Archive for the ‘SBS 2008’ Category

Quickie: changing message size limits on SBS std 2008 and 2011

Many clients today want to be able to send and/or receive messages with large attachments. By default SBS has built-in limits of 10 MB for both. To keep this simple and short I will not go into into practical limits or all the detailed options available. I do however recommend reading the link below, from which the information was gathered to get a better understanding of all limits and parameters:

http://blogs.technet.com/b/sbs/archive/2008/10/28/how-do-i-change-message-size-limits-in-exchange-2007.aspx

Note: This assumes a default SBS 2008/2010 environment, not an Exchange standalone (non-SBS) configuration and you have not edited the default send/receive connectors. If in doubt you can verify the connector names with the commands at the end of the article .

To raise the current default limit from 10 MB to 25 MB (as an example) cut and past the following 3 lines, one by one, into the EMS (Exchange Management Shell) located under All Programs / Microsoft Exchange Server 20xx. You need to substitute your SBS server name for ServerName.

  • Set-TransportConfig –MaxSendSize 25MB –MaxReceiveSize 25MB
  • Set-ReceiveConnector “Windows SBS Internet Receive ServerName” –MaxMessageSize 25MB
  • Set-SendConnector “Windows SBS Internet Send ServerName” –MaxMessageSize 25MB

Should you wish to review the current settings or connector names you can use the following commands.

  • Get-TransportConfig | ft name, MaxSendSize, MaxReceiveSize
  • Get-ReceiveConnector | ft name, MaxMessageSize
  • Get-SendConnector | ft name, MaxMessageSize
  • Get-mailbox | ft name, MaxSendSize, MaxReceiveSize

Sage Simply Accounting (Sage 50) Firewall Rules

When installing Simply accounting (in this case specifically Simply 2011) it requires opening firewall ports on the server to allow clients to use the Connection Manager to access data . Simply provides the following information in its help files:

image

However for most installations you only require 4 rules. You can use the server’s “Windows Firewall with Advanced Security” console to manually create a each rule one by one by generating new rules, browsing to the related service (.exe), and set to “allow”, or you can use a command line and netsh to create the rules. Again a little tedious entering each lengthy command one at a time.

The easiest method is to use a simple batch file with the four commands included in the script below. To make the batch file a little more informative I have added a few lines with description, the ability to opt out, and to be able to verify each command completed successfully. However using just the 4 netsh lines is all you require. The netsh commands included are tailored to only allow access from the local subnet for added security.

Simply copy the lines below to notepad and save as a batch file using a name like AddRules.bat  There are a few related notes:

  • When saving use quotes around the name such as “AddRules.bat” in the Notepad ‘save as’ box, to ensure the .txt suffix will not be added to the name
  • Each netsh commands is one single line. It is wraps in the blog article.
  • When ready to run the batch file right click on it and choose “run as administrator (i.e. elevated privileges)

————————————————————————–

Echo Off
CLS
Echo  Batch file to configure Windows Firewall
Echo    for Sage Simply Accounting 2011 using
Echo      Windows Firewall with Advanced Security
Echo        [Access will be limited to local subnet]
Echo.
Echo click Ctrl+C to escape
Pause
Echo on

netsh advfirewall firewall add rule name=”Simply Connection Manager” dir=in program=”C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe” remoteip=localsubnet action=allow

netsh advfirewall firewall add rule name=”Simply Tray Icon” dir=in program=”C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe” remoteip=localsubnet action=allow

netsh advfirewall firewall add rule name=”Simply MySQL” dir=in program=”C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe” remoteip=localsubnet action=allow

netsh advfirewall firewall add rule name=”Simply MySQL Admin” dir=in program=”C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqladmin.exe” remoteip=localsubnet action=allow

Echo off
Echo  “ok” should have been displayed after each rule was applied
Echo     Refresh Windows Firewall with Advanced Security to view added rules
Pause
Exit

Update/Note:  I have noticed when cutting and pasting from this article the quotation marks become unrecognized characters on most systems.  Simply paste the abov text in notepad and use Find & Replace to replace all with standard keyboard quotation characters.

Reset Domain Administrator Password

“Help! I cannot log onto my server, how do reset the domain admin’s password?”  This has been asked a thousand times. Rather than continually advising folk or posting elsewhere I thought it best to blog a few methods and in future provide a link to this site, feel free to do so yourself as well. Hopefully the following information will be used in a responsible manor. Keep in mind none of the following is my original material though have tried to give credit when possible. Use at your own risk, there are no guarantees or warrantees associated with any of the material below, and make sure you back up anything you can still access through shares and such before attempting. I have tried other methods not listed below that have corrupted Active Directory and resulted in server rebuilds or restores, so a backup is critical.

