SBS 2008 – Volume Licensing or not?

A recent question I participated in at
January 11, 2009 2:12 PM
Author: tigermatt Date: 12/27/2008 – 02:12PM PST
Title: SBS 2008: Volume Licensing or not?
Tags: Microsoft Small Business Server, 2008, Licensing, Volume or Retail
Zones: SBS Small Business Server, Intellectual Property, Microsoft Server
Author’s Account Type: Qualified Expert
Author’s Subject Experience: Unknown
Time Zone: Greenwich Mean Time (GMT±00:00)
Points: 500
I am looking to install a 2008 Small Business Server for a client in the next few months. I am, at present, weighing up whether it would be worth having the client sign up to a Volume Licensing agreement (one of the “Open” plans, from what I can tell, would be best suited to the company’s size) or purchase all the software – SBS, Vista and Office 2007 – through retail channels.

The business is a typical small business, currently running out of a small premises and in desperate need of a server to centralise file management, email, their website and so on. The scope of the project as it looks at present is as follows:

1 x Server running SBS 2008 Standard Edition
3 x Desktop PCs (although it could easily be 5 by the time the project comes round) to run either Vista Business or Premium
3-5 x Office 2007 Small Business Edition Licenses (basically every PC having Office 2007)
5x User CALs for SBS 2008 at this stage

Would you recommend I go down the Retail or Volume Licensing route? I am particularly interested in the Software Assurance capability of Volume Licensing, and my client would be interested in the ability to spread the payments over several instalments, but being someone who has never ventured into the world of Volume Licensing on a project by myself, I don’t know exactly what I’m walking into.

Essentially what I want to do is best prepare the business for the future. I have no reason not to purchase the software through conventional retail suppliers at this stage, but then when the company rapidly expands across several offices in many different locations in the coming years, I want to easily be able to add on licenses for software via the most cost-effective route.

Any words of advice for a Volume Licensing newbie?

Assisted Solution
Author: MPECSInc Date: 12/27/2008 – 02:21PM PST
Open Value Agreement with the 3 Year Spread Payment Option:

All of our clients are on License + SA for SBS, Vista + MDOP, and Office.

You get TechNet Plus Direct, 1 phone support incident, e-Learning and more.

Office gives them their office licenses, the above, plus they get Use At Home Rights. If they have 10 Office 2007 + SA on Open Value, they get a “free” copy for their employees to use at home. There is a nominal shipping charge once the employee registers for their copy. Essentially, 2 for 1!


Author Comment
Author: tigermatt Date: 12/27/2008 – 02:26PM PST

Thanks. Even that bit of information is of great use to me!

The bit I am finding difficult to understand is whether I can sign up for this agreement when the client is, at present, having only 3 Desktop PCs. This is most definitely going to grow – there is no doubt about that – and I can see them moving to larger premises over the next year or two with many more people working for them, but would someone be willing to sign me up for a Volume Licensing agreement in this situation?

Are you aware of the potential cost savings?

Thanks once again,


Expert Comment
Author: MPECSInc Date: 12/27/2008 – 03:28PM PST
An Open Value Agreement does have a 5 unit lower limit.
SBS OS + SA (incl. 5 CALs) = 1 Unit
Office 2007 Lic + SA = 3 Units (4 total)

If you do a dedicated remote desktop via an Intel Mini-ITX box in the server closet you can do Vista SA + MDOP 12 month + Office 2007 which adds 3 Units. They get a dedicated desktop if they have a laptop outside of the network for RDP access, the admin gets a desktop to work from when needing to manage SBS via RSAT. Win-Win … and we do this kind of setup for most of our clients.

You could put Vista Lic + SA, and MDOP on the three desktops which gives license portability if they are licensed OEM, plus all of the Microsoft Desktop Optimization Pack goodies which are phenomenal. That would give you 6 Units. BTW, it is not expensive for the pair per desktop OS.
Vista Up Lic + SA = TechNet Plus Direct, Vista Ultimate, Vista Enterprise, Desktop Virtualization Rights, Support Incident, more …

Otherwise, there are a number of Open Value SKUs your disti licensing specialist can help you queue up to meet the 5 minimum.


Expert Comment
Author: TechSoEasy Date: 12/28/2008 – 08:44AM PST

First of all, let me clarify something, even though I don’t think it really matters in your case. SBS 2008 comes with 5 CALs which are considered to be 5 separate “units” and therefore qualifies for Open Licensing programs on it’s own.

