Windows Small Business Server 2008 Technical FAQ

Windows Small Business Server 2008 includes the following component technologies:

• Windows Server 2008 Standard technologies
• Microsoft Exchange Server 2007 Standard Edition
• Windows SharePoint Services 3.0
• Windows Server Update Services 3.0
• Microsoft Forefront Security for Exchange Server ^1,2
• Integration with Office Live Small Business ²

• Includes everything from Standard Edition, plus:
• Windows Server 2008 Standard³
• Microsoft SQL Server 2008 Standard for Small Business⁴

¹ 120 day trial included in product.

⁴Through December 31, 2009, customers using applications that are not yet certified for use on Microsoft SQL Server 2008 Standard, a copy of Microsoft SQL Server 2005 Standard will also be included in SBS 2008 Premium. SQL Server 2008 (or 2005) Standard can be installed on either server: If you install SQL on the first server then you must install the management tools on another machine.

Windows Small Business Server 2008 (SBS 2008) is designed to enable customers and partners with a complete infrastructure and business solution for Small Businesses. Over and above the products included in SBS 2008, there are also several other unique features:

• Remote access to company e-mail, documents, applications, and desktops
• Easy-to-use, task-based management console
• Personalized collaboration site
• Automated backups of company data configured by the administrator
• Integration with Windows Mobile devices
• Line-of-business platform for your mission-critical applications

The design constraints are similar to previous versions of Windows Small Business Server. They are:

• No more than 75 users or devices
• The Standard Edition server must be the root domain controller of the forest
• The Standard Edition server must hold the flexible single master operations (FSMO) roles
• The Standard Edition server must be a global catalog
• There can be no inter-forest trusts or child domains
• Terminal Services Application Mode is disabled on Standard Edition server
• The Premium Edition server must be a member server or additional domain controller of an SBS 2008 network

No. Migration (moving from the existing server to a new server) is the only supported method. For more information see the migration instructions on the Microsoft Web site for more information.

You can install SQL Server on either the Premium Edition server or the Standard Edition server. Once you install it on a specific server you can run as many instances as you want on that server only. If you choose to exercise your downgrade rights, the same rule applies. Note that if you install SQL Server on the Standard Edition server, the SQL Server management tools cannot be installed on that server but must be installed on another computer on the domain.

Line of Business (LOB) applications can be installed on either the Standard Edition server or the Premium Edition server. You should check with your LOB vendor to ensure that is has been tested to work on either Windows Small Business Server 2008 or Windows Server 2008 Standard.

Windows Small Business Server 2008 provides protection for your e-mail out of the box. Customers can choose this service for product updates and definition files. For customers who want to use other products, they can use those products instead. This provides customers the ability to evaluate this protection product prior to purchase.

Once you have installed Windows Small Business Server 2008, you can subscribe to theis service at any time. Open the management console and click the Subscribe link.

Windows Small Business Server 2008 uses the same hardware compatibility list as Windows Server 2008. You can find a list of compatible hardware at Windows Server Catalog.

Windows Small Business Server 2008 includes Microsoft Fax Server which is a part of Windows Server 2008.

One NIC is recommended and supported on the Standard Edition server. If you have more than one NIC on the first server, then when the network wizards are run the additional NICs are disabled. Multiple NICs are an advanced scenario; if you want to use multiple NICs you should do so on the Premium Edition server.

Windows Small Business Server 2008 Premium Edition does not include ISA. If you purchased and are current on Software Assurance, you can obtain a standalone copy of ISA. See the Microsoft Software Assurance section for more information. This copy can be run on a second server on the network. For more sophisticated and integrated management of ISA, consider migrating to Essential Business Server.

Windows Server 2008 for Windows Essential Server Solutions is designed for partners who want to deliver a product based on Windows Server 2008 as part of a small business offering. Windows Server 2008 for Windows Essential Server Solutions provides the same version of Windows Server 2008 that is used by Windows Small Business Server 2008 but has none of the added features or integrated components included in Windows Small Business Server 2008 Standard or Premium. Windows Server 2008 for Windows Essential Server Solutions has the following restrictions:

• Only one computer in a domain can be running Windows Server 2008 for Windows Essential Server Solutions.
• Windows Server 2008 for Windows Essential Server Solutions must be the root of the Active Directory forest.
• Windows Server 2008 for Windows Essential Server Solutions cannot trust any other domains.
• A Windows Server 2008 for Windows Essential Server Solutions domain cannot have any child domains.
• Each user or device (including client computers or additional servers) accessing Windows Server 2008 for Windows Essential Server Solutions software must be assigned Windows Server 2008 for Windows Essential Server Solutions Client Access License (CAL).
• Only fifteen (15) client computers can be connected to Windows Server 2008 for Windows Essential Server Solutions.

Windows Server 2008 Standard FE is the shortened name for Windows Server 2008 for Windows Essential Server Solutions. When you run the Winver tool you will see this reference.

