Microsoft Internet Security and Acceleration (ISA) Server, Networking, and Security
Windows Small Business Server 2003 R2: Frequently Asked Questions
This FAQ answers frequently asked questions about Networking and Security with Windows Small Business Server 2003 R2 (SBS 2003 R2). Click a question to view its answer. To view all the answers at one time, select the View all answers check box.
ISA Server, Networking, and Security
| Q. | Can I install ISA 2006 on SBS 2003 R2? |
| A. | No. There have been significant changes to the ISA product architecture, and the configuration and management tools unique to SBS 2003 R2 do not support the new version. If you require the new enterprise-level features found in ISA 2006 such as Web proxy chaining, you should consider installing a separate server running Windows Server 2003 and ISA 2006. |
| Q. | How do all the firewall components (server-side and client-side) work together to protect my network? |
| A. | Server and client firewalls are completely different in how they are used and managed, and so different tools are required. On the server, SBS 2003 R2 leverages firewall services provided by either RRAS or ISA Server 2004 (Premium Edition only), and these provide defense against external threats such as hackers or malicious attacks. On the client side, if you’re running Windows XP on your desktop, the Windows Firewall is enabled and the group policies are configured to integrate with the services provided by the SBS 2003 R2 network. This helps provide defense against internal threats, such as viruses or malware that get past your firewall. |
| Q. | How does SBS 2003 R2 handle limited user rights for installation and updates of desktop software? |
| A. | There are two parts to this question. First, the client setup program adds the domain user to the Local Administrators group, which allows SBS R2 to install the necessary components with the user’s credentials at log-on time. Second, for patches and updates to Microsoft software, Windows Server Update Services is now a part of SBS 2003 R2. The patch and update files, such as Office 2003 service packs, are downloaded once and stored in SBS. By default, critical and security updates, and service packs, are automatically distributed to clients; critical and security updates are automatically distributed to servers. A report is then generated showing you which computers have been patched, when they were patched, and the result. |
| Q. | How do you define "authenticated access"? |
| A. | Authenticated access is defined as an exchange of user or application credentials between the server software and a user or a device. An example of unauthenticated access is unidentified users browsing your public Web site. SBS CALs are not required for these users. |
| Q. | Does SBS 2003 R2 support hardware firewall devices? |
| A. | SBS 2003 R2 fully supports external hardware firewall devices. SBS 2003 R2 can automatically detect and configure many Universal Plug and Play (UPnP) devices by using the Configure E-Mail and Internet Connection Wizard. If your hardware firewall device does not support UPnP, you can still use the device with your server. Consult the documentation that came with the device to manually configure firewall settings. |
| Q. | Can I use another device to provide DHCP addressing on my network, rather than using SBS 2003 R2? |
| A. | Many routers are capable of providing DHCP addressing for devices on a network. You can use such a device, but a better solution is to let SBS 2003 R2 provide addressing services. The server management tools make extensive use of DHCP, DNS, and Active Directory services to manage and monitor desktops and servers on your network, so it is advantageous to have all the services centrally configured and managed. If you are installing SBS 2003 R2 for the first time on a network, you should turn off DHCP addressing on your other devices in order to avoid any addressing or management conflicts. |