Then, the choice isn’t just between Open Licensing and Retail… there’s also OEM. For your scenario, I would probably go with OEM licensing as the benefits of licensing probably don’t outweigh the substantial cost difference, and there’s no real benefit of buying retail (FPP) over OEM other than the fact that it can be transfered to new hardware. Since you are buying all new hardware anyhow, then the value of OEM really comes into play. We always use OEM (with Dell Equipment) when we do a completely new install. If you are building the machines yourself, you can buy OEM licenses from your distributor (ie Ingram Micro).

FYI, if you were upgrading from an SBS 2003 installation, then it might be better to go with licensing
(, but that’s a discussion for another time.

So, all you need to do is get the server with SBS 2008 and workstations with OS + Office. No need for any additional CALs until you have more than 5 USERS. I would also recommend that you go with Vista Business. Ultimate is really just a bunch of bloatware that is not needed in an office environment.

If your client is interested in spreading payments, then they probably should be looking at leasing through Microsoft ( which would allow them to include all the hardware, software and even your services to install and configure the new network.
OEM’s such as Dell or HP also offer these types of programs.

Licensing is always a confusing topic. Please let me know if you need any clarification on the above.


Expert Comment
Author: TechSoEasy Date: 12/28/2008 – 08:53AM PST
More info on Microsoft Financing:


Author Comment
Author: tigermatt Date: 12/28/2008 – 08:57AM PST
Thanks for that Jeff. The bit regarding the minimum number of units was what was getting quite confusing for me, and as I’m sure you’re aware a lot of the information on the Microsoft site is quite wordy and difficult to get your head around.

I am having my client buy all new PCs through Dell, so I guess I could have Vista Business pre-installed as an OEM license on the PCs. It’s only £40 more (UK money) to upgrade the Vista on the PCs to Vista Business, so I think that is what I will go for rather than license it fresh. I didn’t think Vista Ultimate would really be suitable for a business environment.

It is the Office 2007 and SBS 2008 licensing which breaks the bank, but then if I went for OEM it looks as if through my supplier I’d be able to shave about 50% off the Office licenses, and almost 40% off the SBS licenses, comparing it back to the Retail product.

With regards to the Volume Licensing route, just out of interest, what sort of prices are we talking? Are the prices for Volume Licensing along the lines of OEM licenses or FPP licenses, or somewhere in between? That will probably be the deciding factor as to which route we take.

Thanks for the info so far!


Expert Comment
Author: TechSoEasy Date: 12/28/2008 – 10:13AM PST
Your estimates are about right.  Pricing of OEM will save you about half compared to FPP.  OL is actually just about the same as FPP.

For Example… SBS 2008 Standard:

FPP (SKU T72-02383) will run about £975

Open License (SKU T72-02558) will run about £975

OEM (SKU T72-02453) will run about £475

We generally get Office licenses from Dell, because they offer good pricing on Small Business Edition.  Work with your sales rep there to bet the best prices… especially if you order towards the end of the month when they are trying to meet their sales goals.


Expert Comment
Author: MPECSInc Date: 12/28/2008 – 02:04PM PST
The CALs included with SBS do not count as units. They are <i>included</i> with the product. I suggest the Microsoft Licensing Advisor for confirmation:

My first post here has a link to one of our blog posts with the appropriate Open Value part numbers for SBS.

In the long run, licensing via Open Value is the best value IMNSHO. Once the three year agreement is up, renew with SA only, the cost goes down, but the SA benefits remain. Makes way more sense than OEM for clients that refresh their hardware every two or three years.


Expert Comment
Author: MPECSInc Date: 12/28/2008 – 02:09PM PST
Also, we are talking about Open Value Licensing. That is <i>not</i> Open Licensing.
They are two different animals.

Open Value gives you the option of spreading your payments, one up front, and one each on the anniversary of the agreement date. Costs are generally 20% higher than FPP over the duration of the agreement. But, you are getting your license plus SA, and on office your Home Use Rights!

Open License requires payment up front.

Please use the above linked License Advisor to run through your licensing need. Choose OPEN VALUE for your program. Do not do a Subscription agreement as you will not own the licenses at the end of the agreement.
Here is the link again:

Cost is not everything when it comes to value for what you are getting.


Expert Comment
Author: TechSoEasy Date: 12/28/2008 – 03:09PM PST
Philip… I’m really sorry to say that you are TOTALLY wrong about this.  SBS alone qualifies for Open License (or Open Value License).

I’d really like you to justify how you say that for an organization of only FIVE people, that it is a better value to spend over THREE TIMES as much.

“Makes way more sense than OEM for clients that refresh their hardware every two or three years.”

That’s an exaggeration as well.  I always recommend that my clients get on a FOUR-YEAR refresh schedule.  With only 5 users, the server will certainly last at least that long, so they would probably stretch it to 5 years.

