A few months ago, I posed the following question on Experts-Exchange:
I’ve now been posting here on EE for about three years. Most of that time spent in the Small Business Server Zone (ne Topic Area). There have been a number of recurring themes in the few thousand questions I’ve participated in during that time, but none that causes more controversy than whether the SBS Wizards should be used, or if you can configure an SBS without them.
Since I’ve always taken the stand that in order to properly configure an SBS you must use all the wizards. I guess this has often been interpreted as "you cannot properly configure an SBS unless you use all the wizards". But since the wizards are really just advanced scripting tools, you could obviously make all of the same settings or even different ones manually.
So, the question I now pose to all who care to respond is: Why?
Why would you want to manually make these settings when there is a tool that will do it for you in a fraction of the time? On this point, I believe there is no debate on whether or not working with the wizards will take less time if one were to make ALL of the same settings manually. The issues seem to be that either the wizards do things that you don’t want them to do, or that you have special circumstances which seem to conflict with the way the wizards configure things. So, to clarify the question, I will ask, "What situations have you found that they prevent you from implementing a customized solution?" or "What situations have you found that the wizards do something you don’t want them to do and your only option is to not run them (ie, the wizard makes 10 settings and you like 7 of them but don’t like 3)?
Your answer should have a concrete example of a situation as well as an explanation of how the wizard causes the problem.
Of course if you disagree with my time premise, (that making the exact same settings manually would take longer), I’d be interested in hearing about that as well.
I would have posted this in the Experts Lounge area, but since it’s focused on SBS only and many of you don’t even go to the Experts Lounge, it makes more sense here.
Thanks in advance for your comments.
The crux of the question was this:
"What situations have you found that they prevent you from implementing a customized
solution?" or "What situations have you found that the wizards do something you don’t
want them to do and your only option is to not run them (ie, the wizard makes 10
settings and you like 7 of them but don’t like 3)?
Since nobody actually answered the question I decided to give feedback to a few notable comments:
"the last month and a half have read all over this site that terrible things
are going to happen at some point in the future because i didn’t use the
wizards. So far nothing has happened to my own server or any of the half dozen
or so that i have worked on."
I think you’re looking at this from the wrong end of the equation. I don’t
think anyone said that terrible things are going to happen if you don’t use the
wizards. The basic question I posed above is that given that it takes a
significant amount of time to manually configure things compared to the wizards,
why would you do something that takes so much longer? And while I don’t want to
suggest that you are guilty of this, I am aware of a number of consultants who
charge by the hour — so if they are doing things manually, they are ultimately
being unethical towards their clients.
But it’s actually more than just how much is being billed out to a client.
Consider that there are some features of SBS which you may not be aware of which
could save your clients significant amounts of time and money if they took
advantage of these benefits which are part of SBS natively. Most of the
features are installed and configured automatically when the wizards are used…
but when the wizards aren’t used, the features go unused. The priorities of
what features are imporatant are different for every client, but if they aren’t
even aware of what some of them are, such as centralized fax, Exchange deleted
item recovery, Volume Shadow Snapshot file recovery, Intelligent Message Filter
for reducing SPAM, Document libraries that are easier to manage, automatic
backup of My Documents folders, remote access to their office desktops, full
synchronization with their windows mobile smartphone or PDA, daily, easy to
understand monitoring reports to let them know the health of their system so
they don’t worry as much… All of these things (among others) are installed and
configured automatically through just the wizards listed in the To-Do list of
the Server Management Console.
You may know what you want done… but you’ve admitted to not having any
experience in the Small Business realm… perhaps you should find out what Small
Business owners want? (and you can’t just ask them… because they don’t know
the answers to the "direct" questions about technology… instead you have to
keep abreast of the multitude of studies and surveys which interpret the views
of small business: http://snipr.com/1qrn2 (then ignore at least half of those
and make up your own predictions… but make sure that whatever you do, you
aren’t using your "enterprise network" mentality because that is never in step
with what small business owners want).
"I think I spend more time troubleshooting errors from what the wizard did to my
users and computers than I would spend if I didn’t run them and did it all
manually. Example: trying to figure out why I can’t reset the power management
scheme on all the computers so they don’t go to sleep… I still haven’t
completely figured that out yet."
