Damian Leibaschoff

Support Escalation Engineer


Ron Martinsen

Senior Development Lead


SBS 2008 Administration Philosophy

User Management

Group Management


Goal: Simplify management of an SBS network

Make it a repeatable deployment and management experience for you the partner

Empower the occasional small business IT person to do simple tasks


One stop shop

Admin console

Amalgamate and organize most common/important tasks into an SBS management console

Windows SBS console

Complex tasks made easy

Amalgamate disparate native application tasks into easy to use SBS tasks

Organize tasks and resource information in a logical way

Do not organize tasks and resource information on the underlying technologies

Admin from anywhere

Except from “dumb Internet terminal”

Who can access the console?

SBS administrator (domain administrator)

Where can we access the server/console from?


Log on to the server


Desktop link (TS/Remote Desktop)

Vista – Admin gadget

Remote Web Workplace – link


Remote Web Workplace – link

Goal: Simplify and unify management of SBS users


One stop shop

Admin console/users, user roles sub-tabs

Amalgamate and organize most common/important user management related tasks into one area

Complex user mgmt tasks made easy

Amalgamate disparate native application tasks into single easy to use SBS user mgmt tasks

E.g., Add User wizard, edit user properties

E.g., Add Multiple Users wizards

Users Sub Tab

Creation, modification and removal of user accounts

Management of user related features

E.g., Password policies

User Roles (templates) sub-tab

Management of user templates, which can then be applied to user creation and management

Goal: Simplify and unify management of SBS groups


One Stop shop  Administrator console/groups sub-tabs

Amalgamate and organize most common/important group management related tasks into one area

One task to create a group based on users scenario needs

E-mail distribution list/group

Security group

Mail enabled security group

Partner Profile

Interprom Inc.

Barrie Ontario

3 Employees

25 contracted customers in the SMB space

Our Focus: Outsourced IT and Managed Services

Microsoft Gold

Certified Partner

TAP Customer Profile

Blevins Insurance Group

20 Employees

Insurance and Group


Key Pain Points: Remote access, mandated security

Enhancements to remote access features have enabled employees to have a seamless experience outside the office from their local desktops and windows mobile devices

SBS 2003 provided great tools, but not the easiest interface for remote users

SBS 2008 provides a seamless environment

TS Gateway, published applications, TS Web

Securely exposed Sharepoint 3.0

Outlook Anywhere !

We all remember that Remote Web Workplace was the big selling feature in SBS. Who knew it would come around again bigger and better!

SBS 2008 provide partners the ability to push out applications – third party, and those developed on SharePoint

Start learning SharePoint 3.0

Learn everything you can about Windows 2008 TS

Start talking to your customers about Anywhere access

Get familiar with trusted certificates!!

Single Executable


Limited dependency on IIS

Task oriented

Each TAB does pre-requirement checks


System Health: Are WSUS and IIS running?

Users and Groups: Is AD running?

Advanced mode (Command line /a)

ISV Extensibility

System Health tab

Only SBS “Stamped” objects will show up

Mostly a migration type scenario

Stamp users using the Change User Role wizard

Be aware of replacing permissions/settings

Make sure you display all users from AD

For groups we will provide manual documentation



Add a new User Account

Add multiple user accounts

Change user role

Change password policies

Default: Expire 180 days

Strong password enforced

Redirect user account’s folders to the server

Manage Desktop Links (Vista Gadget)


Users (contextual)

Edit user account properties


Remote Access rights

E-mail quota

Computer Access rights

Shared Folder quota


Website Access rights

Remove user account

Reset user account password

Change group membership

Disable user account

Create a new role based on this user’s settings

Print getting started page for this user



Add a new group

Groups (contextual)

Edit group properties

Mail enable group

Allow Internet e-mail to the group

Allow archiving for the group

Change group memberships

Remove group

Under the Network tab

Only machines under

Default containers for new machines in AD



Computers in OUs under them are also displayed

Status is a combination of

ARP and ICMP Responses (ping)

SMB Access (tcp/445 or tcp/139)

Use: “Net view \\machine ” to confirm


Stale DNS record pointing to a valid IP for another machine

Client/server time offset

Firewall at the client

File and Print Sharing not enabled on the client

Security is a combination of WMI checks

Query the Security Center for

AV enabled

Firewall enabled

Anti-spyware enabled (Vista only)

Similar problems to the status check plus potential WMI issues

Update Status is provided by WSUS

Backup and other alerts through our monitoring service


Connect computers to your network

How to guide using online website

Use portable media

Enable Power Management in Windows Vista

By default Power Management is disabled on domain joined

Vista machines when plugged into AC power

Tasks (contextual)

View server/computer properties

General information (as reported by WMI)

Update information (as reported by WSUS)

User access


Remote Web Workplace

Workstation access level

Under Help, Edit Company Information

The information contained in this presentation relates to pre-release software product, which may be substantially modified before its first commercial release.

Accordingly, the information may not accurately describe or reflect the software product when first commercially released. This presentation is provided for informational purposes only, and Microsoft makes no warranties, express or implied, with respect to this presentation or the information contained in it.

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.