SA has very little value to 5-person companies.  I’ve never had a client of that size that would have benefited from SA.  Larger clients do get some benefit because the cost of the server is spread among many more users.

I think David Schrag has summed up licensing best in his blog post:

(He is attacking the Small Business Desktop Advantage program, but it applies equally to this situation).

Look… I’ve been a Microsoft Licensing Specialist for a number of years now… I deal with it all the time.  It scales very nicely for larger organizations… but for this one… NO WAY!


Expert Comment
Author: MPECSInc Date: 12/28/2008 – 03:30PM PST

The screenshots speak for themselves.

Before condemning someone as TOTALLY WRONG … please get your facts straight. Note the line in RED that states quite clearly that SBS on its own does not qualify for Open Value.

And, shall we agree to disagree?


Expert Comment
Author: MPECSInc Date: 12/28/2008 – 03:38PM PST
Hmmm … on closer examination, the part number in the licensing advisor does not match up with the part number in the above blog post which was obtained from an earlier version of the Advisor.

Jeff … I may need to eat a black feathered bird here. I will confirm with our MS Licensing contact, as in my conversations with him to date, since getting into Open Value I was always under the impression that SBS did not qualify on its own.

But, as I reread those red lines, the Open Value Agreement is not specifically mentioned … my apologies and I stand corrected.

The wires are crossed, so I will get them uncrossed and make sure I have the right information for the next time.


Expert Comment
Author: TechSoEasy Date: 12/28/2008 – 06:19PM PST

No problem.  I won’t ever be that adamant in a retort if I’m not absolutely sure.

I rarely quote Eric Ligman, but in this article ( )  he says:
“SBS Server by itself fulfills the (5) license minimum for Open License Business”

It’s been that way for a long time, and SBS 2008 isn’t any different in that regard.

So, now that I have a few moments, let me demonstrate the actual difference in cost.  (I’ll do it in USD because that’s the pricing I have).

SBS 2008 Std OEM (T72-02453) $784.26

SBS 2008 Std L + SA (T72-00882) $1,674.00  (that price covers the required 3-years of SA)

Now, to be fair, if the company thinks they will benefit from having SA, you could add 3 yrs of it to the OEM license  (T72-00897) within 90 days of purchase for $624.67.  That makes a total of  $1,408.93, but it’s still less money.

Plus, you can get those SKU’s from Dell when you order the server so it’s one-stop shopping.

Licensing is always confusing, so hopefully our little debate will help a few others as their looking for some kind of clarity.  🙂


Author Comment
Author: tigermatt Date: 12/29/2008 – 03:02AM PST
Thanks for all this info guys. I’ve fired a few emails off to a few companies, just to get some pricing back from over here.

Just a quick one before I close this: since OEM is cheaper, and you can still add SA to an OEM license within 90 days of purchase, what are the benefits of Volume Licensing? To me, it seems that it is more expensive to go down that route, with the only benefit you are getting being the ability to move the software between hardware, whereas with OEM you can’t do that?


Accepted Solution
Author: TechSoEasy Date: 12/29/2008 – 03:23AM PST

It’s a bit more than the ability to move the software. There is actually a complete, separate agreement governing volume licensed software (PUR — or Product Use Rights), as compared to OEM which has the EULA (End User License Agreement).

From the Microsoft Licensing FAQ page:

“The End User License Agreement (EULA) is associated with retail and OEM software. The Product Use Rights (PUR) document is associated with Volume Licensing. The OEM use rights are between the customer and the OEM. The retail and Volume Licensing use rights are between the customer and Microsoft. Volume Licensing customers are provided additional benefits, such as re-imaging and downgrade rights, that may not be available in other software channels.”


But as I mentioned earlier… many of these “benefits” don’t really mean anything to a company that has only 5 users. Especially if you are a Microsoft Small Business Specialist, because then you get additional support from Microsoft to assist your clients even if they are using OEM software. (ie, Business Critical Support, which is Free from Microsoft:

Good Luck!


Expert Comment
Author: MPECSInc Date: 12/29/2008 – 08:24AM PST
Thanks for the link … I was able to dig back and find our Canadian version.
Expert Comment
Author: MPECSInc Date: 12/29/2008 – 08:26AM PST

Full license + SA makes sense when the company goes past that 90 day mark for attaching SA to OEM.


Expert Comment
Author: TechSoEasy Date: 12/29/2008 – 09:01AM PST
“Full license + SA makes sense when the company goes past that 90 day mark for attaching SA to OEM”

Philip… not trying to harp… but that doesn’t make sense either.  The 90-day mark only applies if you bought OEM.  In which case you wouldn’t want another full license for the server.


