure 12-13.

   
   Figure 12-13: Connecting to a Windows print server using an LPR connection on a Mac OS X 10.2.x system.

7. Type the IP address or DNS name of the print server.

8. To specify a printer on the print server, clear the Use Default Queue On Server check box and type the share name of the printer in the Queue Name box.

9. Select the appropriate printer driver from the Printer Model box. If a driver isn’t available from the printer manufacturer, try using Gimp-Print (http://gimp-print.sourceforge.net), though these drivers are unsupported.

10. Click Add when you’re finished. The printer is then added to the list of printers available on the Mac OS X client system.

Disabling SMB Signing To use Mac OS X 10.2.x on a Windows Small Business Server 2003 network, you need to first disable SMB signing on the domain. (This is unnecessary for Mac OS X 10.3.x systems.) To do so, complete the following steps:

1. Open the Group Policy Management console in the Administrative Tools folder on the Start menu.

2. In the console tree, navigate to Domains, then to example.local (or whatever the domain is called), and then to Group Policy Objects.

3. Create a new Group Policy Object (GPO) for the settings by right-clicking the Group Policy Objects container, choosing New from the shortcut menu, typing a name for the GPO (such as Disable SMB Signing), and then clicking OK.

   Tip

   Don’t make changes to the default GPOs—instead create new GPOs with your settings. That way you can easily undo your changes by disabling the GPO. Use the Group Policy Results and Group Policy Modeling tools to ensure that your GPO is being applied properly.

4. Link the new GPO to the Domain Controllers container by dragging it from the Group Policy Objects container into the Domain Controllers container. Click OK when asked whether you want to create the link.

5. Select the Domain Controllers container. On the Linked Group Policy Objects tab (Figure 12-14), select the GPO you created and click the Move Link To Top button to ensure that the GPO overrides the settings in the Default Domain Controllers Policy. The GPO you created appears at the top of the list, with a link order of one (the lower the link order, the later the policy is processed, with each policy overwriting any preceding policies that conflict).

   
   Figure 12-14: The Linked Group Policy Objects tab showing the Disable SMB Signing GPO processed last (and thus having the highest priority).

6. Right-click the GPO you created and choose Edit from the shortcut menu. This opens the Group Policy Object Editor.

7. Navigate to Computer Configuration, Windows Settings, Security Settings, Local Policies, and finally Security Options (Figure 12-15).

8. Double-click the Microsoft Network Server: Digitally Sign Communications (Always) policy.

9. In the Microsoft Network Server: Digitally Sign Communications (Always) dialog box, select the Define This Policy check box, choose Disabled, and then click OK. Close the Group Policy Object Editor window.

10. Open a command prompt window and type gpupdate to refresh Group Policy.

Tip

To verify that the policy is being applied to the Windows Small Business Server 2003 computer, right-click the Group Policy Results container in the Group Policy Management console, choose Group Policy Results Wizard from the shortcut menu, and then use the wizard to create a report detailing which settings are applied to the server.

Figure 12-15: The Security Options container of the Group Policy Objects Editor window.

---

< Day Day Up >