If it is a Domain Controller most of the free or inexpensive password tools will not work. You can buy enterprise software that will do the job, the most common being:
http://www.lostpassword.com/windows-enterprise.htm

Alternatively, the following is free, works well, but it involves many steps. Basically you reset the ASR password and then create a service that will automatically run when the server restarts to reset the password. To fully understand all the details, make sure you review all of the links within the article.  http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2008_ad.htm

There is a newer method that is easier with Server 2008 / Server 2008 R2 / SBS 2008 / SBS 2011  (I have not tested on server 2003, though the necessary files do exist). The original site outlining this seems to be off-line so I have posted the contents of the original site below. However, in an attempt to give credit to the author the original site link was: http://fracktured.com/2010/09/03/how-to-reset-lost-sbs-2008-domain-admin-password/  There is also a video outlining the same process that has since been posted at: http://www.youtube.com/watch?v=Ar-VoO9ogHc&feature=player_embedded#

The steps are as follows:

· Restart the server and boot to the DVD

· After selecting the appropriate installation language, select Repair Your Computer

· Start command prompt, and change the command line path to C:\ by entering c:\

· Enter cd c:\windows\system32

· Enter ren utilman.exe *.bak

· Enter copy cmd.exe utilman.exe

· Restart the server. this time do not boot to the DVD, just boot normally

· At the login screen, press the Windows+U keys on your keyboard. this will bring up the command prompt

· Enter net user [server admin username] [new password]

· On a regular Server 2008 install, [server admin username] will probably be administrator, but it could be any domain username with domain admin rights. [new password] will be the new password you want to set. If password complexity is enabled (which is the default on Server 2008) you will need have some UPPER case letters and/or numbers and/or symbols in the password.

· On SBS 2008, the administrator account is disabled by default. Even if you reset the administrator password, you still won’t be able to login because the account will still be disabled. Instead of administrator, you would use the server admin user name that was used when the server was first setup. If you don’t know the user name, you can enter net user to get a list of all domain user accounts. It won’t show you what users have what privileges, but it could help jog your memory.

· Now go back to the login screen and log in with the user name and new password you just set. for user name, be sure to use the domain\username format

· Once you have verified that you can log in with the new password, repeat steps 1-4

· Enter ren utilman.bak *.exe

· Restart the server and boot normally

 

SBS and ProfWiz

Using the wizards has always been compulsory with SBS, in particular the wizard to connect a computer to the SBS domain;  SBS 2003 http://SBSname/connectcomputer and SBS 2008 & 2011  http://connect  The SBS 2003 wizard performed a multitude of operations to join the domain, and configure the computer and user environment. If interested in more detail see Susan Bradley’s blog:  http://msmvps.com/blogs/bradley/archive/2005/01/23/33632.aspx

However with SBS 2008 and now SBS 2011, most of this is performed by Group Policy instead of the
connectcomputer process itself. Currently the primary advantage of using the wizard is its ability to import the current user’s local profile. Though I still strongly recommend using the wizard, it will only import a local workgroup profile so you may wish to look at other options if the machine was previously a member of any domain, or if the SBS wizard for some reason does not recognize the local profile.  You could manually join the domain and then file by file copy user items such as My Documents, Desktop, Favorites, etc. but a more complete and much faster solution is to use a very simple free tool called ProfWiz (User Profile Wizard), from
ForensiT, which will also retain all user configurations.  http://www.forensit.com/downloads.html

To use Profwiz; download, unzip, and start the application. The wizard can be used to migrate a
remote machine but for simplicity assume we are logged on to the machine to be joined to the domain. Select local computer and move to the next window.

Enter the NetBIOS name of the SBS domain, check Join domain, and enter the DOMAIN user account that will be used after joining the domain.

In the final configuration window highlight the current local profile to be migrated. There are other options to disable or delete the local account after completion. If you leave these unchecked the user could still use their old local logon, but it will create a new local profile when they do. Best practice would be to choose to at least disable the local account.

Clicking next will start the migration and joining the domain.

You will be prompted for domain admin credentials to allow joining the domain.

….and then the wizard completes.

Click Finish and upon reboot the computer will be joined to the domain, the user can log in with domain credentials, and they will still have their same user profile.

Tag Cloud