I will cover this a bit more down below… but suffice it to say that if you are
troubleshooting errors from the wizards, you haven’t learned how to properly
install and configure an SBS. While I sometimes run into errors when running
the wizards, they are easily found and corrected. Usually it’s something that I
just forgot to do, like plug in an ethernet cable, and if I didn’t have the
wizard to remind me, it might have been missed overall and caused a need even
As for the power management on workstations? It can’t be managed by group
policy on Windows XP… it has nothing to do with SBS at all. But you can
download a third party tool called EZ GPO to help you with this:
Vista does support power management through group policy… and there is also a nice
Wake-on-LAN plugin for Remote Web Workplace for XP Machines. You can read about
both of those things here:
"Single NIC installations where I have an upstream proxy/firewall cause problems
in themselves. You need to really bypass CEICW and ignore the nags about not
being complete – not clean IMHO. I have it running in my lab on a VM and it
works fine, but I continue to get nagged about running this wizard even though
there is no option for my configuration."
What do you mean there is no option for your configuration??? Single NIC with a
FIREWALL is absolutely supported and documented. Even if it’s a PROXY (because
you would set all local traffic to bypass the proxy). You most definitely do not
have to bypass the CEICW, nor should you. See configuration option number 5 or 6
at http://sbsurl.com/msicw. I’ve deployed MANY SBS networks with this
configuration… primarily using SonicWall Firewalls
"1. DHCP…It sets the scope range to be your ENTIRE subnet (i.e.
192.168.1.1-255) then puts in exclusions. This is quite possibly the worst way
of doing a DHCP scope."
Why would that be the worst way of doing a DHCP scope? A default installation
of SBS would create a scope range of 192.168.16.1-254, then exclude
192.168.16.1- 10 and when you then run the Remote Access Configuration Wizard,
it will grab 192.168.16.11 – 19 for RRAS connections. I will often go back and
then exclude 192.168.16.200-254 to use for printers and other such devices, but
perhaps you can explain what a better method would be?
"2. Firewall GPO…I always have to go back and disable the firewall on all
machines because the Wizard creates this Firewall GPO. This especially becomes
annoying when installing a server based AV system that pushes out installs over
WMI (which needs the Firewall disabled)."
If you have to go back and disable the firewall on all machines, then you aren’t
really allowing SBS to manage the network centrally. I’ve run many programs
that use WMI to push out a client program and the only time I’ve ever seen a
problem is when I came into a network that the workstations weren’t joined using
the ConnectComputer wizard. If you are not joining the workstations to the
domain using http://<servername>/connectcomputer, then the permissions may not
be getting set correctly to allow access via WMI. Then, that problem is being
compensated for by disabling the Windows Firewall which unnecessarily weakens
the security of the network.
** I would note that there is a small issue with the WMI Provider when joining a
Vista Client to an SBS Domain, but that’s been fully covered by this KB article
& Patch: http://support.microsoft.com/kb/926505
"I agree with Netman, they need to have a Standard and an Advanced mode for
their wizards, and have it ask you at the beginning of the install which method
you want. This way people like me could better control the Wizards functions
(I.E. tell it the CORRECT DHCP Scope options)"
In my opinion, if you are a more advanced user you should understand that
because there are so many different things running concurrently in SBS, it is
even more important to make sure that all these parts are carefully synchronized
so you don’t spend hours upon hours troubleshooting some problem that could have
been avoided if you used the wizard to simultaneously configure all the parts.
The additional benefit is that if you can be much more confident that making a
small modification to one part of the network won’t create a conflict with
Let’s say, for instance, that you needed to change the server’s local IP address
so that it doesn’t conflict with a new VOIP system (this has happened to me a
couple of times — some of those VOIP folks like their IP addresses to be set
their way and I didn’t really want or need to argue with them). Normally, on a
stand-alone network that had all that SBS is running you’d have to change
settings in at least eight different places (including rewriting dozens of ISA
rules) and then hope you got them all while you watched the event logs for
errors and ran diags. With SBS, it’s as simple as running the Change Server IP
Address Wizard which will take care of everything.