Windows Small Business Server 2008 does not use an MMC-based management console. It uses a task-based interface that was designed for the small business owner and small business partner who want speed and repeatability. Furthermore, usability studies showed that task-based consoles are easier to understand and do a better job managing common functions on a server. The new Administration Console combines information about your network with context-sensitive tasks that relate to the information. This helps administrators get at-a-glance status and provide the tools needed to respond to the information.

Connect to the Internet WizardInternet Address Management WizardFix my Network WizardInstall a Trusted Certificate WizardConnect Computer WizardSelf-Signed Certificate Installer (Windows Mobile and Desktop)Move server data wizards (SharePoint, Exchange, WSUS, Shared Folders, User Directories)Add new user/add multiple usersAnd many more!

Windows Small Business Server 2008 (SBS 2008) combines task-based management features into the Administration Console. Examples of this include:

• Domain name and IP address management
• Dynamic domain name management
• Integrated antivirus and anti-spam reporting
• Pre-configured host-firewall rules
• Self-issued Certificate Services
• Active Directory configuration
• Data folder configuration, management, and redirection
• Role-based user provisioning
• Office Live signup

In a new installation, Windows Small Business Server 2008 disables the built-in Administrator account as a security best practice. During setup, you create a new account with Administrator privileges and use this account to manage your server. This reduces the attack surface by preventing attacks on the Administrator user name. If you migrate from an existing Windows Small Business Server installation, the built-in Administrator account is still available.

As a security precaution Terminal Services Application Mode is disabled on the Standard Edition server. Only the Premium Edition server can run Terminal Services in Application Mode. Terminal Services Administration Mode is enabled on both servers. The Standard Edition server uses Terminal Services Gateway to redirect Terminal Services sessions throughout the domain.

The Internet Address Management Wizard includes eNom Central, GoDaddy, and Register.com. The registrar list is dynamically maintained at Microsoft and additional registrar partners can be added for other regions. If you are a Domain Name Registrar and would like to be listed during the Windows Small Business Server 2008 installation process, please contact gitmeptr@microsoft.com.

Clients must be running Windows Vista RTM or Windows XP with Service Pack 2. The Connect Computer wizard requires .NET Framework 2.0 and will prompt you to install it if it is not present.

No. UAC helps protect users and businesses and is enabled by default. It is not recommended that you disable UAC.

All new user accounts added to a computer are assigned Standard User group membership by default, not Local Admins. However, if you use the Connect Computer wizard to import a user profile that already exists on the computer and the user account is already a member of the Local Admins group, then the user account keeps its current group membership. User membership in the Local Admins group can subsequently be changed in the Administration Console.

Due to a change in Exchange Server 2007 licensing, Outlook 2007 is no longer included with Windows Small Business Server 2008.

Yes. You can continue to use your existing Outlook 2003 clients with Windows Small Business Server 2008. Some new features of Exchange and SharePoint are not available to previous versions of Microsoft Office 2007 software, but your existing features and functions will be available.

The SBS Windows Sidebar Gadget contains links to business resources such as e-mail, SharePoint folders, or business applications. You can edit the links using the Administration Console and then deploy it to Vista desktops within your business.

Yes, when you add a client to the SBS 2008 domain it will be subject to a number of policies and changes. These changes are documented in the Help file available with the Connect Computer wizard. These policies can be changed back to previous settings if desired.

The Connect Computer wizard helps connect workstations to the SBS 2008 domain. The wizard will check for the required prerequisites and help import local profiles to the new domain user. Domain profiles from domains other than the Windows Small Business Server domain cannot be imported.

Yes. While you can store them on the same partition or the same hard disk drive, it's a best practice to store them on separate physical disks.

The Answer File tool is used in advanced setup and migration scenarios. It creates an XML file that contains basic setup information. You can then copy the answer file to removable media, such as a floppy drive or USB thumb drive, and then run the Setup application. Setup uses the answer file to fill in the necessary domain configuration information. You can also use the answer file during the migration process. You can find more information about the tool in the Tools folder on the Windows Small Business Server 2008 DVD.

In Windows Small Business Server 2003, customers often had difficulty configuring the DHCP server on their router. They were seeing client errors and failures when accessing the network. In Windows Small Business Server 2008 the recommended solution is to manage DHCP using the server.

Business-class routers are recommended for most small businesses. These routers can handle heavier traffic required by businesses, but they do not support UPnP. Consumer or home user routers support UPnP, but are not designed to handle the heavier traffic requirements of businesses. If you want to use consumer or home user routers on your business network, it is recommended that you use routers certified for use with Microsoft Vista. See the Windows Logo'd Product List for more information.

Some routers do not completely comply with the standards required to correctly be configured using UPnP. You will need to configure the ports on your router manually.

