Managing Computers from the Server

Most aspects of Windows XP and Windows 2000 clients (and some aspects of Windows NT 4.0) can be easily managed across the network from a Windows Small Business Server 2003 computer using the Server Management console. The following sections cover assigning applications (including the ISA Server firewall client) to computers, creating a Remote Connection disk for VPN access, remotely managing client computers and settings, as well as removing computers from the network.

Virus and Spam Strategies

Viruses and spam are two of the biggest hazards for networks today. To mitigate these risks, maintain consistent backups, install software updates as they are released, keep on top of network security, and take the following actions.

Install self-updating antivirus software on the Windows Small Business Server 2003 server as well as on all clients. The best way to do this is to use a small-business antivirus package that includes client, server, and Exchange Server virus scanning. This package is often no more expensive than purchasing consumer antivirus software for each client, and it provides additional scanning and management capabilities. Users of Windows Small Business Server 2003, Premium Edition, might want to evaluate ISA Server third-party antivirus and spam filtering plug-ins. Companies that have a lot of remote users connecting to their SharePoint site should also investigate SharePoint antivirus software.

To reduce the effects of spam on your business, test the built-in spam filtering capabilities of Outlook 2003 in your environment By default, Outlook 2003 blocks HTML e-mail messages from connecting to the Internet without your expressed permission, which might confuse some users but prevents spammers from confirming an e-mail address. Outlook also makes it easy to set up lists of blocked senders and safe senders, which can be uploaded to Exchange Server, though once again, this might require some user training. If these features don’t make a large enough impact, supplement or replace them with third-party spam filtering software on the Exchange Server or the client, or both.

Assigning Applications to Client Computers

Windows Small Business Server provides a way to easily assign applications to client computers running Windows 2000 Professional, Windows XP Professional, Windows XP Tablet PC Edition, or Windows XP Media Center Edition (additional servers should install software manually or by using Group Policy). To do so, complete the following steps:

1. Open the Server Management console on the Windows Small Business Server 2003 computer.

2. Click Computers to open the Client Computers container, shown in Figure 12-19.

   
   Figure 12-19: The Client Computers container of the Server Management console.

3. Click Assign Applications To Client Computers, and then click Next in the first page of the Assign Applications Wizard.

4. On the Client Computers page, select the computers to which you want to assign applications and then click Add. Click Next to continue.

5. On the Client Applications page (Figure 12-20), select which applications you want to assign to the specified computers. Click Next when you’re finished.

   • To allow users to change which applications are installed during Client Setup select the During Client Setup, Allow The Selected Applications To Be Modified check box.

   • To force the client computer to log off once Client Setup is complete, select the After Client Setup Is Finished, Log Off The Client Computer check box.

   • To change whether Windows Small Business Server configures such settings as Outlook Profiles and Internet Explorer settings, click Advanced.

   • Click Edit Applications to edit or add to the list of available applications. See the Real World sidebar “Adding Your Own Applications” in this chapter for information about how to add other applications (including the ISA Server firewall client) to the Client Applications list.

   More Info

   Refer to the “Viewing and Modifying Client Computer Settings” section later in this chapter for information about changing client settings such as Internet Explorer Favorites.

   
   Figure 12-20: The Client Applications page of the Assign Applications Wizard.

6. On the Mobile Client And Offline Use page, check the Install Connection Manager and Install ActiveSync 3.7 check boxes to facilitate the client computers connecting remotely via VPN connection and synchronizing Microsoft Pocket PC and Microsoft SmartPhone devices. (You must run the Remote Connection Wizard before Connection Manager will work.) Click Next to continue.

7. Review the settings and then click Finish. The next time a domain user logs on to the computer to which applications are assigned, the applications automatically install. For programs that you manually added to the list of client applications, a shortcut to the installation program is placed on the desktop instead.

Adding Your Own Applications

Windows Small Business Server 2003 makes it easy to assign service packs, Internet Explorer 6, Outlook 2003, and the Shared Fax Client to client computers, but this isn’t exactly a comprehensive list of applications. In fact, there is a very important omission for users of Windows Small Business Server 2003 Premium Edition—the ISA Server Firewall Client. To add applications to this list, complete the following steps:

1. Perform an administrative installation of the desired program to a new folder in the C:\ClientApps folder on the Windows Small Business Server computer, or copy the setup files to a new folder in the C:\ClientApps folder (assuming the \ClientApps folder is located on the C:\ drive). To perform an administrative installation of Microsoft Office, for example, use the setup.exe /a command.

