Microsoft Windows Small Business Server 2011 Best Practices Analyzer Privacy Statement

  • Article

Updated: December 3, 2010

Applies To: Windows Small Business Server 2011 Standard

To view the most recent version of this privacy statement, go to the Microsoft website (https://go.microsoft.com/fwlink/?LinkID=206073).

Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft Windows Small Business Server 2011 Best Practices Analyzer (Windows SBS 2011 BPA). This statement focuses on features that communicate with the Internet. It does not apply to other online or offline Microsoft sites, products, or services.

Windows SBS 2011 BPA can help you maintain a high level of system health by providing you with a report that identifies issues, including best practice violations, for either Windows Small Business Server 2011 Standard or Windows Small Business Server 2011 Essentials. Only a user account with network administrator permissions can initiate a Windows SBS 2011 BPA scan. Windows SBS 2011 BPA performs Windows Small Business Server application and configuration level verification by reading and reporting only. Windows SBS 2011 BPA does not modify any system settings. Scan reports may direct users to online Knowledge Base articles and update publication sites at the Microsoft website to retrieve more information about specific issues.

Collection and Use of Your Information

Information that is collected by or sent to Microsoft is used by Microsoft and its controlled subsidiaries and affiliates to enable the features that you are using and to provide the services or carry out the transactions that you have requested or authorized. The information may also be used to analyze and improve Microsoft products and services.

We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates.

In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area.

Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose.

Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets.

Information that is collected by or sent to Microsoft by Windows SBS 2011 BPA may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland.

Collection and Use of Information about Your Computer

When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the websites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well.

The privacy details for each Windows SBS 2011 BPA feature, software, or service that is listed in this privacy statement describe what additional information is collected and how it is used.

Security of your information

Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities.

Changes to this privacy statement

We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "Updated" date at the beginning of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information.

For More Information

Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us by e-mail at sbsprvcy@microsoft.com or by postal mail at:

Windows Small Business Server 2011 Privacy

Microsoft Corporation

One Microsoft Way

Redmond, WA 98052  USA

Specific Features

The remainder of this statement addresses specific features of Microsoft Windows Small Business Server 2011 Best Practices Analyzer.

Windows SBS 2011 BPA Automatic Updates

What This Feature Does

Windows SBS 2011 BPA helps provide a high level of system health by automatically examining the server and generating a list of issues and warnings of any best practice violations. Microsoft periodically releases updates to the Windows SBS 2011 BPA tool. The updates may include new health scan rules and features.

If you have Internet connectivity, and have chosen to download automatic updates, Windows SBS 2011 BPA uses Microsoft Update to download and install updates associated with the Windows SBS 2011 BPA.

Choice/Control

This feature is off by default. When you install Windows SBS 2011 BPA, you can choose to automatically download updates for the tool. To do so, select the Automatically download updates for the Microsoft Windows SBS 2011 BPA checkbox during setup. Thereafter, when an update for Windows SBS 2011 BPA is available, a message dialog will appear and prompt you to install the update. You can choose to install or cancel the update.

To opt out of automatic updates for Windows SBS 2011 BPA after it is installed, the network administrator must uninstall Windows SBS 2011 BPA and then install the tool again. During reinstallation, clear the Automatically download updates for the Microsoft Windows SBS 2011 BPA check box to opt out of the service.

Important Information

When you opt in to Windows SBS 2011 BPA Automatic Updates, the server update configuration does not change. For more details about what information is collected and how it is used, see Update Services Privacy Statement at the Microsoft website (https://go.microsoft.com/fwlink/?LinkID=193006).

Windows SBS 2011 BPA Server Health Scan Rules

What This Feature Does

Windows SBS 2011 BPA scans the server to verify if specific configurations are set according to the recommended best practices.

Information Collected, Processed, or Transmitted

In this release, Windows SBS 2011 BPA contains basic functionalities including deployment, Windows SBS 011 console integration, self-update from Microsoft Update, and basic health tests with a set of 42 rules that verify the Microsoft Baseline Configuration Analyzer 2.0 engine. No information is sent to Microsoft.

The rules that are contained in this release are the minimum required. Microsoft may make additional rules available later through Microsoft Update and also on the Microsoft Download Center. The rules included with this release include:

  • The internal network adapter must be assigned only one IP address

  • IP filtering must be disabled

  • The server must be able to ping the IP address of the default gateway

  • The server can ping the IP address of the default gateway

  • The Internet Protocol Version 6 (TCP/IPv6) should be enabled

  • The kernel mode authentication should be disabled

  • Hyper-V role should not be added to the Windows SBS 2011 server

  • The MSDTC service should be set to start automatically by default

  • The Netlogon service should be configured to start automatically by default

  • The DNS Client service should be configured to start automatically by default

  • The DNS Server service should be configured to start automatically by default

  • The DHCP Client service should be configured to start automatically by default

  • The IIS Admin service should be configured to start automatically by default

  • The World Wide Web Publishing service should be configured to start automatically by default

  • The Remote Registry service should be configured to start automatically by default

  • The Windows SBS Manager service should be configured to start automatically by default

  • The Remote Desktop Gateway service should be configured to start automatically by default

  • The Windows Time service should be configured to start automatically by default

  • The Windows Update service should be set to start automatically by default

  • The MSDTC service should be started

  • The Netlogon service should be started

  • The DNS Client service should be started

  • The DNS Server service should be started

  • The Windows Update service should be started

  • The DHCP Client service should be started

  • The IIS Admin service should be started

  • The World Wide Web Publishing service should be started

  • The Remote Registry service should be started

  • The Windows SBS Manager Service should be started

  • The Remote Desktop Gateway service should be started

  • The Windows Time service should be started

  • The MSDTC service should be the NT AUTHORITY\Network Service account as its logon account

  • The Netlogon service should use the Local System account as its logon account

  • The DNS Client service should use the NT AUTHORITY\Network Service account as its logon account

  • The DNS Server service should use the Local System account to as its logon account

  • The Windows Update service should use the Local System account as its logon account

  • The DHCP Client service should use the NT AUTHORITY\LocalService account as its logon account

  • The IIS Admin Service service should use the Local System account as its logon account

  • The World Wide Web Publishing service should use the Local System account as its logon account

Use of Information

Windows SBS 2011 BPA does not send scan results to Microsoft. Network administrators can view a report of scan results from within the Windows SBS 2011 BPA user interface.

Choice/Control

When you install Windows SBS 2011 BPA, you can choose to run a BPA scan on the server each day by selecting the Integrate Microsoft Windows SBS 2011 BPA scan results into the Windows SBS Console option on the Prepare to install the Microsoft Windows SBS 2011 Best Practices Analyzer page of the setup wizard. You can also manually initiate a BPA scan at any time.