Archives

Site Status

This site is no longer actively maintained. Blog posts (2008-2017) are for historical search purposes. Thanks!

Archive for Essentials – Page 3

Creating the SBS MyBusiness OU

by KW · Comments (0)
Oct 30 2013

The SBS products (SBS 2003/2008/2011) all included a pre-installed set of Group Policy OU’s called MyBusiness. Organizational Units (OU’s) are used to organize users and computers (workstations and servers) in order to manage and apply specific rules and policies.

However, the Essentials products (SBS 2011 Essentials, Windows 2012 Essentials) do not include the MyBusiness OU. So, if you wish to keep consistency between the SBS and Essentials platforms, you will need to create this on your own. One reason for doing this would be to implement the Group Policies related to blocking the CryptoLocker ransomware.

Fortunately, Microsoft did identify the basic steps for creating the MyBusiness OU in KB 2578426 and scroll down to Issue 3 / Rule 3 in the KB article for the required steps.

To (re)create the MyBusiness OU manually. To do this, follow these steps:

  1. Open Active Directory Users and Computers.
  2. Right-click the domain name object. In the shortcut menu, point to New…, and then click Organizational Unit. Type MyBusiness to name the new object.
    Note Type MyBusiness as one word.
  3. In the MyBusiness OU that you created in step 2, create the following OUs:
    • Computers
    • Distribution Groups
    • Security Groups
    • Users
  4. In the Computers OU that you created in step 3, create the following OUs:
    • SBSComputers
    • SBSServers
  5. In the Users OU that you created in step 3, create the following OU:
    • SBSUsers

After you have finished these steps, your Group policy structure should look like this:

2620671

Comments (0)
Categories : Essentials, Group Policy, SBS, Windows
Tags : ,

Block Executables from AppData folder

by KW · Comments (0)
Oct 22 2013

The SMB Kitchen team from Third Tier has made available (for free) a CryptoLocker Prevention Kit that includes a 20 page document that includes step by step instructions on how to lock down your servers and workstation using Group Policy settings to minimize future attacks.

The purpose of this post is to summarize those steps down to a single page. These steps are specific to SBS 2008/2011, but should be applicable to Windows 2008/2012 servers.

GOAL: create Software Restriction Policies within Group Policies to block executables (.exe) from running when they are located in the AppData folder or subfolders therein.

CREATE POLICIES FOR XP

  1. Open up Group Policy and drill down to Domain –> Computers –> SBSComputers
  2. Right click on SBSComputers and select ‘Create a GPO in this domain and link…
  3. Title this policy Prevent CryptoLocker XP and click OK
  4. Right click on this policy and select Edit
  5. Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  6. Right click on Software Restriction Policies and click on ‘New Software Restriction Policies
  7. Right click on Additional Rules and click on ‘New Path rule’ and then enter the following information and then click OK
    Path = %AppData%\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData
  8. Repeat Step 7 for AppData subfolders
    Path = %AppData%\*\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData subfolders
  9. Close this policy configuration window
  10. From the Prevent CryptoLocker XP policy locate WMI filtering near the bottom of the middle frame and select ‘Windows SBS Client – Windows XP

CREATE POLICIES FOR VISTA / WIN7 / WIN8

  1. Open up Group Policy and drill down to Domain –> Computers –> SBSComputers
  2. Right click on SBSComputers and select ‘Create a GPO in this domain and link…
  3. Title this policy Prevent CryptoLocker Vista and higher and click OK
  4. Right click on this policy and select Edit
  5. Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  6. Right click on Software Restriction Policies and click on ‘New Software Restriction Policies
  7. Right click on Additional Rules and click on ‘New Path rule’ and then enter the following information and then click OK
    Path = %localAppData%\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData
  8. Repeat Step 7 for AppData subfolders
    Path = %localAppData%\*\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData subfolders
  9. Close this policy configuration window
  10. From the Prevent CryptoLocker Vista and higher policy locate WMI filtering near the bottom of the middle frame and select ‘Windows SBS Client – Windows Vista
Comments (0)
Categories : Essentials, News, SBS, Security, Servers, SMB, Tools, Windows
Tags : ,

Installing Network Printer to Windows Server 2012 Essentials

by KW · Comments (0)
Jun 27 2013

These are my abbreviated notes on setting up a network printer on W2012E, with both 32-bit and 64-bit drivers installed. My thanks to a fellow MVP’er, Robert Pearman, who did the real work and has it fully documented on his site (click here).

All steps take place on the Windows Server 2012 Essentials console. In my case, W2012E is running in a guest VM on a Windows Server 2012 Standard Hyper-V parent. I will be installing drivers for an HP LaserJet 4100 printer.

Section 1 – Prerequisites

  1. Go to your vendor’s web site and download the appropriate x86 and x64 print drivers. For my needs, I downloaded the drivers for Windows 7 (32bit) and Windows 2012 (64 bit).
  2. Next, extract the driver files to subfolders. In my case, the HP files I downloaded are self-extracting files. But be sure you uncheck the option to run the install immediately after extracting the files.
  3. Finally, before proceeding, make sure you know the IP address of your network printer.