Expert Comment
Author: MPECSInc Date: 12/29/2008 – 09:03AM PST
Okay … my eyes were crossed when I typed that! 8*O


Expert Comment
Author: TechSoEasy Date: 12/29/2008 – 09:04AM PST
No prob…   🙂

Just another example of how Enterprise folks don’t "get it"

Today on someone posted the question:  How to configure your own Secure Certificate for Small Business Server 2003?

He was offered a very straighforward and correct answer by NeilParbrook who told him to first make sure he had a HOST (A) record configured in the domain’s public DNS zone, and then just run the CEICW which will configure the certificate.

The person who asked the question responded that he believed it was much more complex than just running the CEICW, and then linked a few articles which supported his belief.  I took a look at the first one, and was immediately aware of why this guy was so confused.  Here’s what he saw at


Anyone who’s ever set up an SBS knows that you don’t even need to install the CA for a self-signed certificate.  It’s created by the Configure Email and Internet Connection Wizard (CEICW) and is also installed in IIS on the sites that need it.  The official overview of what the CEICW does and how you use it can be found at and a visual how-to is at

If you wanted to install a 3rd Party certificate instead, you would install the CA, but the process is still different on SBS.  Instructions for that can be found at

For anyone who hasn’t ever deployed an SBS be sure to check out to experience it first-hand.

Today’s EE Answer: Migrating from old server running Microsoft SBS 2003 SP1 to new hardware running SBS 2003 R2


Migrating from old server running Microsoft SBS 2003 SP1 to new hardware running SBS 2003 R2

Question: Will I run into problems migrating an old server running Small Business Server 2003 SP1 to a brand new server running Small Business Server 2003 R2 SP2?

My client doesn’t want to upgrade the old server (software or hardware) because “it has problems” (but they won’t tell me what).

I plan on following this guide:

My big concern is that the new server runs R2. Will I run into problem with that? Do I need to update the AD Schema for R2?

Thanks for anything you can add to help.


Comment from TechSoEasy:

That guide was just published this week and it seems like a good method.

There’s no problem going from SBS 2003 SP1 to SBS 2003 R2 because the R2 components are installed AFTERWARDS. The new server won’t be running SBS at all when you start the process described in that guide. If it is OEM, you need to reformat the disk and reinstall per the steps described.



Comment from MPECSInc:

Try looking into another method that works really well and is tried, tested and true:

A Swing Migration works really well, is quite simple to do as long as you follow the steps, and involves very little down time … especially when migrating to new server hardware.

Reading over the document you mention … as we too are evaluating the procedure … we are not putting too much effort into it because Swing Migrations are a lot simpler to accomplish than the steps required by the MS Migration Paper.

Make sure you have a good backup before running either procedure.



Comment from the Author – joshsfinn:

TechSoEasy –

Please elaborate more for me. The client bought a new server and is installing from a CD that is SBS 2003 R2 (as far as I know) up to the point of joining it to the domain. That’s where I’m supposed to take over.

From the guide I linked in my question, step 2 says:


Step 2. Install Windows Small Business Server 2003 and join the domain

In this step, you install Windows SBS 2003 and join the domain by completing the following tasks:

* Start Windows SBS 2003 Setup on the destination server.

* Join the destination server to the domain.

* blah blah blah


I don’t follow you when you say “The new server won’t be running SBS at all when you start the process described in that guide.”

To me it seems like if I’m installing the OS from a SBS 2003 R2 CD, I’m going to end up with SBS 2003 R2 on the new server before the migration has even really begun.

Thanks – sorry if I’m missing something obvious. 🙂


Comment from the Author – joshsfinn:

MPECSInc – thanks for your reply also. A Swing migration isn’t out of the question, it just seems like I can do this process fairly easily without it.

We’ll be able to make a better decision after we get our facts straight.



Comment from MPECSInc:


After working through the logistics of the MS document, a Swing is WAY easier. There is a huge reduction in the number of steps, and the amount of down time relative to the MS document’s method.



Accepted Solution from TechSoEasy:

“The client bought a new server and is installing from a CD that is SBS 2003 R2 (as far as I know) up to the point of joining it to the domain. That’s where I’m supposed to take over.”

I guess you’ve never installed SBS before?

I would first recommend that you do NOT split up the tasks like this. The migration process is one that needs very careful planning and a full understanding of what you’re migrating. If you don’t do Step 1 yourself you will definitely make mistakes with the remainder of the process. You should understand that you MUST complete the migration process in seven days or you will have a MAJOR problem because at that point the “can’t have two SBS Servers on the same network” restriction kicks in.

