2. Small Business Server 2003 Dean Calvert – SBS MVP Principal Consultant & Managing Director Calvert Technologies, Adelaide A great platform for mobility

3. Defining Mobility Mobility can mean different things to different people LAN access around the office Email access beyond the office Remote access to company data Remote access to company applications What do you need to gain access to, and how?

4. Mobility Support and SBS Remote Web Workplace Companyweb Outlook Web Access Application sharing server Remote desktop Download VPN connectoid for Windows PCs SBS remote connectivity requires only 4 ports HTTPS (TCP 443) RPD proxy (TCP 4125) Companyweb (TCP 444) PPTP (TCP 1723, GRE) Hint: Run the CEICW!!

5. Outlook Web Access https://server.fqdn/exchange Outlook Mobile Access https://server.fqdn/oma Support for Direct Push with Exchange 2003 SP2

6. Mobile Devices Requires only HTTPS (TCP 443) for OMA Windows Mobile 5 devices require some “tricks” to get self signed certificate onto the device Edit registry of device HKLM\Security\Policies\Policies\00001017 = 144 Regedit tools: Regedit.NET 1.0 from www.pocketgear.com (http://www.pocketgear.com/software_detail.asp?id=17108) www.pocketgear.com Hint: download the 7 day trial & you don’t really need to provide your email address to download it. Make sure you have.NET installed on your PC first. Can uninstall Regedit tool after the certificates have been installed

7. Mobile Devices Certificates viewable under Start/Settings/System/Certificates/Root Export certificates from server or PC local store & copy to device. Doubleclick to install and verify certificates are installed from the above location Hint: use ActiveSync 4.2 (download from MS). *** Avoid ActiveSync 4.0 *** http://www.microsoft.com/downloads/details.aspx?FamilyID=7 269173a-28bf-4cac-a682-58d3233efb4c&DisplayLang=en Test certificate by visiting OWA site of server https://server.fqdn/exchange

8. Mobile Devices Configure device via ActiveSync to sync with Exchange Server for: Email Watch the size downloaded to minimise GPRS costs Set to download attachments to storage card CalendarContactsTasks

9. ActiveSync Hints Hint: make sure you have the correct Connection Settings specified in ActiveSync on your computer when in the office or remote Hint: if your server has private IP on external interface you need to create a DNS zone for your external domain name and enter a host record for the server’s FQDN with the external private IP

10. ActiveSync Troubleshooting Upgrade to ActiveSync 4.2 Refer to www.microsoft.com/windowsmobile/help/activesy nc/default.aspx www.microsoft.com/windowsmobile/help/activesy nc/default.aspx www.microsoft.com/windowsmobile/help/activesy nc/default.aspx Corporate environment help: www.microsoft.com/windowsmobile/help/activesy nc/troubleshoot.aspx www.microsoft.com/windowsmobile/help/activesy nc/troubleshoot.aspx www.microsoft.com/windowsmobile/help/activesy nc/troubleshoot.aspx

11. Configuring Exchange Server Pre-requisite – SP2 must be installed for Direct Push

12. Other Mobile Tricks Remote desktop connection Use VPN connection into your network then terminal service client to connect to server OR if you have TCP port 3389 open on your firewall you can connect straight in Hint: DON’T DO THIS!!!!! Security settings Refer to Exchange security policy previously shown Beware the data stored on memory cards of devices in case they get lost or stolen Hint: crystal based screen protectors are a fantastic low cost purchase for your precious PDA

13. Beyond The Desk Mobility is not just mobile devices outside the LAN What about wireless? Can it be secure? ABSOLUTELY Refer to h h h h h tttt tttt pppp :::: //// //// hhhh oooo mmmm eeee.... cccc oooo mmmm cccc aaaa ssss tttt.... nnnn eeee tttt //// ~~~~ cccc llll eeee aaaa rrrr vvvv iiii eeee wwww tttt cccc //// for Owen Williams jnr’s article on “Configuring Secure Wireless Network Access with Microsoft Windows Small Business Server 2003” Digital certificate based authentication & encryption keys that are dynamically generated for each wirelessly connecting computer (aka 802.1x with EAP-TLS & WPA)!!

14. Real Outlook Remotely Real Outlook Remotely Combine SBS 2003 with Windows XP SP2 and Outlook 2003 to get RPC/HTTPS Computer does not need to be a member of the domain Works with XP Home too so ideal for those users with home computers connecting to the corporate LAN and you don’t want them to VPN in How do you do this?

15. Outlook Over The Internet Install external certificate onto PC Visit https://server.fqdn/exchange https://server.fqdn/exchange View the certificate Install the certificate Configure Outlook 2003 When connecting you are prompted to authenticate Provide domain\username and password Voila!

16. More Mobility Access companyweb without a VPN Specify to make this available when running the CEICW and ensure any external firewall/router you are using allows TCP port 444 through to the server Users will be prompted to authenticate when accessing the URL – https://server.fqdn:444/ https://server.fqdn:444/ Some web parts may not display but you can access stored documents

17. Where To Next? Continually developing space Managed servers/software as a service is gathering steam Means mobility will be part of the norm Means security becomes even more important Pass phrases NOT pass words 2-factor authentication Regular security audits and tests

18. Offline Files (Client Side Caching) When it works it’s great, when it doesn’t it’s very painful Synchronise changes over VPN Not all file types supported – MDB, PST… Configurable on the client or through group policy CSC is stored in %systemroot%\CSC which is hidden by default

19. Troubleshooting CSC “Unable to merge offline changes on \\server\share_name. The parameter is incorrect” \\server\share_name Reinitialise the CSC Open Folder Options, select Offline Files tab Hold Ctrl-Shift and click “Delete Files” button Answer Yes twice to restart

20. Troubleshooting CSC Option 2 HKLM\Software\Microsoft\Windows\CurrentVersion\Ne tCache Key: FormatDatabase Type: DWORD Value: 1 (it’s actually ignored) Restart server DELETE THIS REGISTRY KEY AFTER RESTARTING!!!

21. Resources Microsoft Windows Small Business Server 2003 Home http://www.microsoft.com/windowsserver2003/sbs/default.mspx Microsoft Windows Mobile Solutions, Applications and Handheld Devices http://www.microsoft.com/windowsmobile/default.mspx ActiveSync Help & How Tos http://www.microsoft.com/windowsmobile/help/activesync/default.mspx Small Business Server 2003 Best Practices book http://www.smbnation.com/products.htm Advanced Windows Small Business Server 2003 Best Practices http://www.smbnation.com/products.htm Susan Bradley’s Blog http://msmvps.com/blogs/bradley/archive/category/1578.aspx Chris Rue’s Remote Device Wipe Page http://www.chrisrue.com/funcave/2006/08/solving-a-problem-with-remote-device-wipe.html

22. Resources List Servers SBS2K: http://groups.yahoo.com/group/sbs2k/http://groups.yahoo.com/group/sbs2k/ SmallbizIT: http://groups.yahoo.com/group/smallbizIT/http://groups.yahoo.com/group/smallbizIT/ Newsgroups: Public: - Server: news.microsoft.com Newsgroup: microsoft.public.windows.server.sbs Partner: - Server: privatenews.microsoft.com Newsgroup: microsoft.private.directaccess.smallbizserver2003 Usergroups: http://www.sbsusers.org/ http://www.sbsusers.org/ http://groups.yahoo.com/group/melb-SBSusers/ http://www.sbsfaq.com/default.aspx http://www.smallbusinessserver.com.au/ http://www.sbsusers.net/

23. © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.