You may need to open the following ports, depending on the services you want to make available:

• Port 25 TCP – SMTP (Outgoing Exchange e-mail)
• Port 80 TCP – HTTP
• Port 443 TCP – HTTPS (RWW, OWA, remote desktop or Terminal Server sessions)
• Port 987 TCP – External secure Companyweb access
• Port 1723 TCP – PPTP (VPN)

If port 80 is not open, then you must specify https:// for RWW connections; otherwise if port 80 is open you can use http:// and the session will be redirected automatically to port 443. If your router is configured to use UPnP, the Internet Address Management Wizard (IAMW) will open port 80.

Yes. If you already have a domain name and it is being managed by a registrar, you can use the IAMW and choose to manage the domain name yourself.

You can use either a software firewall or a hardware firewall on your network, provided that it is on a different device from the server running Windows Small Business Server 2008.

The software architecture limitations prevent you from changing between 32-bit and 64-bit. You must select one or the other at installation time. If you decide that you need to use the other architecture, you must either reinstall your operating system and applications on the same server or migrate the applications and data to another server.

Yes. You can install Premium Server using the server core installation option.

Yes. You can join the Premium Edition server to the domain and then configure it as a read-only domain controller. You can always join additional servers or domain controllers to the Windows Small Business Server network.

If you are migrating from one physical server to a second physical server, it should take between one and two days, depending on your applications and data you have on your source server. Note that the source server remains online and available for most of the migration process, so you don’t have to force a migration into a weekend.

You can complete the migration process up through the "join domain" phase. The remaining tasks in the Migration Wizard must be done manually.

The first phase of setup where you join the existing domain must be done at the console. Once you have set up your networking options properly, you can perform the rest of the process using RDP.

Normally only one server running Windows Small Business Server is allowed in a domain. Windows Small Business Server 2003 had a seven-day window to complete a migration. When you run the Windows Small Business Server 2008 Migration Preparation Tool on Windows Small Business Server 2003, it extends the time limit for migration to 21 days. This time limit is counted from when you join the SBS 2008 server to the SBS 2003 domain to when you demote the SBS 2003 from the domain. One you demote the SBS 2003 server from the domain, the time limit reverts back to 7 days.

The answer depends on the health of Active Directory and your network. You can download and run the Windows Small Business Server Best Practices Analyzer from the Microsoft Web site on your current network. This will help you determine if there are any issues that must be resolved before migrating to new hardware.

No. Windows Small Business Server is a domain controller and once joined to the domain it cannot be renamed. If you want to use the same server name on your network, you can migrate once to Windows Small Business Server 2008 running in a virtual machine, and then migrate from the virtual machine to the original hardware (or new hardware) using the original server name.

Once the old Windows Small Business Server has been demoted from a domain controller it can no longer be used on the network. If you want to reuse the hardware you must install a new operating system.

You cannot demote the old server if Exchange Server is still installed. When you uninstall Exchange and clean up Active Directory, you can then demote the old server from the domain and not leave old entries in Active Directory.

The wizard does not directly do this, as there are many configurations that are possible depending on which database is being used to store the data. You can find database-specific migration guidance for your SharePoint sites on the Microsoft Web site.

If you use the Move Mailbox wizard during the migration process and move all your Exchange mailboxes to the same mailbox store, then single instance storage continues to work normally.

If you purchased and installed a trusted certificate on your source server, then you can migrate your certificate to the destination server. If you used a self-signed certificate on your server, it will not be migrated to the destination server. You must create a new self-signed certificate on the destination server and then distribute the new certificate to your desktops, laptops, or mobile devices using the certificate distribution tool.

Purchasing a trusted certificate is an inexpensive and convenient way to help secure business credentials and data. When you install a trusted certificate on Windows Small Business Server 2008, the certificate is distributed automatically to domain-joined clients, which means that administrators do not need to manually install the certificate package on computers or devices.

On the destination server, when running through the Getting Started Tasks, you should purchase and install the trusted certificate at the same place as running the Trusted Certificate wizard. If you already own a trusted certificate, consult the migration guide on how to migrate this certificate to the destination server.

You can generate a certificate installation package that can be distributed to non-domain-joined clients and then automatically install the certificates on those clients. To create the certificate installation package, open your organization's Internal Web site, and then under Announcements, click Install the server's security certificate on your remote computer. You can find more information on remote client connectivity on the Microsoft Web site.

Once the Windows Small Business Server 2008 server is configured the root certificate can be distributed. All domain clients require the self-signed certificate in order to connect to the network. Domain-joined machines will trust the self-signed certificate automatically. For remote clients or mobile devices, you must distribute the self-signed certificate to them using the certificate installation package or manually install the certificate on computers or devices.

No. The migration was designed so that existing client settings are maintained throughout the process.

Roaming profiles migrate much like document redirection. You change the destination server policy to use roaming profiles, and then the client computer must log on to the domain during the 21-day period while both servers are online. This will migrate the roaming profile to the new server.

The Administration Console is the best way to manage common tasks, such as adding a user. The Console is designed so that it makes technology-specific changes throughout Windows Small Business Server 2008, which helps reduce the likelihood of forgetting to make a change in one product or another using a technology-specific console. The technology-specific consoles are always available for advanced administrators with in-depth product knowledge.