“To me it seems like if I’m installing the OS from a SBS 2003 R2 CD, I’m going to end up with SBS 2003 R2 on the new server before the migration has even really begun.”

SBS 2003 R2 comes on a set of 5 CD’s. The first one contains primarily Windows Server 2003 which is NON-R2 and will remain as NON-R2 even after you’ve installed SBS’s R2 bits. I know this is a bit confusing and it’s really too bad Microsoft used the “R2” designation on SBS 2003 because it makes folks think that the Windows Server 2003 included in the SBS bundle will be running R2 as well… but it doesn’t.

SBS’s R2 version is primarily the addition of new features (WSUS) and a change in the licensing structure to allow for additional SQL and Exchange servers in the domain without needing separate CALs. The R2 Components are on a separate CD which is installed AFTER you get EVERYTHING in that guide completed.

My second recommendation to you is that if you’ve never installed SBS before you need to do it yourself first before doing this for a client. It’s not at all the same as standard Windows Server 2003 (see my profile for an explanation of this and it generally takes a few times to fully understand how to get it right. See for more info on that.

I disagree with Philip about which method is better. Even though I haven’t yet tried out this method (since it was just published a few days ago), my first impression is that it’s quite similar. I don’t see the steps or downtime being vastly different, nor do I think that Swing is “WAY” easier. The major difference is that with a Swing Migration, you don’t have the 7-day limit and you have a fully functioning server to go back to in case something goes wrong. If something goes wrong with this method, even if you imaged your original server, you wouldn’t have a current backup to revert to. So that is something to be aware of. But as long as you continue to back everything up as the article describes you should be okay.

I would state that there are other methods for migrating new hardware which I’ve outlined here One of which is using Acronis True Image, which is my preferred method of hardware migration. It works great and can be done in a few hours.


The Great SBS Wizard Challenge


A few months ago, I posed the following question on Experts-Exchange:

I’ve now been posting here on EE for about three years.  Most of that time spent in the Small Business Server Zone (ne Topic Area).  There have been a number of recurring themes in the few thousand questions I’ve participated in during that time, but none that causes more controversy than whether the SBS Wizards should be used, or if you can configure an SBS without them.

Since I’ve always taken the stand that in order to properly configure an SBS you must use all the wizards.  I guess this has often been interpreted as "you cannot properly configure an SBS unless you use all the wizards".  But since the wizards are really just advanced scripting tools, you could obviously make all of the same settings or even different ones manually.

So, the question I now pose to all who care to respond is:  Why?

Why would you want to manually make these settings when there is a tool that will do it for you in a fraction of the time?  On this point, I believe there is no debate on whether or not working with the wizards will take less time if one were to make ALL of the same settings manually.  The issues seem to be that either the wizards do things that you don’t want them to do, or that you have special circumstances which seem to conflict with the way the wizards configure things.  So, to clarify the question, I will ask, "What situations have you found that they prevent you from implementing a customized solution?"  or "What situations have you found that the wizards do something you don’t want them to do and your only option is to not run them (ie, the wizard makes 10 settings and you like 7 of them but don’t like 3)?

Your answer should have a concrete example of a situation as well as an explanation of how the wizard causes the problem.

Of course if you disagree with my time premise, (that making the exact same settings manually would take longer), I’d be interested in hearing about that as well.

I would have posted this in the Experts Lounge area, but since it’s focused on SBS only and many of you don’t even go to the Experts Lounge, it makes more sense here.

Thanks in advance for your comments.



The crux of the question was this: 

"What situations have you found that they prevent you from implementing a customized 
 solution?" or "What situations have you found that the wizards do something you don’t 
 want them to do and your only option is to not run them (ie, the wizard makes 10
 settings and you like 7 of them but don’t like 3)?

Since nobody actually answered the question I decided to give feedback to a few notable comments:

"the last month and a half have read all over this site that terrible things
are going to happen at some point in the future because i didn’t use the
wizards. So far nothing has happened to my own server or any of the half dozen
or so that i have worked on."

          I think you’re looking at this from the wrong end of the equation.  I don’t
          think anyone said that terrible things are going to happen if you don’t use the
          wizards.  The basic question I posed above is that given that it takes a
          significant amount of time to manually configure things compared to the wizards,
          why would you do something that takes so much longer?  And while I don’t want to
          suggest that you are guilty of this, I am aware of a number of consultants who
          charge by the hour — so if they are doing things manually, they are ultimately
          being unethical towards their clients.