   The ISA Server Firewall Client installation files are already shared as \mspclnt on Windows Small Business Server 2003, Premium Edition installations, and don’t need to be copied anywhere else.

2. Start the Assign Applications Wizard.

3. On the Client Applications page of the Assign Applications Wizard, click Edit Applications, which displays the first page of the Set Up Client Applications Wizard. Click Next.

4. On the Available Applications page, click Add.

5. In the Application Information dialog box, shown in Figure 12-21, type the application name and network path, including any setup parameters (such as those that automate setup), and enclose the path in quotation marks. For the ISA Server Firewall Client, type "\\sbssrv\mspclnt\setup.exe" (where sbssrv is the computer name of the Windows Small Business Server computer). Click OK.

   
   Figure 12-21: The Application Information dialog box.

6. If Windows Small Business Server asks whether it can change the permissions of the folder to Read and Execute, click Yes.

7. Add or remove any additional programs, click Next, and then click Finish to return to the Assign Applications Wizard.

How Applications Are Assigned

Windows Small Business Server 2003 assigns applications to computers using a logon script (SBS_LOGIN_SCRIPT.BAT) that is assigned to all domain users. When a user logs on, the script is run and the Windows Small Business Server client setup program starts (\\sbssrv\Clients\Setup\Setup.exe). The client setup program then parses the XML response file (Apps.dat) located in the \\sbssrv\clients\response\computername folder (where sbssrv is the name of the Windows Small Business Server 2003 computer, and computername is the name of the computer the user is logging on to). This XML file provides the location of the setup program for each assigned application, as well as any setup parameters. The Apps.dat file can be edited to force a reboot after an application is installed (change the needsReboot="0" value to "1").

Using the Windows Small Business Server 2003 method of application deployment is the most painless way to deploy applications in Windows Small Business Server 2003; however, the Software Installation And Maintenance feature of Group Policy is also present, and can be used by savvy administrators (though be careful when mixing the two). For in-depth coverage of software deployment using Group Policy, refer to Microsoft Windows Server 2003 Administrator’s Companion (Microsoft Press).

Creating a Remote Connection Disk

Windows Small Business Server 2003 can create a Remote Connection disk to automate the process of connecting a client computer to the Windows Small Business Server 2003 computer using a VPN connection. (This is the same as installing Connection Manager on a client.)

To use this feature, which requires that you’ve already run the Remote Access Wizard, complete the following steps:

1. In the Client Computers container of the Server Management console, click Create Remote Connection Disk.

2. Click Next in the first page of the Create Remote Connection Disk Wizard, specify the floppy drive to use as well as the number of disks to create, and then click Next.

3. Insert a blank floppy disk into the Windows Small Business Server computer and click Finish.

To use the Remote Connection disk on a client computer, insert the floppy disk, run the Setup.exe program, and click Yes when asked whether you want to install the connection to Small Business Server. To use the new VPN connection, double-click the Connect To Small Business Server icon on the desktop, type the appropriate user name and password (Figure 12-22), and then click Connect.

Figure 12-22: The Connect To Small Business Server window.

Viewing and Modifying Client Computer Settings

Windows Small Business Server 2003 makes viewing and changing the settings it applies to client computers on the network easy. To view or change the settings, open the Server Management console, click Computers, and click View Computer Settings. In the View Or Change Client Computer Settings dialog box, perform the appropriate tasks:

• To view the settings for a computer, click the plus sign next to the computer name, and then click the plus sign next to Assigned Applications, Client Setup Settings, or Client Setup Configuration Options (Figure 12-23).

• To add applications to a specific computer, right-click Assigned Applications under the appropriate computer and choose Run Assigned Applications Wizard.

• To unassign or reinstall an application on a computer, click the plus sign (+) next to Assigned Applications, right-click the application, and choose either Unassign This Application or Reinstall from the shortcut menu. Unassigning an application doesn’t uninstall it.

• To toggle Client Setup Settings or Client Setup Configuration Options on or off, right-click the setting or option and choose Change from the shortcut menu.

Figure 12-23: The View Or Change Client Computers Settings dialog box.

Settings Applied to Client Computers

Besides installing applications, the Small Business Server Network Configuration Wizard configures the following settings:

• Internet Explorer Sets the Home Page to http://companyweb and adds links to the Favorites menu for a Windows Small Business Server help page, the official Microsoft Small Business Server Web site, a remote server management page, and a remote e-mail access page (Outlook Web Access).