Custom users or groups in Active Directory are migrated to the destination server, but they are not automatically configured to appear in the Administration Console. Please review the Migration Wizard task "Migrate user accounts and groups" for information on changing registry settings to enable you to manage the users and groups with the Administration Console.

The most likely cause is that the machine object is not present in the correct organizational unit (OU) in active directory. The SBS console will only display computers that are present in the \Domain Controllers, \MyBusiness\Computers\SBSServers, and \MyBusiness\Computers\SBSComputers OUs. Due to the way SBS 2008 manages the domain, it is imperative that the objects are in the correct locations. Otherwise SBS 2008 will not display them as there is no assurance the objects can be configured properly. By default, new computers appear in \MyBusiness\Computers\SBSComputers.

Depending on your network, certain tasks will take a little time, for example, getting all the clients up-to-date with security updates. Furthermore, there is always a chance for a client in your network to not be operating as expected, the health score card in the SBS console home page is there to provide you with a high level overview of the state of your network, you should also use the Network, Computers tab and the Security tab for insight on what might be triggering the alert.

Only antivirus programs that register with the Windows Security Center on client machines are displayed in the Administration Console. Client firewalls or domain connectivity issues can also prevent the server from querying the client and displaying the status. Windows XP computers that are joined to the SBS 2008 network but using a different subnet will need to have the firewall policy edited to allow for proper monitoring.

If you select replace permissions, any previous group membership that the user had will be removed, including memberships to custom security and distribution groups. It is recommended that you use add permissions when performing a migration.

You may need to open the following ports, depending on the services you want to make available:

• Port 25 TCP – SMTP (Outgoing Exchange e-mail)
• Port 80 TCP – HTTP
• Port 443 TCP – HTTPS (RWW, OWA, remote desktop or Terminal Server sessions)
• Port 987 TCP – External secure Companyweb access
• Port 1723 TCP – PPTP (VPN)

If port 80 is not open, then you must specify https:// for RWW connections; otherwise if port 80 is open you can use http:// and the session will be redirected automatically to port 443. If your router is configured to use UPnP, the Internet Address Management Wizard (IAMW) will open port 80.

You no longer need to open port 3389. Windows Small Business Server 2008 uses Terminal Services Gateway to redirect traffic from port 443 to a selected desktop or server for RDP connections. You would need to use RWW or configure the Terminal Services client to use TS Gateway.

The client trying to connect using TS Gateway must trust the certificate and have no certificate warnings. Any warnings will cause the connection to fail.

Windows Server 2008, the operating system for Windows Small Business Server 2008, has NAP support built in. If you want to deploy NAP on your network, follow the guidance provided on TechNet for Windows Server 2008. Windows Small Business Server 2008 does not directly configure or manage NAP; you must use the consoles provided by Windows Server 2008.

If your wireless hardware devices support WPA2-Enterprise then you can use it with Windows Server 2008-based technology, including Windows Small Business Server 2008. If you want to use WPA2-Enterprise on your network, follow the guidance provided on TechNet for Windows Server 2008. Windows Small Business Server 2008 does not directly configure or manage WPA2-Enterprise; you must use the consoles provided by Windows Server 2008.

All new user accounts added to a computer are assigned Standard User group membership by default, not Local Admins. However, if you use the Connect Computer wizard to import a user profile that already exists on the computer and the user account is already a member of the Local Admins group, then the user account keeps its current group membership. User membership in the Local Admins group can subsequently be changed in the Administration Console.

You can either choose not to install it during the setup phase of Windows Small Business Server 2008, or you can uninstall it later using Add/Remove Programs and then restarting the Administration Console.

The Administration Console's Security tab is extensible and will accept third-party add-ins for managing products. For more information on creating add-ins, you can download the Windows Small Business Server 2008 SDK from the Microsoft Web site.

No. ISA is no longer included in Windows Small Business Server 2008 Premium Edition and cannot be installed on the Standard Edition Server. If you want to run ISA, you would need to purchase a copy of ISA and then install it on the Premium Edition server. If you do so, it must be managed and monitored separately; it cannot be managed by the Administration Console.

Yes, during server deployment Windows SBS 2008 has a flexible setup for the trial services included in the product. Customers can choose whether to install or not to install the trial of OneCare for Server.  

There will be no file AV and AM protecting your server.  Of course Windows Server has a broad community of third party AV and AM alternative security options for file security.  Please view  Independent Software Vendors supporting Windows SBS 2008 at Launch .

To view a list of Windows Server third party AV/AM solutions visit the Windows Server Catalog . 

Security of a Small Business network is made up of many more defenses over and above file AV/AM, Windows SBS 2008 has other built in security features as described below.

