The Great SBS Wizard Challenge


A few months ago, I posed the following question on Experts-Exchange:

I’ve now been posting here on EE for about three years.  Most of that time spent in the Small Business Server Zone (ne Topic Area).  There have been a number of recurring themes in the few thousand questions I’ve participated in during that time, but none that causes more controversy than whether the SBS Wizards should be used, or if you can configure an SBS without them.

Since I’ve always taken the stand that in order to properly configure an SBS you must use all the wizards.  I guess this has often been interpreted as "you cannot properly configure an SBS unless you use all the wizards".  But since the wizards are really just advanced scripting tools, you could obviously make all of the same settings or even different ones manually.

So, the question I now pose to all who care to respond is:  Why?

Why would you want to manually make these settings when there is a tool that will do it for you in a fraction of the time?  On this point, I believe there is no debate on whether or not working with the wizards will take less time if one were to make ALL of the same settings manually.  The issues seem to be that either the wizards do things that you don’t want them to do, or that you have special circumstances which seem to conflict with the way the wizards configure things.  So, to clarify the question, I will ask, "What situations have you found that they prevent you from implementing a customized solution?"  or "What situations have you found that the wizards do something you don’t want them to do and your only option is to not run them (ie, the wizard makes 10 settings and you like 7 of them but don’t like 3)?

Your answer should have a concrete example of a situation as well as an explanation of how the wizard causes the problem.

Of course if you disagree with my time premise, (that making the exact same settings manually would take longer), I’d be interested in hearing about that as well.

I would have posted this in the Experts Lounge area, but since it’s focused on SBS only and many of you don’t even go to the Experts Lounge, it makes more sense here.

Thanks in advance for your comments.



The crux of the question was this: 

"What situations have you found that they prevent you from implementing a customized 
 solution?" or "What situations have you found that the wizards do something you don’t 
 want them to do and your only option is to not run them (ie, the wizard makes 10
 settings and you like 7 of them but don’t like 3)?

Since nobody actually answered the question I decided to give feedback to a few notable comments:

"the last month and a half have read all over this site that terrible things
are going to happen at some point in the future because i didn’t use the
wizards. So far nothing has happened to my own server or any of the half dozen
or so that i have worked on."

          I think you’re looking at this from the wrong end of the equation.  I don’t
          think anyone said that terrible things are going to happen if you don’t use the
          wizards.  The basic question I posed above is that given that it takes a
          significant amount of time to manually configure things compared to the wizards,
          why would you do something that takes so much longer?  And while I don’t want to
          suggest that you are guilty of this, I am aware of a number of consultants who
          charge by the hour — so if they are doing things manually, they are ultimately
          being unethical towards their clients.

          But it’s actually more than just how much is being billed out to a client.
          Consider that there are some features of SBS which you may not be aware of which
          could save your clients significant amounts of time and money if they took
          advantage of these benefits which are part of SBS natively.  Most of the
          features are installed and configured automatically when the wizards are used…
          but when the wizards aren’t used, the features go unused.  The priorities of
          what features are imporatant are different for every client, but if they aren’t
          even aware of what some of them are, such as centralized fax, Exchange deleted
          item recovery, Volume Shadow Snapshot file recovery, Intelligent Message Filter
          for reducing SPAM, Document libraries that are easier to manage, automatic
          backup of My Documents folders, remote access to their office desktops, full
          synchronization with their windows mobile smartphone or PDA, daily, easy to
          understand monitoring reports to let them know the health of their system so
          they don’t worry as much… All of these things (among others) are installed and
          configured automatically through just the wizards listed in the To-Do list of
          the Server Management Console.

          You may know what you want done… but you’ve admitted to not having any
          experience in the Small Business realm… perhaps you should find out what Small
          Business owners want?  (and you can’t just ask them… because they don’t know
          the answers to the "direct" questions about technology… instead you have to
          keep abreast of the multitude of studies and surveys which interpret the views
          of small business:  (then ignore at least half of those
          and make up your own predictions… but make sure that whatever you do, you
          aren’t using your "enterprise network" mentality because that is never in step
          with what small business owners want).

"I think I spend more time troubleshooting errors from what the wizard did to my
users and computers than I would spend if I didn’t run them and did it all
manually. Example: trying to figure out why I can’t reset the power management
scheme on all the computers so they don’t go to sleep… I still haven’t
completely figured that out yet."