• Outlook Profile Settings Configures Outlook to use Exchange Server for the default e-mail account, installs the fax mail transport allowing MAPI applications (including Outlook) to send faxes, and configures manual synchronization of offline folders for computers that are assigned Connection Manager.

• Desktop Settings Creates a My Network Places link to the /General Documents folder in the SharePoint Intranet Web site (http: //companyweb/General Documents).

• Fax Printer Installs a fax printer so that the client computer can send faxes by “printing” to the Windows Small Business Server Shared Fax service.

• Printers If a single printer is published in Active Directory, the printer is installed on the client and made the default printer, unless a local printer is installed on the client. If multiple printers are published in Active Directory, all are installed, but no default printer is specified.

• Fax Configuration Information Configures the client fax software with the default sender information from the server so that cover sheets automatically contain the correct sender information.

• Remote Desktop Enables Remote Desktop and Remote Assistance on the client computer.

Remotely Managing Computers and Viewing Event Logs

Checking the health of client computers can be a time-consuming task when it involves physical visits to each machine. Windows Small Business Server 2003 reduces the time involved by allowing you to remotely check event logs, open the Computer Management console, and even establish a Remote Desktop connection to client computers, all from within the Server Management console.

To perform these tasks, open the Client Computers or Server Computers container in the Server Management console, select the computer, and then use the following list to perform certain tasks. Unless otherwise noted, these tasks can be performed only on computers running Windows XP Professional, Windows XP Tablet PC Edition, Windows XP Media Center Edition, Windows Server 2003, and Windows 2000.

• To open Computer Management on the client computer, click Manage Computer. The Computer Management console provides access to event logs, Device Manager, Services, Shared Folders, local users and groups, and other important tools.

• To go straight to the event logs, click View Event Logs.

• To establish a Remote Desktop connection to the computer, giving you complete control over the computer, click Connect To Computer Via Terminal Services. This feature doesn’t work on computers running Windows 2000 Professional.

• To go straight to the Services console of a selected server computer, click View Services. This feature appears for server computers.

More complex administrative tasks can be accomplished using Windows Management Instrumentation (WMI), although learning WMI is worth the time only if you do a lot of remote administration. Use the Scriptomatic Tool (available at http://www.microsoft.com/technet/scriptcenter) to get started, which makes it easy to create simple scripts that remotely obtain useful information from client computers running most versions of Windows. You can also use the Windows Management Instrumentation Console (WMIC), a relatively easy-to-use command-line interface for WMI, from within Windows XP or Windows Small Business Server 2003. (Type wmic /? at a command prompt for more information.)

Removing Computers from the Network

To permanently remove a computer from the network, delete the associated computer account by completing the following steps:

1. In the Server Management console, click Client Computers or Server Computers.

2. Select the computer you want to remove and then click Remove Computer From Network. Click Yes when prompted. This deletes the computer account in Active Directory.

3. On the client, open System in Control Panel.

4. On Windows XP and Windows Server 2003 clients, click the Computer Name tab and then click Change. On Windows 2000 clients, click the Network Identification tab and then click Properties.

5. Select Workgroup (Figure 12-24), type a suitable workgroup name (WORKGROUP is always popular), and then click OK. Reboot the computer when prompted.

Deleting the computer account prevents the computer from connecting to the domain. To reinstate the computer on the network, create a new computer account (see the “Connecting Computers to the Network” section of this chapter), and then use the Small Business Server Network Configuration Wizard on the client computer.

Figure 12-24: The Computer Name Changes dialog box.

Removing Windows 98 and Windows Me Clients from the Network

To remove a Windows 98 or Windows Me computer from the network, open Control Panel on the client, double-click Network, select Client For Microsoft Networks and then click Properties. Clear the Log On To Windows NT Domain check box, and then click OK. Windows 98 or Windows Me doesn’t use computer accounts, so there’s no need to delete one.

To reinstate a Windows 98 or Windows Me computer, simply reselect the Log On To Windows NT Domain check box in the Client For Microsoft Network Properties dialog box.

Removing Windows NT 4.0 Clients from the Network

To remove a Windows NT 4.0 computer from the network, delete its computer account as described previously, open Control Panel on the client, double-click Network, click Change on the Identification tab, select Workgroup, type a workgroup name, and then click OK. Reboot the computer when prompted.

To reinstate a Windows NT 4.0 computer, double-click Network in Control Panel, click Change on the Identification tab, select Domain, select the Create A Computer Account In The Domain check box, type your user name and password, and then click OK. Click OK to close the Network dialog box and then restart the computer when prompted.