SBS 2003 and 2008 BPA Updated

  • Article

[Today's post comes to us courtesy of David Copeland from Commercial Technical Support]

The configuration file for the SBS 2003 BPA has been updated with new rules. Some of the new checks include:

  • Check for IP restrictions set on the SMTP virtual server
  • Updated check for the OS DST update
  • Updated checks for WSUS Service Pack level
  • Check to see if the newer version of samsrv.dll is installed
  • Check to see if the Exchange organization is at the Exchange 2007 level, but the administrative group is missing
  • Check for WSUS deadlines
  • Check for legacy (NT v4.0) domain controllers
  • Check to ensure Administrators group is trusted for delegation
  • Check to ensure the primary group for the Administrator account is Domain Users

You can check to ensure that you have the latest version of the configuration file by clicking on the About the Best Practices Analyzer link on the left. This should show the Configuration File Version as 2.1.39.0. (as of 9/7/2010)

The configuration file for the SBS 2008 BPA has been updated with new rules. Some of the new checks include:

  • Check for the existence of a web.config file under the Rpcproxy directory
  • Check for the Rpcwithcert virtual directory’s authentication method
  • Check for the existence of the /RPC virtual directory on the default web site
  • Check to detect whether the Internet Address Management wizard (IAMW) has been run
  • Check to determine if IE’s enhanced security has been disabled on the server for Administrators
  • Check to determine if IE’s enhanced security has been disabled on the server for users
  • Updates to checks for the BackConnectionHostNames registry value
  • Updated text for the check to determine if running in a virtual machine
  • Check to ensure the Administrators group has logon as a batch job right
  • Updated text if the Windows SBS User Group policy is modified
  • Check for SSL client settings not being default on the /EWS virtual directory
  • Check for SSL client settings not being default on the /autodiscover virtual directory
  • Check for SSL client settings not being default on the /RPC virtual directory
  • Check for SSL client settings not being default on the /OWA virtual directory
  • Check for SSL client settings not being default on the /OAB virtual directory
  • Check for SSL client settings not being default on the root of the SBS Web Applications site
  • Check for large WSUS Administration web site logging directory
  • Check for large SBS Monitoring database
  • Check for Kernel mode Authentication being enabled
  • Updated check for Windows SBS Update Rollup being installed

You can check to ensure that you have the latest version of the configuration file by clicking on the About the Best Practices Analyzer link on the left. This should show the Configuration File Version as 2.1.60.0. (as of 9/7/2010)