While OneCare for Server and other alternative file AV solutions add file level virus and malware protection, the server is also secured by other layers of protection. This is necessary, for example, in the event a server administrator uses an internet browser from the server itself. This presents a potential risk for infection. Windows SBS 2008 ships with a depth of layers for file and network security. Forefront Security for Exchange (when installed as a 120-day trial with the option to subscribe) will help prevent entrance of viruses into the company via email. Windows Firewall provides protection upon server deployment that is designed to keep network aware viruses from entering the LAN from the server or connecting unauthorized to the server.  Another level of protection that comes with Windows SBS 2008 is Windows Server Update Services (WSUS) which provides automatic updates to both the server and client computers joined to the network. Windows Small Business Server during setup automates the configuration of many of these services meaning that tasks sometimes overlooked are in fact automated by SBS.

There are also the other ways to protect your server and client machines. It is possible that client machines can infect the server. Having a separate Domain Admin account that is not used on a daily basis, separates access to the server system from the clients through domain policies.  Properly defined and in place ACLs (Access Control List) adds security that helps prevent users from passing data between each other’s private files and the server operating system. This will help keep the server virus free even if clients do get infected. Windows Defender on all newer clients is designed to remove malware, from running on the client, helping prevent the spread of anything to the server. And, Windows SBS 2008 has a built in back-up solution engineered to help protect the server by doing a recovery from a backup copy of the server. The Administrator can, via a  (USB 2.0) restore process, roll the server back in time to a point prior to the virus entry into the system, and then take measures to prevent the access of the virus to the clean system.

When you install OneCare for Server and have not started the trial or subscribed, you will have OneCare for Server running but only protecting your server with the antivirus signature files that are present on the Windows SBS 2008 installation DVD. These signature files are dated from the time of RTM (Release To Manufacturing) and will only help protect you from malware listed within that signature file. Until OneCare for Server is subscribed to, there is minimal antivirus protection as you do not have the most up to date signature files; your server is at risk of infection.  When you activate the 120-day trial or subscribe to OneCare for Server new and updated signature files are updated regularly and provide you up to date protection.

Yes, you can remove the OneCare for Server from your SBS Server at any time. We recommend you replace OneCare for Server with another Windows Server 2008 solution. See the Independent Software Vendors supporting Windows SBS 2008 at Launch or view the WindowsServer Catalog of tested products.

Yes, you can uninstall OneCare for Server at any time .  We recommend you replace OneCare for Server with another Windows Server 2008 solution. See the Independent Software Vendors supporting Windows SBS 2008 at Launch or view the WindowsServer Catalog of tested products.

To uninstall OneCare for Server all you need to do is go to the Control Panel -> Programs and Features , select Windows Live OneCare, click Uninstall/Change  then follow the instructions to remove OneCare for Server. After uninstall has completed you will then need to refresh the Windows SBS 2008 Admin Console by closing it and restarting. OneCare for Server will now be removed from your Windows SBS 2008 Server, it will no longer appear on the SBS Admin Console Home or Security pages and tabs.  OneCare for Server is no longer part of the SBS reports. We recommend you replace OneCare for Server with another Windows Server 2008 solution. See the Independent Software Vendors supporting Windows SBS 2008 at Launch or view the WindowsServer Catalog of tested products.

Microsoft will ensure Windows Live OneCare for Server subscribers will remain protected for the duration of their trials and subscriptions; however, the new consumer security PC offering, code named “ Morro” that is being planned for the second half of calendar year 2009, currently does not include plans to support server operating systems. Once “ Morro” becomes available you will no longer be able to purchase the Windows Live OneCare for Server subscription service.  For information on other third party solutions, please see the Windows Small Business Server 2008 Supporting Applications list at http://www.microsoft.com/sbs/en/us/software-solutions.aspx .

Yes, several Microsoft partners announced support for antivirus protection in lieu of One Care for Server during the recent launch of Windows Small Business Server 2008, see Independent Software Vendors supporting Windows SBS 2008 at Launch .  Announcements will be made as more Microsoft partners provide security solutions for Windows SBS 2008.

If you are in the trial you can uninstall the trial per earlier instructions.  Then move to another Windows 2008 Server AV solution.

If you are in a paid subscription, Microsoft encourages you to remain on your OneCare for Server subscription in order to continue your protection.  Y ou do have the right to cancel your subscription at any time and choose a solution from a Microsoft security partner.

Yes, before you install another AV product you will need to ensure that OneCare for Server is not installed and running. To see if OneCare for Server is installed and running go toControl Panel -> Programs and Featuresand look in the listing of programs for Windows Live OneCare . If it is listed, then follow the steps as previously described to uninstall.

The SBS Admin Console and reports will notify you that the subscription is due for renewal. The Windows Live OneCare for Serverscreens will also present information on how many days are left before the subscription expires. 

Microsoft will ensure Windows Live OneCare for Server subscribers will remain protected for the duration of their trials and subscriptions.

No

Yes, the ISV integration into the Security page will still all be there.  You can find the Windows Small Business Server SDK here .

Yes, the ISV integration into the Security page will still all be there.  You can find the Windows Small Business Server SDK here .

Windows Small Business Server 2008 ships with version 2.5 of OneCare for Server.