          I will cover this a bit more down below… but suffice it to say that if you are
          troubleshooting errors from the wizards, you haven’t learned how to properly
          install and configure an SBS.  While I sometimes run into errors when running
          the wizards, they are easily found and corrected.  Usually it’s something that I
          just forgot to do, like plug in an ethernet cable, and if I didn’t have the
          wizard to remind me, it might have been missed overall and caused a need even
          greater troubleshooting.
          As for the power management on workstations?  It can’t be managed by group
          policy on Windows XP… it has nothing to do with SBS at all.  But you can
          download a third party tool called EZ GPO to help you with this: 

          Vista does support power management through group policy… and there is also a nice
          Wake-on-LAN plugin for Remote Web Workplace for XP Machines.  You can read about
          both of those things here: 

"Single NIC installations where I have an upstream proxy/firewall cause problems
in themselves.  You need to really bypass CEICW and ignore the nags about not
being complete – not clean IMHO.  I have it running in my lab on a VM and it
works fine, but I continue to get nagged about running this wizard even though
there is no option for my configuration."

          What do you mean there is no option for your configuration???  Single NIC with a
          FIREWALL is absolutely supported and documented.  Even if it’s a PROXY (because
          you would set all local traffic to bypass the proxy). You most definitely do not
          have to bypass the CEICW, nor should you. See configuration option number 5 or 6
          at  I’ve deployed MANY SBS networks with this
          configuration… primarily using SonicWall Firewalls

"1.  DHCP…It sets the scope range to be your ENTIRE subnet (i.e. then puts in exclusions.  This is quite possibly the worst way
of doing a DHCP scope."

          Why would that be the worst way of doing a DHCP scope?  A default installation
          of SBS would create a scope range of, then exclude
 10 and when you then run the Remote Access Configuration Wizard,
          it will grab – 19 for RRAS connections.  I will often go back and
          then exclude to use for printers and other such devices, but
          perhaps you can explain what a better method would be?

"2.  Firewall GPO…I always have to go back and disable the firewall on all
machines because the Wizard creates this Firewall GPO.  This especially becomes
annoying when installing a server based AV system that pushes out installs over
WMI (which needs the Firewall disabled)."

          If you have to go back and disable the firewall on all machines, then you aren’t
          really allowing SBS to manage the network centrally.  I’ve run many programs
          that use WMI to push out a client program and the only time I’ve ever seen a
          problem is when I came into a network that the workstations weren’t joined using
          the ConnectComputer wizard.  If you are not joining the workstations to the
          domain using
http://<servername>/connectcomputer, then the permissions may not
          be getting set correctly to allow access via WMI.  Then, that problem is being
          compensated for by disabling the Windows Firewall which unnecessarily weakens
          the security of the network.

          ** I would note that there is a small issue with the WMI Provider when joining a
          Vista Client to an SBS Domain, but that’s been fully covered by this KB article
          & Patch:

"I agree with Netman, they need to have a Standard and an Advanced mode for
their wizards, and have it ask you at the beginning of the install which method
you want.  This way people like me could better control the Wizards functions
(I.E. tell it the CORRECT DHCP Scope options)"

          In my opinion, if you are a more advanced user you should understand that
          because there are so many different things running concurrently in SBS, it is
          even more important to make sure that all these parts are carefully synchronized
          so you don’t spend hours upon hours troubleshooting some problem that could have
          been avoided if you used the wizard to simultaneously configure all the parts.
          The additional benefit is that if you can be much more confident that making a
          small modification to one part of the network won’t create a conflict with

          Let’s say, for instance, that you needed to change the server’s local IP address
          so that it doesn’t conflict with a new VOIP system (this has happened to me a
          couple of times — some of those VOIP folks like their IP addresses to be set
          their way and I didn’t really want or need to argue with them).  Normally, on a
          stand-alone network that had all that SBS is running you’d have to change
          settings in at least eight different places (including rewriting dozens of ISA
          rules) and then hope you got them all while you watched the event logs for
          errors and ran diags.  With SBS, it’s as simple as running the Change Server IP
          Address Wizard which will take care of everything.
          (See:!AB2725BC5698FCB8!303.entry for

          Basically a task that could otherwise take half a day is accomplished in 5

"I would say use the wizards simply because it has then been done ‘by the book’
and so is easier for the next person to maintain because it has MS standard
settings rather than your customisation."

