E-Bitz - SBS MVP the Official Blog of the SBS "Diva"

Restricting Remote Web Workplace

Want a little extra security for Remote Web Workplace?  From the mailbag today comes the question ”Can you please advise whether there is any way of blocking access to certain SBS 2003 Users for RWW?“ and the answer is... sure... what do you want to block?

First off, there are tweaks you can do to block certain options inside Remote Web Workplace... don't want to offer to map drives?  Chad has the information to adjust that off.

You are probably looking for this tweak that you can block who has access to RWW.

Finally, want to totally remove the links [which I wouldn't recommend...but...

For administrator:
1. Open Registry Editor.
2. Navigate to
HKLM\Software\Microsoft\SmallB­usinessServer\RemoteUserPortal­\AdminLinks.
3. In the right pane:
Set ServerTS=0 to prevent Access Server Desktops
Set ClientTS=0 to prevent Access Client Desktops

For users:
1. Open Registry Editor.
2. Navigate to
HKLM\Software\Microsoft\SmallB­usinessServer\RemoteUserPortal­\KWLinks.
3. In the right pane:
Set TS=0 to prevent Access my computer at work
Set AppTS=0 to prevent Access my company's application-sharing server

[Note] If you run CEICW again after configure the registry, the original
settings will be restored. Then, you must configure the settings again.

SBS on the front lines....

The question typically comes up in SBSland ...or those just entering it....

“What if the server goes down?  How do we deal with that?”

Easy.  You deal with it.

First off, understand that the majority of my issues on downtime with my server have been hardware based.  Switch failed. Nic in the server failed.  I had one drive in a raid 5 fail on me once, but I deal with it and the down time is minimal.  I've built in things like having all Windows XP machines so they'll log into the profile whether the server is up or not [the workstations use cached credential to log into the domain].  I can count on one hand the number of times my server has gone down and I've been able to easily keep going and plan around it.

If you don't have a server now, but a peer to peer with a DSL connection...how do you deal with your downtime issues now?  I mean you do have your data is one place... a 'mothership' peer machine right?  You said you have a shared file server now.... what if it goes down?  As far as Internet access... again, it's been extremely rare that I have outages.  As far as 'downtime' I plan for security patches on Friday nights [I don't let the server autopatch], and it hasn't been an issue.

For email if POP connector is used, it's left on your ISP's servers, if MX, you can get companies like tzo.com to do a backup mail record.

Because I am a paranoid wacko I do tend to stick a cheap router between me and my RRAS firewall at home and my ISA server at the office an 'only' forward those ports [443/4125 for example] to the network.  This just makes me feel better.  ISA could handle this all by itself...but... I'm just flat out paranoid and like it this way.

A great resource for network setups can be found at Smallbizserver.net and is a great guide for setting you up right.

So to Michael in Chicago, IL... check out techsoup.org and to answer your question... SBS works... I'm proof positive... running behind one here at home... and all the time at the office.  Hasn't skipped a beat yet.

Shavlik made me vaklempt

Got an email saying that Shavlik updated their XML for patches on Friday and buried in the updates are.... sniff..sniff... SBS ones are included now...  I just pinged Shavlik to update from the version 4 to version 5... kewlamundo!

Shavlik Technologies has released updated XML files for Shavlik HFNetChkPro 5.

XML data version = 1.1.2.440  Last modified on 5/13/2005

This update includes the following changes:

Added 13 new non security patches to the WUScan XML file.  These patches can be scanned and deployed using the WUScan template in Shavlik HFNetChkPro 5 and Shavlik NetChk Patch.  Alternatively, you may create a custom scan template and choose 'Non-security Patches' from the PatchTypes tab.

Added the following:

MSWU-004

MSWU-005

MSWU-006

MSWU-008

MSWU-009

MSWU-010

MSWU-011

MSWU-012

MSWU-013

MSWU-014

MSWU-015

MSWU-016

MSWU-017

(there is no MSWU-007 at this time)

Details of all 16 MSWU patches listed below:

MSWU-001 892313

Updates for Windows Media Player 9 Series and for Windows Media Player 10

Applies to: WMP9 and WMP10

In certain situations, certain types of Windows Media Digital Rights Management (WMDRM)-protected content may cause Windows Media Player to redirect a user to a Web page to acquire a license without prior warning. This redirect may occur even if a user has cleared the Acquire licenses automatically for protected content check box on the Privacy tab of the Options dialog box.

MSWU-002 842773

BITS 2.0 and WinHTTP 5.1

Applies to: Win2K, XP, WS03, SBS03

An update package that includes BITS 2.0 and WinHTTP 5.1 is now available for Microsoft Windows Server 2003, for Microsoft Windows XP, and for Microsoft Windows 2000. This package updates BITS to version 2.0 and updates WinHTTP 5.1. These updates help guarantee an optimal download experience when you use future versions of the Automatic Update service, of Microsoft Windows Update, and of other programs that rely on BITS to transfer files by using idle network bandwidth.

MSWU-003 893803

Windows Installer 3.1

Applies to: Win2K, XP, WS03, SBS03

(Microsoft has removed this patch from their download center.  When Microsoft has updated this patch, we will update our XML files to include this file for download.

