SBS 2011 Standard – Disable TLS 1.0

December 14, 2015 by 79 Comments

SSLPost Updated 05/07/16

So you have completed a PCI Compliance scan, and you need to disable TLS 1.0?

You may have found the instructions here from TechNet which explain how to edit the registry to disable TLS 1.0, SSL 2.0 and SSL 3.0. What they don’t go onto explain is that this will break your RDP/RDP Gateway Connections.

Given that , as I understand it, the requirement to disable TLS 1.0 is being enforced from June 2016 I thought it was worth running through and sharing the process.

Read more of this post

Filed under General, PowerShell, SBS S, Tips & Tricks Tagged with , , ,

Quick Fix: Printer not Redirected in RDP Session

July 23, 2014 by Leave a comment

RDPThis is something i have come across a number of times over the years, with varying degrees of success and failure. Some vendors seem to provide driver download packages allowing you to install the right driver, some more awful ones insist the printer is physically connected before it will let the driver install. Today i was helping someone who had an HP DeskJet 990c. Now that is quite an old printer and i remember from XP days that the driver was on the HCL and it was a plug and play printer.

So once i had identified it was indeed a driver issue causing the redirection to fail i needed a way to get the driver installed.

Read more of this post

Filed under General, Tips & Tricks Tagged with , ,

Installing a Second Server : SBS 2011 Essentials & Premium Add on Server

October 25, 2011 by 7 Comments

SBS Essentials LogoIt seems like a lot of businesses are bringing a second server online lately, perhaps discovering the benefits a Terminal Server (or Remote Desktop Services Server or even Multipoint) can bring, or maybe it is a Server that will run SQL for an LOB application. Personally i prefer to keep the SBS free of Apps if possible, especially accounts programs.

The SBS PAO (Premium Add on) Is a great way to get that second server and SQL license, but it may not be the most cost effective route to get what you want, so make sure you do your research before purchasing.

That’s my little marketing pledge done, now on to the technical stuff.

If you are familiar with installing SBS and general networking, likely you know already how to add a second server to an SBS Standard network, but what about essentials?

    • Do you try to install the connector?
    • Do you use the traditional ‘Computer Name’ tab in System Properties?
    • Does it show up in the Dashboard?
    • Does it get backed up?

Connector or Not Connector that is the question!

Firstly you need to ask what OS is your server. Is it Server 2008, 2008 R2 or maybe an older 2003?

The connector software will install on Server 2008 R2 Standard, IF you are running SP1, and also if your Server is NOT a Domain Controller.

If you are not running SP1 you will see this message if you attempt to install the Connector software.

SBS Essentials Connect Error

If you want to know which OS’s and Versions are supported, check out the ‘supportedOS’  XML file on your essentials box.

You will find that file in this directory

C:\Program Files\Windows Server\Bin\WebApps\Client\Package\

supported OS XML pathsupportedOS XML File

If you want to know what version of Windows you are running, you can type this command into an Elevated command prompt:

systeminfo | findstr /B /C:”OS Name” /C:”OS Version”

Check OS VersionCheck OS Version

Assuming you meet the requirements you will be presented with a warning about Supported Client OS’s and you can click on ‘Continue Anyway’ to continue the installation.

SBS Essentials Connect Warning

You may want to note that it is not possible to install the connect when logged on using Remote Desktop. Also the same problems affecting install on Client OS’s can strike on a Server install. Plenty of resources out there for those, but my post is where i will point you.

Now for my disclaimer.

Adding the connector is not supported. You get a big warning to the same effect. If you do decide to install the connector it is at your own risk, i am not going to be held responsible for anything, whether it works or doesn’t work, whether it works some of the time and whether it makes you look silly. By reading this disclaimer in your head or out loud you have waived any legal responsibility on my part in perpetuity throughout the universe.

    .

Is it in the Dashboard?

Yes. If you install the connector then it will indeed show up in the dashboard.

SBS Essentials Dashboard

Does it get backed up?

The short answer? Yes it does.

It does appear that the SBS Essentials ‘Client Backup’ will backup the server OS.

However, i have to stress this is not supported, and because of that there is no guarantee from anyone, Not me, Not Microsoft that you could successfully restore your server from that backup.

The SBSE client backup does not contain ‘agents’ for the Server OS or any applications you may be running on it, like SQL, so a backup with the SBSE client backup cannot be trusted, or guaranteed.

If you are going to have the Server show up in the dashboard, i recommend you disable the SBSE backup, and instead rely on your own backup strategy for the Server, but i am not discussing that in this post.

You can disable the backup from the dashboard, by clicking ‘Customise Client Backup for the computer’ and clicking disable backup.

You may also want to disable the launch pad.

RDP Server running LaunchpadThe launch pad runs, or at least seems to run, perfectly well on the server. I set my test server up as a RDS (TS / Terminal Server) and logged into with two separate accounts, and the Launchpad ran fine for both. The only thing i didn’t like was that a helpful or considerate user may want to poke around the backup settings, and that could be bad, so to remove temptation, my advice would be disable it.

    Likely as not you wont need the Launchpad on that server anyway.
    You can disable the Launchpad through the registry, or via MSCONFIG.

Multipoint Server

All of the above is subject to one exception. Windows Multipoint Server 2011. (WMS)

This Server OS, is supported for use with Essentials, can handle the Connector install, and perhaps most importantly, is also supported to be used with the SBSE Client backup.

If you haven’t heard of, seen, or used WMS, then get yourself along to the SMB MVP Community Road Show and see it in action.

Useful links for Multipoint

sbs-mvp

Filed under General, SBS E, Tips & Tricks Tagged with , ,

Quick Fix : SBS 2011 Essentials RDP Timeouts (Remote Web Access)

August 4, 2011 by 7 Comments

If you are using RWA in SBS 2011 you may find that having connected to your Computer, then working on something else for a period of time, you go to switch back to your Computer and find you have been Disconnected! This can be a source of annoyance to those multi-tasking users we look after, and we don’t really want to give them any more reasons to be annoyed right?

5

Luckily it is relatively simple to increase the period of inactivity before a timeout occurs, likewise you can decrease it if you wish to as well.

The default for a disconnect is 60 Minutes.

To edit these settings, we first have to enable the Remote Desktop Gateway Manager tool.

Even though this ‘Role’ is installed into SBS by default, the management tool itself is hidden

You will need to open an Elevated Command Prompt, to do that, find the CMD.exe icon, right click and click on ‘Run As Administrator’

6

Next you need to enter:

dism /online /Enable-Feature:Gateway-UI

1

You will see the status of the Imaging Servicing and Maintenance tool, and after a few moments be returned to a CMD prompt.

Now you can open up the Management tool from your Administrative Tools menu.

2

Expand your Servername and then expand Policies. In the details pane, right click the policy ‘DOMAIN_CAP_DEFAULT’ and go to properties.

3

You can see clearly here the ‘Disconnect Session after Idle’ setting, and change the value to suit your needs.

4

When you have changed the setting click OK. Your settings will be active immediately but may not affect sessions that are already in progress.

To change the timeouts for the entire Remote Web Access site, you can follow Tim Barrett’s blog post for SBS 2008.

http://www.nogeekleftbehind.com/2009/10/02/changing-the-companyweb-timeout-in-sbs-2008/

Changing this setting will affect the timeouts for the RWA page, for accessing files and folders stored on the Server.

The article mentions ‘Companyweb’ for SBS 2008, but can be transferred for The Default Website on SBS 2011 Essentials to affect the RWA page.

Filed under General, Quick Fix, SBS E, Tips & Tricks Tagged with , , , ,

%d bloggers like this: