« AVG Internet Security 7.5, the all-inclusive security suite
Slipstream Drivers and Windows Updates into XP CD »

SBS 2003 R2 Premium Installation

Ok, I’m tired of checking 50 different bookmarks for things so I’m going to put it all here in one place.

This article assumes the following:

  1. SBS 2003 R2 Premium
  2. System Drive (where windows sits) is C:\
  3. You are not using the POP connector and exchange receives your email directly
  4. You have an SSL cert from a major vendor.
  5. You have 2 NICs
  6. You have a static IP
  7. You have no firewall/NAT in front of the SBS.
  1. Install SBS 2003 R2
  2. Install all drivers
  3. Plug in one NIC to your internet source
  4. Plug one NIC into a HUB/Switch with nothing else attached. This is your LAN NIC.  THe empty hubs tricks the installer and says this is an enabled NIC.
  5. Run the CEICW
  6. Go to Windows Update and do Microsoft Update (all updates and patches)
  7. Run The configure remote access wizard choosing defaults
  8. Run the configure monitoring wizard
  9. Run the configure backup wizard (set to hold emails for 180 days)
  10. Add users and computers
  11. configure My Docs redirection
  12. Install ISA2004.  (remember to turn off Hyper Threading ISA cant have more than 2 processors)
  13. Add ISA firewall client to Client Applications
  14. Upgrade MSDE Sharepoint instance to SQL2005
  15. Configure Full text search for sharepoint
  16. Enable Outbound VPN in ISA.
  1. http://support.microsoft.com/?id=838245
  2. http://thelazyadmin.com/index.php?/archives/342-Using-ISA-2004-as-a-PPTP-VPN-Server-Pt.2-Access-Rules.html
  • Enable Outbound FTP
    1. right-click the outbound isa firewall rule and select configure FTP.
    2. Uncheck the tick box so it is not read-only.
    3. By default ISA sets ftp to download only, not upload.
    4. PS, this setting is set for that rule only. If you have more than one ftp rule, each can be set independently.
    5. By default the FTP outbound rule is present but disabled. Enabling this rule will give all of your users the ability to send files out using FTP. If you don’t want everyone to have FTP out permissions, then open the properties for that rule, go to the users tab, remove the all users group and add your individual or group that you want. However, this rule only applies for web proxy clients, not for firewall clients.

      If you would like to offer Firewall Clients the same features then you’ll need to edit the SBS Internet Users rule and uncheck the Read Only box under FTP Filtering.
    6. The rules to look for (these are from my ISA 2004 firewall):

      SBS Internet Access Rule (Internal to External)

      SBS Protected Network Access (Internal to Internal)

      Allow traffic from Internal Network to Local Host (Internal to Internal)

      SBS FTP Server Access (Local Host to External)

      SBS FTP Server Access (External to Local Host)
  • Setup Exchange Spam Companyweb site
    1. http://hellomate.typepad.com/exchange/2004/06/imf_archive_man.html
    2. http://www.experts-exchange.com/Operating_Systems/SBS_Small_Business_Server/Q_22077436.html
  • Setup Exchange Internet Mail Filter
    1. Server Management - Advanced Management - First Organization Exchange - Global Settings - Message Delivery Properties. Internet Mail Filter  Set the archive and junk folder settings.  (recommend 6 and Up archive.  3 and up Junk Mail
    2.  Server Management - Advanced Management - First Organization Exchange - Server - SERVERNAME - Protocol - SMTP - Default SMTP Virtual Server - Properties. Advanced - Edit - Check Internet Mail Filter
  • Install AVG on Server
    1. Custom Setup
    2. Add Remote Control Communication Library
    3. AVG server is http://SERVERNAME:4156?dbq
    4. Choose Personal Email Scanner
    5. Disable Anti - Spam
  • Install AVG admin
    1. Settings - Shared Settings for Users
    1. Scheduled Tasks - Uncheck both tasks
  • Settings - Shared Settings for Stations
    1. Set default Key, Company, Owner
    2. Tests - Create a new Full Scan
    3. Scheduled Tasks - Schedule an Optional Update
    4. Scheduled Tasks - Schedule a weekly scan
  • Configure Anti Virus Exceptions
    1. C:\$VAULT$.AVG\
    2. C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\
    3. C:\Program Files\Exchsrvr\JTLSERVER1.log\
    4. C:\Program Files\Exchsrvr\Mailroot\
    5. C:\Program Files\Exchsrvr\MDBDATA\
    6. C:\Program Files\Exchsrvr\mtadata\
    7. C:\Program Files\Exchsrvr\srsdata\
    8. C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Data\
    9. C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Data\
    10. C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Data\
    11. C:\WINDOWS\NTDS\
    12. C:\WINDOWS\ntfrs\
    13. C:\WINDOWS\system32\dhcp\
    14. C:\WINDOWS\system32\dns\
    15. C:\WINDOWS\system32\inetsrv\
    16. C:\WINDOWS\SYSVOL\
    1. http://support.microsoft.com/default.aspx?scid=KB;EN-US;823166
    2. http://support.microsoft.com/default.aspx?scid=KB;EN-US;822158
  • Add PDF search to Sharepoint
    1. http://msmvps.com/blogs/cgross/archive/2004/10/26/16679.aspx
    2. http://www.adobe.com/support/downloads/detail.jsp?ftpID=2611
    3. http://support.microsoft.com/default.aspx?scid=kb;EN-US;832809
  • Install Godaddy SSL Certificate
    1. Right click default website
    2. Properties
    3. ServerCertificate
    4. Remove Certificate
    5. Server Certificate
    6. Generate a Cert Request
    7. Enter Cert request into godaddy text box
    8. run ceicw and use godaddy cert
  • Set or Unset Harddisk Quotas
  • Set or unset Exchange Mailbox Limits
    1. Right click Mailbox Store, properties, limits

    This entry was posted on Thursday, January 4th, 2007 at 4:39 pm and is filed under Tech Stuff. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    Leave a Reply

    You must be logged in to post a comment.