  “ Morro ” is the code name for the new consumer security PC offering that is being planned for the second half of calendar year 2009.  As part of the current product plans, “ Morro” will not support server operating systems.  Once “ Morro” becomes available you will no longer be able to purchase the Windows Live OneCare for Server subscription service.

Should you still have additional questions, please visit the following:

SBS FAQ at www.microsoft.com/sbs/en/us/onecare.aspx

OneCare team blog athttp://windowsonecare.spaces.live.com

No. Terminal Services in Application Mode is disabled on the Standard Edition server. Two Terminal Services sessions are available using Terminal Services in Administration Mode to administer the server.

Yes, you can configure the Premium Edition server to run Terminal Services.

The Windows Small Business Server 2008 CALs do not include licenses for using Terminal Services on your network. If your users need to connect to a server running Terminal Services, you must purchase Terminal Services CALs for those users.

Supported virtualization scenarios for Windows Small Business Server 2008 are discussed here: http://technet.microsoft.com/library/dd239207.aspx.
For virtualization technologies other than Hyper-V™, see http://www.windowsservercatalog.com/svvp.aspx.

Windows Server 2008 provides the backup technology for Windows Small Business Server 2008. Windows Server Backup uses completely new technology for creating and restoring backups. Some of the more important features are using block-level backup and restore, for faster data copying, and using removable media such as optical or external drives. You can find out more information about Windows Server Backup in the TechNet Library.

When you first designate a backup destination, Windows Server Backup makes a complete copy of the volume you selected. Each backup event after that backs up only the blocks that have changed since the previous event. This means your backup destination always has a complete copy of your volume.

Yes. You can restore your entire server using Windows Server Backup.

Yes, but there are reservations. Your new server should be as similar in configuration as possible to the old server. For example, if you attempted to restore a server that used single hard disk drives to a server that used RAID arrays, the drivers would be incompatible and you would not be able to recover your data. For dissimilar systems, you should perform a new installation using the appropriate drivers, install your applications, and then restore the data from the backup.

It requires a combination of steps that include restoring the database to an alternate location and then using the Exchange 2007 native tools to complete the process. You need to use the tools from Exchange Server 2007 to restore a mailbox or a user's individual message.

No. Windows Server Backup is a local solution only; it cannot back up a source on the Internet, including Office Live.

DFS is built into Windows Server 2008 and is available in Windows Small Business Server 2008. If you want to use DFS you must use the technology-specific tools in Windows Server 2008 as there are no tools for configuring or managing DFS in the Administration Console.

Windows Server 2008, the underlying technology for Windows Small Business Server 2008, does not support for tape backup devices. If you require support for tape backup, contact your tape drive manufacturer for information about hardware and software compatibility with Windows Server 2008.

You can restore the data to Windows Small Business Server 2008 using NTbackup from the Microsoft Web site. The utility is read-only; you cannot use it to write back to your tape device.

The Move Data Wizard moves the Exchange store to a different volume. The Exchange log file remains on the same volume where Exchange was installed. You can change the log file location to another volume using the Exchange Management Console.

As part of the critical volume backup performed by SBS 2008, the system state information is backed up. If you need to perform a stand-alone system state backup, you must use the native Windows Server 2008 standard tool, WBADMIN.exe. You can find more information on the Microsoft Web site.

Once you add a backup device to your backup rotation that device will be formatted and the drive letter removed. That device is now a backup target and should not be used for any other activities.

You will need to create separate backups on the Premium Edition server using Windows Server Backup.

No, you cannot move Exchange Server 2007 from the first server.

Yes, but the Administration Console will not be able to manage them. You must install, configure, manage, and monitor the other servers separately.

No. Customers can use Outlook Web Access which provides most of the features of Outlook 2007 in a secure browser session.

Yes. The Exchange 2007 POP3 connector is available. However, it is recommended that you consider migrating to a hosting solution where you can receive e-mail using SMTP. The POP3 Connector is designed to provide new installs with the ability to have e-mail available right away using Exchange and thus moving the burden of mail checking from clients, but it is not designed or intended to be a long term solution.

Essentially there are no limits to the Exchange Server 2007 Standard Edition database size. By default, Exchange 2007 SP1 sets a limit of 250 GB that can be changed if needed. Also note that you can have up to 5 storage groups with a maximum of 1 database per group, meaning that you can have up to 5 databases. In SBS 2008 we use 2 storage groups (2 databases) by default. Realistically, database performance is dependent on number of processors; amount of RAM, speed of your I/O backplane and storage array configuration, so proper mailbox management policies should be in place to prevent creating back-pressure situations that would affect the server's performance.

Windows Small Business Server 2008 cannot participate in a cluster, and so Exchange Server cannot participate in CCR or single copy cluster (SCC) replication technologies. Exchange Server 2007 Standard Edition supports both local continuous replication (LCR) and standby continuous replication (SCR). LCR and SCR are not enabled by default. You would need a second Exchange 2007 Server license for SCR.