          But it’s actually more than just how much is being billed out to a client.
          Consider that there are some features of SBS which you may not be aware of which
          could save your clients significant amounts of time and money if they took
          advantage of these benefits which are part of SBS natively.  Most of the
          features are installed and configured automatically when the wizards are used…
          but when the wizards aren’t used, the features go unused.  The priorities of
          what features are imporatant are different for every client, but if they aren’t
          even aware of what some of them are, such as centralized fax, Exchange deleted
          item recovery, Volume Shadow Snapshot file recovery, Intelligent Message Filter
          for reducing SPAM, Document libraries that are easier to manage, automatic
          backup of My Documents folders, remote access to their office desktops, full
          synchronization with their windows mobile smartphone or PDA, daily, easy to
          understand monitoring reports to let them know the health of their system so
          they don’t worry as much… All of these things (among others) are installed and
          configured automatically through just the wizards listed in the To-Do list of
          the Server Management Console.

          You may know what you want done… but you’ve admitted to not having any
          experience in the Small Business realm… perhaps you should find out what Small
          Business owners want?  (and you can’t just ask them… because they don’t know
          the answers to the "direct" questions about technology… instead you have to
          keep abreast of the multitude of studies and surveys which interpret the views
          of small business:  (then ignore at least half of those
          and make up your own predictions… but make sure that whatever you do, you
          aren’t using your "enterprise network" mentality because that is never in step
          with what small business owners want).

"I think I spend more time troubleshooting errors from what the wizard did to my
users and computers than I would spend if I didn’t run them and did it all
manually. Example: trying to figure out why I can’t reset the power management
scheme on all the computers so they don’t go to sleep… I still haven’t
completely figured that out yet."

          I will cover this a bit more down below… but suffice it to say that if you are
          troubleshooting errors from the wizards, you haven’t learned how to properly
          install and configure an SBS.  While I sometimes run into errors when running
          the wizards, they are easily found and corrected.  Usually it’s something that I
          just forgot to do, like plug in an ethernet cable, and if I didn’t have the
          wizard to remind me, it might have been missed overall and caused a need even
          greater troubleshooting.
          As for the power management on workstations?  It can’t be managed by group
          policy on Windows XP… it has nothing to do with SBS at all.  But you can
          download a third party tool called EZ GPO to help you with this: 

          Vista does support power management through group policy… and there is also a nice
          Wake-on-LAN plugin for Remote Web Workplace for XP Machines.  You can read about
          both of those things here: 

"Single NIC installations where I have an upstream proxy/firewall cause problems
in themselves.  You need to really bypass CEICW and ignore the nags about not
being complete – not clean IMHO.  I have it running in my lab on a VM and it
works fine, but I continue to get nagged about running this wizard even though
there is no option for my configuration."

          What do you mean there is no option for your configuration???  Single NIC with a
          FIREWALL is absolutely supported and documented.  Even if it’s a PROXY (because
          you would set all local traffic to bypass the proxy). You most definitely do not
          have to bypass the CEICW, nor should you. See configuration option number 5 or 6
          at  I’ve deployed MANY SBS networks with this
          configuration… primarily using SonicWall Firewalls

"1.  DHCP…It sets the scope range to be your ENTIRE subnet (i.e. then puts in exclusions.  This is quite possibly the worst way
of doing a DHCP scope."

          Why would that be the worst way of doing a DHCP scope?  A default installation
          of SBS would create a scope range of, then exclude
 10 and when you then run the Remote Access Configuration Wizard,
          it will grab – 19 for RRAS connections.  I will often go back and
          then exclude to use for printers and other such devices, but
          perhaps you can explain what a better method would be?

"2.  Firewall GPO…I always have to go back and disable the firewall on all
machines because the Wizard creates this Firewall GPO.  This especially becomes
annoying when installing a server based AV system that pushes out installs over
WMI (which needs the Firewall disabled)."

          If you have to go back and disable the firewall on all machines, then you aren’t
          really allowing SBS to manage the network centrally.  I’ve run many programs
          that use WMI to push out a client program and the only time I’ve ever seen a
          problem is when I came into a network that the workstations weren’t joined using
          the ConnectComputer wizard.  If you are not joining the workstations to the
          domain using
http://<servername>/connectcomputer, then the permissions may not
          be getting set correctly to allow access via WMI.  Then, that problem is being
          compensated for by disabling the Windows Firewall which unnecessarily weakens
          the security of the network.