Section 2 – Add the Network Printer

  1. Go to Control Panel –> View Devices and Printers (under Hardware)
  2. Click on Add a Printer. It will scan for new printers, and we should expect that it will not find any. 
  3. Click on The printer that I want isn’t listed link.
  4. On the next screen, click on the Add a local or network printer as an administrator link.
  5. The scan will run again, and (again) we will click on The printer that I want isn’t listed link.
  6. Select the Add a printer using a TCP/IP address or hostname option, then click Next.    
  7. On the next screen, enter the printer’s IP address in the Hostname or IP address field, and click Next.
    image
  8. Wait while Windows looks for the printer. If the printer has a built in network adapter, you should see an appropriate Printer Class Driver selected.
  9. However, in my case, the Laserjet 4100 is connected to the network via a D-Link print server adapter. Windows lists it as a generic network port and ask that I confirm that I had entered the correct IP address. Let’s click Next and it will rescan that IP address again.
  10. This time it will ask me to identify the type of printer. I scroll through and locate the HP Laserjet 4100 Class Driver
  11. Be sure to select Do not share this printer for now and click Next. We can share the printer later on.
  12. Press Finish.

Section 3 – Install the required Print Drivers

  1. Open up the Devices and Printers window, select your printer, and then click on Print server properties
  2. Click on the Drivers tab, and then click on Change Driver Settings. The window will refresh.
    == Install the x64 (64 bit) print driver ==
  3. Select the Printer we are installing, and then click Add.
  4. This will start the Add Printer Driver Wizard. Click Next.
  5. Select the x64 box (leaving the x86 box unchecked) and click Next
  6. Click Have Disk… and then click Browse… and locate the x64 print driver folder. For this HP printer, there was a list of .inf files available I followed Robert’s suggestion, and selected the first one in the list (immediately below the Drivers folder)
  7. I then select the HP Universal Printing PCL 6 driver, click Next and then Finish.
  8. But wait, we still have to install the 32 bit driver in a similar fashion!
    === Install the x85 (32-bit) print driver ===
  9. So repeat steps 3-7, but check the x86 box and install the x86 driver.

Section 4 – Change the Selected Print Drivers

  1. Return back to the Devices and Printers window
  2. Double click on your printer, and then double click on Customize your printer
  3. Click on the Advanced tab, and change the print driver to the one we just installed.
  4. If you wish, you can also click on the Sharing tab, and make the printer available.
Comments (0)
Categories : Essentials, SBS, Servers
Tags :

SBS and Essentials Build Docs

by KW · Comments (0)
May 24 2013

For several years the SBS MVP’s have been maintaining several Wiki-type “build” documents for the SBS and Essential server platforms, including SBS 2008, SBS 2011 Standard/Essentials, Windows 2012 Essentials and Storage Server 2008 R2 Essentials!

image

These documents contain a wealth of real-world and time-tested hints and recommendations, collected from MVPs around the world. They contain information you need to know before, during, and after installing SBS or Essentials.

This link below will take you to the main page with links to each individual build document.

http://social.technet.microsoft.com/wiki/contents/articles/1710.small-business-server-documentation.aspx

Enjoy!

Comments (0)
Categories : Essentials, SBS, Servers, Tools
Tags :

WSUS now available for Windows Server 2012 Essentials!

by KW · Comments (0)
Apr 06 2013

Finally! One of the major features, in the eyes of many I.T. professionals and consultants, missing from the Windows Server 2012 Essentials product was the ability to fully manage, approve/reject, and deploy Microsoft updates to the attached workstations in the network.

This feature, Windows Server Update Services (WSUS), was a built-in server role in all of the Small Business Server (SBS) product line, as well as Windows Server 2012 Standard and Datacenter, with enhanced features.

Microsoft has now released the enhanced version of WSUS for Windows Server 2012 Essentials! It is packaged as a Microsoft hotfix.

Here are the links you need:

  1. Coffee Coaching – HP & Microsoft blog announcement
  2. WSUS features and requirements (KB 2762663)
  3. WSUS 2012 Evaluation Guide
  4. Download the Microsoft WSUS hotfix here
    Instructions:

      • Accept terms and conditions
      • Click to select the desired hotfix
        image
      • Enter your email address and security code
      • A link to the hotfix will be mailed to you
        image
      • Click on the provided link in the email, and you will be asked to run or save the download.
        image

Comments (0)
Categories : Essentials, News, Servers, WSUS
Tags : ,

Case Study–Windows Server 2012 Essentials

by KW · Comments (0)
Apr 05 2013

My good friend and MVP buddy, Wayne Small of Australia, was the focus of a recent Microsoft case study on the features and benefits of implementing a mixed cloud/on-premise solution to customers.

The article details Wayne’s approach, using Windows Server 2012 Essentials (the follow-on product to the highly successful Small Business Server) and Office 365.

He explains how this winning combination helps to address the needs of many of his customers, and discusses the benefits of deploying Windows Server 2012 Essentials.

image

Congratulations, Wayne!

Comments (0)
Categories : Essentials, News, SBS, Servers, Windows
Tags :

First book on Windows Server 2012 Essentials released

by KW · Comments (0)
Jan 17 2013

My good friend and fellow SBS MVP’er, Boon Tee, has released the first book published on Microsoft Windows Server 2012 Essentials. This Administrator’s Guide is available as an e-book only.

You can read more about the book and order it online here: http://adminguide.ws2012e.us

You can also download a sample of his book here: http://www.powerbiz.net.au/files/BookSample.pdf

Cover

Comments (0)
Categories : Essentials, News, SBS, Servers
Tags :

Avoid sfc /scannow on Windows 8/2012

by KW · Comments (0)
Jan 06 2013

Symptom: your Windows 8/Windows 2012 system locks and crashes after installing some updates

We are still collecting information and data on this issue, but here’s a word of advice:

  • Wrong solution: you should NOT use the sfc /scannow command
  • Correct solution: you should try to redo the tokens.dat file per KB 2736303.
Comments (0)
Categories : Essentials, SBS, Windows
Tags :
« Previous Page

Categories