How to properly rejoin a client workstation to an SBS 2003 Domain

connect

I can’t tell you how many times I’ve posted these steps in my answers to questions received on Experts-Exchange.com.  But more often than not, someone is trying to use one of the nifty SBS features and can’t get it going because they never joined their workstations to the domain using the Connectcomputer wizard.

You can find a list of all the things that Connectcomputer does over on Susan Bradley’s Blog.  But what do you do if you didn’t originally use this wizard to add the clients to the domain?  It’s not as simple as just unjoining the domain and rejoining it with the wizard because of all the places that need to be touched and all the features that need to be configured.

So, after many revisions, here are the current steps that must be taken at each workstation:

At the client machine:

  • Log in with THAT machine’s LOCAL administrator account.
  • Unjoin the domain into a WORKGROUP
  • Change the name of the computer (this is not an option, you must use a name that is unique and hasn’t been used before on your SBS)
  • Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients
  • Delete the following Registry Key entirely: HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer (if it exists)
  • Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
  • Reboot

Then on the server, from the Server Management Console:

  • Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
  • Add the client with it’s NEW name using the Setup Client Computers wizard.  When it finishes you will get a warning telling you how to finish the installation:

finish

Then, go back to the client machine, log back in with the local Administrator account.

  • If there is more than one network interface, make sure that the only one that’s enabled is the one connected to the SBS.
  • Open IE and enter http://<servername>/connectcomputer in the address bar
  • Supply the domain Administrator credentials when requested and assign appropriate user to the machine.  This will make sure that the user that was already assigned to the machine retains their profile.   The following screens are self explanatory:

accountinfo

assign

select

complete

  • After the machine reboots the second time, log in with the assigned user’s credentials to complete the process.

Once complete you will be able to enjoy all the client functionality that SBS promises and helps to make your users more productive.

If you have any problems with the user’s settings not being the same, please see this article on how to restore their original profile:

Migrate Profiles on Small Business Server Networks

 

Advertisements

Use the Correct Windows Small Business Server Template

This comes from Microsoft’s document on how to secure your SBS network which I thought was a good example of how SBS makes it easier to deploy and manage a small business network. Take note that all templates allow users to connect remotely — which comes from Microsoft’s philosophy of empowerment .

 

Windows SBS 2003 comes with predefined templates that are designed to give users only the level of access they need. For example, user accounts that are based on the User template do not have remote access to the local network by using a VPN connection, but user accounts based on the Mobile User template do have this access. The four templates are as follows:

Template Names and Descriptions

Template Name

Description

User

Accounts based on this template have access to shared folders, printers and faxes, e-mail, and the Internet. Accounts assigned this template can access the local network from a remote location by using Remote Web Workplace. Additionally, user accounts assigned with this template can open a Remote Desktop Connection to a computer that is running Windows XP Professional but not to a computer that is running Windows SBS 2003.

Mobile User

Accounts based on this template have all the permissions of the User template and can also access the local network from a remote location using Remote Web Workplace or a remote access connection.

Power User

Accounts based on this template have all the permissions of the Mobile User template and can also perform delegated management tasks. A Power User can log on remotely, but not locally, to a computer that is running Windows SBS 2003.

Administrator

Accounts based on this template have unrestricted system access to the Windows SBS network.