          ** I would note that there is a small issue with the WMI Provider when joining a
          Vista Client to an SBS Domain, but that’s been fully covered by this KB article
          & Patch:

"I agree with Netman, they need to have a Standard and an Advanced mode for
their wizards, and have it ask you at the beginning of the install which method
you want.  This way people like me could better control the Wizards functions
(I.E. tell it the CORRECT DHCP Scope options)"

          In my opinion, if you are a more advanced user you should understand that
          because there are so many different things running concurrently in SBS, it is
          even more important to make sure that all these parts are carefully synchronized
          so you don’t spend hours upon hours troubleshooting some problem that could have
          been avoided if you used the wizard to simultaneously configure all the parts.
          The additional benefit is that if you can be much more confident that making a
          small modification to one part of the network won’t create a conflict with

          Let’s say, for instance, that you needed to change the server’s local IP address
          so that it doesn’t conflict with a new VOIP system (this has happened to me a
          couple of times — some of those VOIP folks like their IP addresses to be set
          their way and I didn’t really want or need to argue with them).  Normally, on a
          stand-alone network that had all that SBS is running you’d have to change
          settings in at least eight different places (including rewriting dozens of ISA
          rules) and then hope you got them all while you watched the event logs for
          errors and ran diags.  With SBS, it’s as simple as running the Change Server IP
          Address Wizard which will take care of everything.
          (See:!AB2725BC5698FCB8!303.entry for

          Basically a task that could otherwise take half a day is accomplished in 5

"I would say use the wizards simply because it has then been done ‘by the book’
and so is easier for the next person to maintain because it has MS standard
settings rather than your customisation."

          andyalder, who I think stumbled upon this thread by accident, has provided the
          most brilliant answer of all (
http:#19618127 — which leew and red were quick to recognize).  
          This whole notion of "not trusting Microsoft" (leew you are such a flip-flopper on
          this) is really hogwash.  You don’t have to trust Microsoft or anyone when you
          use the wizards.  I’ve already demonstrated that they are wholey
          transparant…you just need to read what’s on your screen to see that.  And the
          wizards along with SBS’s default configuration was not just "decided upon" by
          some Microsoft project manager.  The process was guided by the input from the
          entire SBS development team, over 50 SBS MVP’s, hundreds of beta testers and now
          tens of thousands of successful implementations are proving that it works in
          most every instance.  I know for sure that even though I’ve installed and
          configured over 100 SBS networks to date, that I certainly believe that I know
          better than all these folks.  I absolutely know enough at this point to question
          the process though… and I do that regularly.  However, since the vast majority
          of my career life has not been spent in IT Consulting, but like most of my
          clients I was running a small business, so my perspective remains from the view
          of the business owner who doesn’t spend $10,000 or $15,000 very often and wants
          to make sure that he gets the BEST possible value for the money… not just
          today, but for the life of the asset.

          One small business I was involved with for over 10 years was my family’s fine
          dining restaurant in Arizona.  We had a rich history that spanned over 50 years
          with three generations of family involvement.  During my time there, the
          restaurant earned the Mobil Travel Guide Five-Star Award and the AAA
          Five-Diamond Award for many consecutive years.  Usually, when you think of
          Five-Star Restaurants, you think of a charismatic chef who produces masterful
          creations and is perhaps the "star" of the establishment.  But our family had a
          philosophy that if a single person created recipes that only a select few could
          produce, we would just be another one of those popular places that disappears
          after a few months or a couple of years.  Instead, because we had a recipe book
          that was managed by my Aunt in consultation with the chef, Maitre d’, and the
          rest of the management team, which could be produced consistently to high
          standards by any number of our kitchen staff, our restaurant maintained the
          position of being the highest rated restaurant in Arizona for almost 40 years.
          Although it is no longer there today (due to urban development), it is still
          thought of as "the best that ever was".

          I tell that story because I think it says a lot about my committment to
          consistency, which most of you feel probably doesn’t exist in the IT world. I can
          tell you that the food world is no different… maintaining a level of unfailing
          quality that your customers can count on requires keeping the your efforts well
          rooted in the foundation of what’s proven to work so that you can build upon
          success.  Then, when you take a chance or two with something new and different
          (SharePoint Services, or a CRM implementation), your customers will be right
          there with you instead of second guessing every suggestion you make.
          Furthermore, I’d point out that while I don’t quite understand the context that
          ChiefIT’s comment "Anyone who says they know everything there is to know about
          computers, is just lying" was aimed towards, I can’t help but think that anyone
          who chooses to ignore the wizards falls into the category of those who think they
          know everything.

"I like hearing advice from folks who are more knowledgeable than I am with
computers while looking at the grass roots of the system. I learn better and
quicker that way."