(See: http://techsoeasy.spaces.live.com/blog/cns!AB2725BC5698FCB8!303.entry for
Basically a task that could otherwise take half a day is accomplished in 5
"I would say use the wizards simply because it has then been done ‘by the book’
and so is easier for the next person to maintain because it has MS standard
settings rather than your customisation."
andyalder, who I think stumbled upon this thread by accident, has provided the
most brilliant answer of all (http:#19618127 — which leew and red were quick to recognize).
This whole notion of "not trusting Microsoft" (leew you are such a flip-flopper on
this) is really hogwash. You don’t have to trust Microsoft or anyone when you
use the wizards. I’ve already demonstrated that they are wholey
transparant…you just need to read what’s on your screen to see that. And the
wizards along with SBS’s default configuration was not just "decided upon" by
some Microsoft project manager. The process was guided by the input from the
entire SBS development team, over 50 SBS MVP’s, hundreds of beta testers and now
tens of thousands of successful implementations are proving that it works in
most every instance. I know for sure that even though I’ve installed and
configured over 100 SBS networks to date, that I certainly believe that I know
better than all these folks. I absolutely know enough at this point to question
the process though… and I do that regularly. However, since the vast majority
of my career life has not been spent in IT Consulting, but like most of my
clients I was running a small business, so my perspective remains from the view
of the business owner who doesn’t spend $10,000 or $15,000 very often and wants
to make sure that he gets the BEST possible value for the money… not just
today, but for the life of the asset.
One small business I was involved with for over 10 years was my family’s fine
dining restaurant in Arizona. We had a rich history that spanned over 50 years
with three generations of family involvement. During my time there, the
restaurant earned the Mobil Travel Guide Five-Star Award and the AAA
Five-Diamond Award for many consecutive years. Usually, when you think of
Five-Star Restaurants, you think of a charismatic chef who produces masterful
creations and is perhaps the "star" of the establishment. But our family had a
philosophy that if a single person created recipes that only a select few could
produce, we would just be another one of those popular places that disappears
after a few months or a couple of years. Instead, because we had a recipe book
that was managed by my Aunt in consultation with the chef, Maitre d’, and the
rest of the management team, which could be produced consistently to high
standards by any number of our kitchen staff, our restaurant maintained the
position of being the highest rated restaurant in Arizona for almost 40 years.
Although it is no longer there today (due to urban development), it is still
thought of as "the best that ever was".
I tell that story because I think it says a lot about my committment to
consistency, which most of you feel probably doesn’t exist in the IT world. I can
tell you that the food world is no different… maintaining a level of unfailing
quality that your customers can count on requires keeping the your efforts well
rooted in the foundation of what’s proven to work so that you can build upon
success. Then, when you take a chance or two with something new and different
(SharePoint Services, or a CRM implementation), your customers will be right
there with you instead of second guessing every suggestion you make.
Furthermore, I’d point out that while I don’t quite understand the context that
ChiefIT’s comment "Anyone who says they know everything there is to know about
computers, is just lying" was aimed towards, I can’t help but think that anyone
who chooses to ignore the wizards falls into the category of those who think they
"I like hearing advice from folks who are more knowledgeable than I am with
computers while looking at the grass roots of the system. I learn better and
quicker that way."
Of course every project we undertake is ultimately a learning experience,
but learning is not the primary objective when deploying a Server and complete
network infrastructure for a paying client. That’s something you need to do on
your own time with your own test installations. When you do that, you will find
that the wizards don’t hide anything. Everything is spelled out VERY CLEARLY on
both the first page (which tells you what it’s going to do) and the last page
which provides you the EXACT details of what it’s doing. If you like, you can
print out that last page, quit the wizard and then make the entries manually if
that helps you understand it better. But when deploying an SBS for a paying
client who expects the product to deliver everything it claims, the server
should be installed and configured in the quickest method possible to provide
all features that will benefit the organization including it’s low, long-term
Let me also add…
Every time a wizard is run, a complete log of it’s actions is created in
C:\Program Files\Microsoft Windows Small Business Server\Support
I highly recommend that you poke around in the C:\Program Files\Microsoft Windows Small Business Server
directory to see what else is there. In doing so, you’ll find that every time the CEICW is run
it creates both a full outline of what its doing, plus it creates a .vbs file of its settings
in case you need to revert back to a previous setting. (You’ll find that in
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW)
I welcome any comments or feedback.
It seems though, as though nobody could rise to the challenge. RTFW!