Yes, though you must be running Windows Mobile 5.0 (with the MSFP add-on installed), 6.0 or higher on the device. For more information on which features are supported in which version of Windows Mobile, see the chart at http://www.microsoft.com/windowsmobile/en-us/meet/version-compare.mspx.

The configuration wizards provided with SBS 2008 do not cover this scenario.

Remote Web Workplace (RWW) now provides access to Companyweb from the Internet.

You may need to open the following ports, depending on the services you want to make available:

• Port 25 TCP – SMTP (Outgoing Exchange e-mail)
• Port 80 TCP – HTTP
• Port 443 TCP – HTTPS (RWW, OWA, remote desktop or Terminal Server sessions)
• Port 987 TCP – External secure Companyweb access
• Port 1723 TCP – PPTP (VPN)

If port 80 is not open, then you must specify https:// for RWW connections; otherwise if port 80 is open you can use http:// and the session will be redirected automatically to port 443. If your router is configured to use UPnP, the Internet Address Management Wizard (IAMW) will open port 80.

You no longer need to open port 3389. Windows Small Business Server 2008 uses Terminal Services Gateway to redirect traffic from port 443 to a selected desktop or server for RDP connections. You would need to use RWW or configure the Terminal Services client to use TS Gateway.

This is a feature of Windows Server 2008 and is available to customers using Windows Small Business Server 2008. Note that you will need to install Remote Desktop Client version 6.0 on clients running Windows XP with SP2 or higher.

You can configure and leverage the functionality provided by Exchange 2007 Outlook Web Access to accomplish this. See http://technet.microsoft.com/en-us/library/aa998576(EXCHG.80).aspx.

The version of SQL Server 2008 included in Windows Small Business Server 2008 Premium Edition is "SQL Server 2008 Standard Edition for Small Business." It is technically equivalent to SQL Server 2008 Standard Edition but only licensed to run on a small-business network.

Yes, this is a supported scenario. However the SQL Server 2008 management tools will not install on the same server; you must install them on another server.

There are no database limitations on that version of SQL Server 2008. See http://www.microsoft.com/sqlserver/2008/en/us/standard.aspx.

SQL Server 2005 Standard Edition is provided as part of the Windows Small Business Server 2008 DVDs. If you choose to use your downgrade rights you can utilize the 2005 version with the same limitations that apply to SQL Server 2008. See the Licensing section of this FAQ for more information.

Support is usually determined by the individual product teams as they are the experts on what their product requirements or technical limitations are. For example, some products cannot be installed on a domain controller. As Windows Small Business Server 2008 is the root domain controller in the forest, this precludes installing that product on the server. However, by including a second copy of Windows Server 2008 in Windows Small Business Server 2008 Premium Edition, it provides a platform for other products that avoids some of the support limitations of the first server. In general, if the product is supported on Windows Server 2008, it should be supported on the Premium Edition server in Premium Edition. Check with the specific product groups for definitive guidance.

It is possible, but there are considerations to be aware of. UC requires significant expertise and experience with enterprise messaging technology; this experience is not common in the marketplace and thus it cannot be recommended as a general solution for small businesses. UC also requires significant additional investment in hardware, software, and client licenses that put it out of the reach of nearly all small business owners. Smaller, more appropriately-scaled communications technologies such as Microsoft Response Point are a preferred solution for small businesses.

You can migrate to Windows Essential Business Server 2008 or transition to the standalone Microsoft products. See the Solutions Pathway Overview for more information.

Support for Windows Small Business Server 2003 R2 follows the Microsoft Support Lifecycle guidelines found at http://support.microsoft.com/lifecycle/?p1=11699.

Yes, during server deployment Windows SBS 2008 has a flexible setup for the trial services included in the product. Customers can choose whether to install or not to install the trial of OneCare for Server.  

There will be no file AV and AM protecting your server.  Of course Windows Server has a broad community of third party AV and AM alternative security options for file security.  Please view  Independent Software Vendors supporting Windows SBS 2008 at Launch .

To view a list of Windows Server third party AV/AM solutions visit the Windows Server Catalog . 

Security of a Small Business network is made up of many more defenses over and above file AV/AM, Windows SBS 2008 has other built in security features as described below.

While OneCare for Server and other alternative file AV solutions add file level virus and malware protection, the server is also secured by other layers of protection. This is necessary, for example, in the event a server administrator uses an internet browser from the server itself. This presents a potential risk for infection. Windows SBS 2008 ships with a depth of layers for file and network security. Forefront Security for Exchange (when installed as a 120-day trial with the option to subscribe) will help prevent entrance of viruses into the company via email. Windows Firewall provides protection upon server deployment that is designed to keep network aware viruses from entering the LAN from the server or connecting unauthorized to the server.  Another level of protection that comes with Windows SBS 2008 is Windows Server Update Services (WSUS) which provides automatic updates to both the server and client computers joined to the network. Windows Small Business Server during setup automates the configuration of many of these services meaning that tasks sometimes overlooked are in fact automated by SBS.