          Of course every project we undertake is ultimately a learning experience,
          but learning is not the primary objective when deploying a Server and complete
          network infrastructure for a paying client.  That’s something you need to do on
          your own time with your own test installations.  When you do that, you will find
          that the wizards don’t hide anything.  Everything is spelled out VERY CLEARLY on
          both the first page (which tells you what it’s going to do) and the last page
          which provides you the EXACT details of what it’s doing.  If you like, you can
          print out that last page, quit the wizard and then make the entries manually if
          that helps you understand it better.  But when deploying an SBS for a paying
          client who expects the product to deliver everything it claims, the server
          should be installed and configured in the quickest method possible to provide
          all features that will benefit the organization including it’s low, long-term
          management costs.

Let me also add…
Every time a wizard is run, a complete log of it’s actions is created in
C:\Program Files\Microsoft Windows Small Business Server\Support
I highly recommend that you poke around in the C:\Program Files\Microsoft Windows Small Business Server
directory to see what else is there.  In doing so, you’ll find that every time the CEICW is run
it creates both a full outline of what its doing, plus it creates a .vbs file of its settings
in case you need to revert back to a previous setting.  (You’ll find that in
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW)
I welcome any comments or feedback.


It seems though, as though nobody could rise to the challenge.  RTFW!

The Planet now is offering Hosted Small Business Server

The Planet has now started offering Hosted Small Business Server — they’ve published the white paper linked below which presents a rather compelling financial argument if you believe their numbers.  Unfortunately, I don’t.  Its not that I don’t think there is a place for hosted SBS, or that its not a value… I just don’t like made-up financial pro-formas that seem to ignore important facts.  I’ll be writing more about this later.

How to properly rejoin a client workstation to an SBS 2003 Domain


I can’t tell you how many times I’ve posted these steps in my answers to questions received on  But more often than not, someone is trying to use one of the nifty SBS features and can’t get it going because they never joined their workstations to the domain using the Connectcomputer wizard.

You can find a list of all the things that Connectcomputer does over on Susan Bradley’s Blog.  But what do you do if you didn’t originally use this wizard to add the clients to the domain?  It’s not as simple as just unjoining the domain and rejoining it with the wizard because of all the places that need to be touched and all the features that need to be configured.

So, after many revisions, here are the current steps that must be taken at each workstation:

At the client machine:

  • Log in with THAT machine’s LOCAL administrator account.
  • Unjoin the domain into a WORKGROUP
  • Change the name of the computer (this is not an option, you must use a name that is unique and hasn’t been used before on your SBS)
  • Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients
  • Delete the following Registry Key entirely: HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer (if it exists)
  • Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
  • Reboot

Then on the server, from the Server Management Console:

  • Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
  • Add the client with it’s NEW name using the Setup Client Computers wizard.  When it finishes you will get a warning telling you how to finish the installation:


Then, go back to the client machine, log back in with the local Administrator account.

  • If there is more than one network interface, make sure that the only one that’s enabled is the one connected to the SBS.
  • Open IE and enter http://<servername>/connectcomputer in the address bar
  • Supply the domain Administrator credentials when requested and assign appropriate user to the machine.  This will make sure that the user that was already assigned to the machine retains their profile.   The following screens are self explanatory:





  • After the machine reboots the second time, log in with the assigned user’s credentials to complete the process.

Once complete you will be able to enjoy all the client functionality that SBS promises and helps to make your users more productive.

If you have any problems with the user’s settings not being the same, please see this article on how to restore their original profile:

Migrate Profiles on Small Business Server Networks


Use the Correct Windows Small Business Server Template

This comes from Microsoft’s document on how to secure your SBS network which I thought was a good example of how SBS makes it easier to deploy and manage a small business network. Take note that all templates allow users to connect remotely — which comes from Microsoft’s philosophy of empowerment .


Windows SBS 2003 comes with predefined templates that are designed to give users only the level of access they need. For example, user accounts that are based on the User template do not have remote access to the local network by using a VPN connection, but user accounts based on the Mobile User template do have this access. The four templates are as follows:

Template Names and Descriptions

Template Name



Accounts based on this template have access to shared folders, printers and faxes, e-mail, and the Internet. Accounts assigned this template can access the local network from a remote location by using Remote Web Workplace. Additionally, user accounts assigned with this template can open a Remote Desktop Connection to a computer that is running Windows XP Professional but not to a computer that is running Windows SBS 2003.

Mobile User

Accounts based on this template have all the permissions of the User template and can also access the local network from a remote location using Remote Web Workplace or a remote access connection.

Power User

Accounts based on this template have all the permissions of the Mobile User template and can also perform delegated management tasks. A Power User can log on remotely, but not locally, to a computer that is running Windows SBS 2003.


Accounts based on this template have unrestricted system access to the Windows SBS network.