This article is also available as a TechRepublic download.
The ability to remotely administer Windows Small Business Server can prove priceless. Adding new users, resetting account lockouts and passwords, reviewing event logs and troubleshooting numerous other common issues needn't require an in-person visit to the office on weekends or remote facilities, even, on weekdays.
Windows Small Business Server possesses powerful remote administration features. They're so important to productivity and the OS' maintenance, in fact, that the SBS To Do List (activated at installation) dedicates its third configuration step specifically to configuring remote access and VPN connections. (Figure A)
|SBS 2003 R2's Server Management To Do List dedicates its third step to configuring remote access.|
Running the Remote Access Wizard
Real world experience quickly teaches administrators to leverage the numerous Windows Small Business Server 2003 R2 wizards; trying shortcuts or manually configuring SBS 2003 R2 settings is a recipe for disaster. Don't do it. Use the wizards.
SBS 2003 R2 (like SBS 2003) includes a wizard dedicating to configuring remote connections. To access the Remote Access Wizard:
- Click Start.
- Open the Server Management console.
- Highlight the To Do List.
- Click the Start link for Configure Remote Access (the third step) within Network Tasks.
The Remote Access Wizard, in addition to configuring remote connections for the SBS box, also provides an opportunity to set secure password policies. Here's how it works:
- Upon executing the Remote Access Wizard, the first page administrators see is the Welcome To The Remote Access Wizard screen. Click Next to continue.
- The next page (Figure B) permits enabling remote access, including VPN access and dial-up connections (if a dial-up modem is present). Specify the connections you wish to create and click Next.
|Enable remote and VPN access using the Remote Access Wizard's Remote Access Page.|
- The Client Addressing page appears next (Figure C). The screen permits specifying the IP address of the DHCP server that should be used by remote systems; alternatively you can specify a range of static IP addresses remote clients can utilize instead, should no DHCP server be available. Once you've configured IP address assignment information, click Next.
|Specify IP address assignment information using the Client Addressing page.|
- The VPN Server Name page appears next (Figure D). Enter the domain name for the VPN server. For example, you should specify the full Internet domain name clients will enter to access the VPN server (such as vpn.yourserver.com). Then, click Next.
|Specify the full Internet domain name for the VPN server using the VPN Server Name page.|
- The Completing the Remote Access Wizard page appears next (Figure E). The remote access configuration information you specified can be printed, saved or e-mailed using the link on this page. Click Finish to actually configure remote access for the SBS 2003 R2 box.
- A status box will appear displaying remote access configuration progress. When the process completes, a confirmation message will appear indicating the remote access configuration completed properly. Click Close to close the dialog box.
|You can print, save or e-mail the remote access configuration information using the provided link.|
The wizard will appear to have finished its work. But right when you believe the task is complete, another dialog box will appear (Figure F). The Remote Access Wizard presents the opportunity to enable password policies, which is highly recommended.
- To set password policies, click Yes.
|Configure password policy requirements at the same time you configure remote access to ensure heightened security.|
- The Configure Password Policies menu box appears. Set the requirements as you prefer (the three options are password length, complexity and change requirements).
- Specify when the password policies should take effect (the default setting is three days).
- Click OK.
Remote access, necessitating usernames with the password requirements you specified, are now enabled. Before remote systems can connect, of course, you must ensure your firewall is configured to forward the appropriate port traffic. Most administrators will wish to open several ports with a standard SBS install, including:
- 25 (for SMTP e-mail)
- 443 (for HTTP SSL for Remote Web Workplace and OWA)
- 4125 (required for Remote Web Workplace)
- 1701 (for LT2P), 1723 (for VPN PPTP)
- 4125 and 3389 (for Remote Desktop administration and terminal services connections)
Making the Connection
Once remote administration is enabled on the Small Business Server 2003 R2 system, you're ready to remotely connect to the server:
- Click Start.
- Click All Programs.
- Click Accessories.
- Click Communications.
- Click Remote Desktop Connection. The Remote Desktop Connection box appears (Figure G).
|Enter the IP address or fully qualified domain name of the server you wish to configure remotely, or click the Options button to specify additional connection credentials.|
- Specify the IP address or enter the full Internet address (such as server1.yourcompany.com) of the server you wish to create a remote connection to within the Computer field.
- Click the Options box to display additional configuration settings (Figure H).
|Complete the fields found within the General tab to specify required remote access information, including a username with remote access permissions, the password associated with the user account and the domain.|
- Enter a username and password for an account possessing remote access permissions.
- Specify the domain name.
- Click the Save My Password box if you wish to log in automatically each time you open the Remote Desktop Connection (recommended only for systems placed in physically secure locations, if even then).
- Click Save As to create an icon and shortcut for the Remote Desktop Connection, or click Connect to connect to the remote system.