          andyalder, who I think stumbled upon this thread by accident, has provided the
          most brilliant answer of all (
http:#19618127 — which leew and red were quick to recognize).  
          This whole notion of "not trusting Microsoft" (leew you are such a flip-flopper on
          this) is really hogwash.  You don’t have to trust Microsoft or anyone when you
          use the wizards.  I’ve already demonstrated that they are wholey
          transparant…you just need to read what’s on your screen to see that.  And the
          wizards along with SBS’s default configuration was not just "decided upon" by
          some Microsoft project manager.  The process was guided by the input from the
          entire SBS development team, over 50 SBS MVP’s, hundreds of beta testers and now
          tens of thousands of successful implementations are proving that it works in
          most every instance.  I know for sure that even though I’ve installed and
          configured over 100 SBS networks to date, that I certainly believe that I know
          better than all these folks.  I absolutely know enough at this point to question
          the process though… and I do that regularly.  However, since the vast majority
          of my career life has not been spent in IT Consulting, but like most of my
          clients I was running a small business, so my perspective remains from the view
          of the business owner who doesn’t spend $10,000 or $15,000 very often and wants
          to make sure that he gets the BEST possible value for the money… not just
          today, but for the life of the asset.

          One small business I was involved with for over 10 years was my family’s fine
          dining restaurant in Arizona.  We had a rich history that spanned over 50 years
          with three generations of family involvement.  During my time there, the
          restaurant earned the Mobil Travel Guide Five-Star Award and the AAA
          Five-Diamond Award for many consecutive years.  Usually, when you think of
          Five-Star Restaurants, you think of a charismatic chef who produces masterful
          creations and is perhaps the "star" of the establishment.  But our family had a
          philosophy that if a single person created recipes that only a select few could
          produce, we would just be another one of those popular places that disappears
          after a few months or a couple of years.  Instead, because we had a recipe book
          that was managed by my Aunt in consultation with the chef, Maitre d’, and the
          rest of the management team, which could be produced consistently to high
          standards by any number of our kitchen staff, our restaurant maintained the
          position of being the highest rated restaurant in Arizona for almost 40 years.
          Although it is no longer there today (due to urban development), it is still
          thought of as "the best that ever was".

          I tell that story because I think it says a lot about my committment to
          consistency, which most of you feel probably doesn’t exist in the IT world. I can
          tell you that the food world is no different… maintaining a level of unfailing
          quality that your customers can count on requires keeping the your efforts well
          rooted in the foundation of what’s proven to work so that you can build upon
          success.  Then, when you take a chance or two with something new and different
          (SharePoint Services, or a CRM implementation), your customers will be right
          there with you instead of second guessing every suggestion you make.
          Furthermore, I’d point out that while I don’t quite understand the context that
          ChiefIT’s comment "Anyone who says they know everything there is to know about
          computers, is just lying" was aimed towards, I can’t help but think that anyone
          who chooses to ignore the wizards falls into the category of those who think they
          know everything.

"I like hearing advice from folks who are more knowledgeable than I am with
computers while looking at the grass roots of the system. I learn better and
quicker that way."

          Of course every project we undertake is ultimately a learning experience,
          but learning is not the primary objective when deploying a Server and complete
          network infrastructure for a paying client.  That’s something you need to do on
          your own time with your own test installations.  When you do that, you will find
          that the wizards don’t hide anything.  Everything is spelled out VERY CLEARLY on
          both the first page (which tells you what it’s going to do) and the last page
          which provides you the EXACT details of what it’s doing.  If you like, you can
          print out that last page, quit the wizard and then make the entries manually if
          that helps you understand it better.  But when deploying an SBS for a paying
          client who expects the product to deliver everything it claims, the server
          should be installed and configured in the quickest method possible to provide
          all features that will benefit the organization including it’s low, long-term
          management costs.

Let me also add…
Every time a wizard is run, a complete log of it’s actions is created in
C:\Program Files\Microsoft Windows Small Business Server\Support
I highly recommend that you poke around in the C:\Program Files\Microsoft Windows Small Business Server
directory to see what else is there.  In doing so, you’ll find that every time the CEICW is run
it creates both a full outline of what its doing, plus it creates a .vbs file of its settings
in case you need to revert back to a previous setting.  (You’ll find that in
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW)
I welcome any comments or feedback.


It seems though, as though nobody could rise to the challenge.  RTFW!