There are also the other ways to protect your server and client machines. It is possible that client machines can infect the server. Having a separate Domain Admin account that is not used on a daily basis, separates access to the server system from the clients through domain policies.  Properly defined and in place ACLs (Access Control List) adds security that helps prevent users from passing data between each other’s private files and the server operating system. This will help keep the server virus free even if clients do get infected. Windows Defender on all newer clients is designed to remove malware, from running on the client, helping prevent the spread of anything to the server. And, Windows SBS 2008 has a built in back-up solution engineered to help protect the server by doing a recovery from a backup copy of the server. The Administrator can, via a  (USB 2.0) restore process, roll the server back in time to a point prior to the virus entry into the system, and then take measures to prevent the access of the virus to the clean system.

When you install OneCare for Server and have not started the trial or subscribed, you will have OneCare for Server running but only protecting your server with the antivirus signature files that are present on the Windows SBS 2008 installation DVD. These signature files are dated from the time of RTM (Release To Manufacturing) and will only help protect you from malware listed within that signature file. Until OneCare for Server is subscribed to, there is minimal antivirus protection as you do not have the most up to date signature files; your server is at risk of infection.  When you activate the 120-day trial or subscribe to OneCare for Server new and updated signature files are updated regularly and provide you up to date protection.

Yes, you can remove the OneCare for Server from your SBS Server at any time. We recommend you replace OneCare for Server with another Windows Server 2008 solution. See the Independent Software Vendors supporting Windows SBS 2008 at Launch or view the WindowsServer Catalog of tested products.

Yes, you can uninstall OneCare for Server at any time .  We recommend you replace OneCare for Server with another Windows Server 2008 solution. See the Independent Software Vendors supporting Windows SBS 2008 at Launch or view the WindowsServer Catalog of tested products.

To uninstall OneCare for Server all you need to do is go to the Control Panel -> Programs and Features , select Windows Live OneCare, click Uninstall/Change  then follow the instructions to remove OneCare for Server. After uninstall has completed you will then need to refresh the Windows SBS 2008 Admin Console by closing it and restarting. OneCare for Server will now be removed from your Windows SBS 2008 Server, it will no longer appear on the SBS Admin Console Home or Security pages and tabs.  OneCare for Server is no longer part of the SBS reports. We recommend you replace OneCare for Server with another Windows Server 2008 solution. See the Independent Software Vendors supporting Windows SBS 2008 at Launch or view the WindowsServer Catalog of tested products.

Microsoft will ensure Windows Live OneCare for Server subscribers will remain protected for the duration of their trials and subscriptions; however, the new consumer security PC offering, code named “ Morro” that is being planned for the second half of calendar year 2009, currently does not include plans to support server operating systems. Once “ Morro” becomes available you will no longer be able to purchase the Windows Live OneCare for Server subscription service.  For information on other third party solutions, please see the Windows Small Business Server 2008 Supporting Applications list at http://www.microsoft.com/sbs/en/us/software-solutions.aspx .

Yes, several Microsoft partners announced support for antivirus protection in lieu of One Care for Server during the recent launch of Windows Small Business Server 2008, see Independent Software Vendors supporting Windows SBS 2008 at Launch .  Announcements will be made as more Microsoft partners provide security solutions for Windows SBS 2008.

If you are in the trial you can uninstall the trial per earlier instructions.  Then move to another Windows 2008 Server AV solution.

If you are in a paid subscription, Microsoft encourages you to remain on your OneCare for Server subscription in order to continue your protection.  Y ou do have the right to cancel your subscription at any time and choose a solution from a Microsoft security partner.

Yes, before you install another AV product you will need to ensure that OneCare for Server is not installed and running. To see if OneCare for Server is installed and running go toControl Panel -> Programs and Featuresand look in the listing of programs for Windows Live OneCare . If it is listed, then follow the steps as previously described to uninstall.

The SBS Admin Console and reports will notify you that the subscription is due for renewal. The Windows Live OneCare for Serverscreens will also present information on how many days are left before the subscription expires. 

Microsoft will ensure Windows Live OneCare for Server subscribers will remain protected for the duration of their trials and subscriptions.

No

Yes, the ISV integration into the Security page will still all be there.  You can find the Windows Small Business Server SDK here .

Yes, the ISV integration into the Security page will still all be there.  You can find the Windows Small Business Server SDK here .

Windows Small Business Server 2008 ships with version 2.5 of OneCare for Server.

  “ Morro ” is the code name for the new consumer security PC offering that is being planned for the second half of calendar year 2009.  As part of the current product plans, “ Morro” will not support server operating systems.  Once “ Morro” becomes available you will no longer be able to purchase the Windows Live OneCare for Server subscription service.

Should you still have additional questions, please visit the following:

SBS FAQ at www.microsoft.com/sbs/en/us/onecare.aspx

OneCare team blog athttp://windowsonecare.spaces.live.com