MSWU-004 884020

Update for Windows XP Service Pack 2 (KB884020)

Applies to: XP SP2

On a computer that is running Microsoft Windows XP with Service Pack 2 (SP2), programs that connect to IP addresses that are in the loopback address range may not work as you expect. For example, you may receive an error message that says that you cannot establish a connection. This problem occurs if the program connects to a loopback address other than 127.0.0.1. Windows XP Service Pack 2 (SP2) prevents connections to all IP addresses that are in the loopback address range except for 127.0.0.1.

MSWU-005 886185

Critical Update for Windows Firewall 'My Network (subnet) only' scoping in Windows XP Service Pack 2

Applies to: XP SP2

After you set up Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that anyone on the Internet can access resources on your computer when you use a dial-up connection to connect to the Internet. For example, after creating an exception in Windows Firewall for File and Printer Sharing, you may discover that anyone can access shared files and printers.

MSWU-006

Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element update for Windows XP Service Pack 2

Applies to: XP SP2

The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) Update for computers that are running Microsoft Windows XP with Service Pack 2 (SP2) is available. This update enhances the Windows XP wireless client software with support for the new Wi-Fi Alliance certification for wireless security. The update also makes it easier to connect to secure public spaces that are equipped with wireless Internet access. These locations are otherwise known as Wi-Fi hotspots.

MSWU-008 887222

RPC Filter Update for Windows Server 2003 Service Pack 1

Applies to: ISA 2000 SP2 (will install on both Win2K and WS03 ISA SP2 systems)

Windows Server 2003 Service Pack 1 makes significant changes to the Remote Procedure Call (RPC) service with the addition of registry keys, including the ability to enable users to modify the behavior of all RPC interfaces on the system, and eliminate remote anonymous access to RPC interfaces on the system (with some exceptions). New RPC features are not supported by ISA Server’s RPC filter and such RPC traffic fails through ISA Server. This update fixes these RPC issues in ISA Server 2000.

MSWU-009 887742

You receive the Stop error "Stop 0x05" in Windows XP Service Pack 2

Applies to: XP SP2

A computer that is running Microsoft Windows XP Service Pack 2 (SP2) unexpectedly stops with the error message 'Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT) '.

MSWU-010 826942

Update for Microsoft Windows XP: KB826942

Applies to: XP SP1

This update provides support for Wireless Protected Access, a new standards-based wireless security solution developed by the Wi-Fi Alliance. WPA is intended to replace the existing Wired Equivalent Privacy (WEP) standard, offering much more robust methods of encryption and authentication and resulting in a new level of protection for customers taking advantage of the wireless features of Windows XP.

MSWU-011 885222

Update for Windows XP (KB885222)

Applies to: XP SP2

After you install Windows XP Service Pack 2, some 1394 devices (such as digital cameras that use S400 speed) may not perform as expected. Install this update to help prevent this issue.

MSWU-012 872769

Update for Windows Small Business Server 2003: KB 872769

Applies to: SBS03

By default, the Windows Firewall, that Windows XP Service Pack 2 (SP2) includes, is disabled by a Group Policy setting in all Windows Small Business Server 2003 networks. To enable the Windows Firewall on computers running Windows XP SP2, install this QFE on the computer running Windows Small Business Server 2003.

(this patch cannot be uninstalled)

MSWU-013 832880

Critical Update for Windows Small Business Server 2003 (KB832880)

Applies to: SBS03

This critical update corrects the issue 'Installation of intranet component and browsing to http://companyweb fail in Windows Small Business Server 2003' (KB 832880). Installations and upgrades performed after November 24, 2003 may be affected by this issue.

MSWU-014 835734

Update for Windows Small Business Server 2003: KB 835734

Applies to: SBS03

There is a problem with how the POP3 connector processes certain messages downloaded from a POP3 server. This problem could result in the POP3 connector accidentally re-sending certain messages to recipients who are not part of the SBS server e-mail domain. This may happen only in the cases where the POP3 connector is used to download mail from an external POP account. Customers using Exchange to host their mail internally will not experience this problem. This update resolves this issue. All SBS customers are encouraged to install this update.

MSWU-015 833992

Hotfix for Windows Small Business Server 2003: KB 833992

Applies to: SBS03

This download address a particular way mail downloads can fail when using the POP3 connector in Small Business Server 2003. This issue causes the process IMBDOWNL.EXE to be hung with the CPU utilization at 25, 50 or 100%. A warning with event ID 1067 will be recorded by the POP3 server in the event log when this error occurs.

MSWU-016 842933

String Truncation Error Message When Editing GPOs: KB842933

Applies to: Win2K, XP, WS03, SBS03

When you try to modify or to view Group Policy objects (GPOs) on a computer that is running Microsoft Windows Server 2003, Microsoft Windows XP Professional with Service Pack 1 (SP1), or Microsoft Windows 2000, you may receive an error message that is similar to the following: The following entry in the [strings] section is too long and has been truncated. Some text may be displayed after this error message, and this text varies in different scenarios. Additionally, if you click OK in the error message window, a similar error message may be repeated. Each error message that is repeated has different text that is displayed after the error message.

MSWU-017 831664

Windows Small Business Server 2003: KB 831664

Applies to: SBS03

When you configure a backup by using the Server Management console in Microsoft Windows Small Business Server (SBS) 2003, the backup operation may be unsuccessful, and you may receive the following error message in the backup log when the backup starts: The requested media failed to mount. The operation was aborted. The backup destination may also be set to "miniQIC" instead of to the actual tape drive, and you may not be able to change this selection.

- The Shavlik XML Team