3. Using the Small Business Server Connect Computer
Wizard
After you establish network connectivity and you’ve created
the appropriate user accounts, the next steps in connecting a computer to an SBS network are to log on
to the computer, open Internet Explorer or Firefox, and launch the
Small Business Server Connect Computer Wizard by connecting to http://connect.
This wizard configures the computer to run on the network by
performing the following actions:
Verifies that the computer meets minimum requirements to
run on an SBS 2011 network
Changes the computer’s workgroup or domain membership to
be a member of the SBS domain
Configures the computer to automatically get updates from
the SBS server
Assigns users to the computer
Optionally migrates existing local user profiles stored on
the computer to new domain user profiles, preserving the data
and settings of local user accounts
Sets the browser home page to
http://companyweb
Enables Remote Web Access connections
Configures the Windows Firewall
Installs (but doesn’t enable) the SBS Gadget if it’s a
Windows Vista or Windows 7 client
Configures Group Policies on the client computer to align
with SBS 2011
To use the Connect Computer Wizard from Internet Explorer or
Firefox, follow these steps:
Log on to the computer you want to connect to the SBS
network, and open your browser. Internet Explorer and Firefox
are supported.
Browse to http://connect to open the
Welcome To Windows Small Business Server 2011 Standard home
page, as shown in Figure 6.
Note:
If the computer you’re trying to join to the SBS network
doesn’t meet the minimum requirements for joining, you’ll see
a different screen than that in Figure 6, with a
description of the problem and possibly a link to correct it.
One example is a Windows XP computer that doesn’t have the
Microsoft .NET Framework 2.0 installed. After you’ve corrected
the deficiency, you can restart your browser and connect to
the http://connect site to
continue.
Click Start Connect Computer Program to open the Launcher.exe application. You’ll see a security
warning as shown in Figure 7.
Click Run (and click Continue if you get a User Account
Control prompt) to start the Connect Computer Wizard at the Choose How To Set
Up This Computer page shown in Figure 8.
Select Set Up This Computer For Myself if you’ll be the
only user using this computer. Select Set Up This Computer For
Other Users if this will be a shared computer, or if you’re
setting up another user’s computer.
The Connect Computer Wizard verifies that the computer
being connected meets minimum requirements and reports the
success, as shown in Figure 9.
Click Next to open the Type Your Network Administrator User Name And Password page
of the Connect Computer Wizard. Enter the credentials for
a Network Administrator account.
Note:
This page will be slightly different if you’ve selected
to set the computer up only for yourself. You’ll need to type
in your user name and your password.
Click Next to open the Verify The Name And Description Of
This Computer page of the Connect Computer Wizard. Modify the
name if required, and enter an optional description for the
computer, as shown in Figure 10.
Click Next to open the Assign Users To This Computer page,
as shown in Figure 11. Any
Network Administrator accounts will already be
assigned to the computer, automatically. Select additional users
in the left pane, and click Add to assign them to the
computer.
Click Next to open the Move Existing User Data And
Settings page, shown in Figure 12. Here
you’ll see a list of SBS user accounts that are assigned to the
computer, with matching drop-down lists of accounts that can
have their user data migrated to the new SBS account.
Select the accounts to migrate, as shown in Figure 12, and click
Next to open the Assign Level Of Computer Access For Users Of
Windows SBS page shown in Figure 13. Here you
assign the permission level on the local
computer for the SBS domain account. By default, SBS
Standard Users are assigned Standard User on their local
computers as well, though in some scenarios you
might choose to assign them Local Administrator
privilege.
Click Next to open the Confirm User Data And Settings
Selections page, and if everything is as you expected, click
Next and then click Restart to begin the account migration and
domain join. This process might require more than one reboot,
but should proceed automatically.
When the Connect Computer Wizard is finished, log on and
click Finish.
The SBS default is to create SBS standard users as only standard users on their local
computers, and we think this is a very good idea.
Most local users have no need to run with elevated privileges, and
the security of your network is significantly improved if they don’t.
However, this can be a nuisance for some users who have a
legitimate but only occasional need to do something that requires
elevation. You could create those users as local administrators,
but then that privilege is always available to them.
Another solution is to create all PCs with a generic local
administrative account that the user can use. But this becomes
either unwieldy to keep track of and administer, or too generic,
giving users the ability to use that same password to log on to
computers that aren’t their own.
We think a better solution is to create one or more
(depending on departmental needs and concerns) Standard User SBS domain accounts that can be
assigned to individual PCs as local administrator.
These SBS Standard User accounts should be assigned only to
PCs that have an actual need to occasionally elevate, and they
should also be allowed to log on only during normal business
hours, and only locally—no RWA access for these accounts.
Passwords should be changed regularly.
Now when a user needs to elevate privilege to do something,
you don’t need to give the user access to an account that has
domain administrator privileges. The user can elevate to this
special account that is a local administrator, but only a domain
user.
