Share via

SBS 2003 and 2008 BPA Updated

  • Article

[Today's post comes to us courtesy of David Copeland from Commercial Technical Support]

The configuration file for the SBS 2003 BPA has been updated with new rules. Some of the new checks include:

  • Check for IP restrictions set on the SMTP virtual server
  • Updated check for the OS DST update
  • Updated checks for WSUS Service Pack level
  • Check to see if the newer version of samsrv.dll is installed
  • Check to see if the Exchange organization is at the Exchange 2007 level, but the administrative group is missing
  • Check for WSUS deadlines
  • Check for legacy (NT v4.0) domain controllers
  • Check to ensure Administrators group is trusted for delegation
  • Check to ensure the primary group for the Administrator account is Domain Users

You can check to ensure that you have the latest version of the configuration file by clicking on the About the Best Practices Analyzer link on the left. This should show the Configuration File Version as 2.1.39.0. (as of 9/7/2010)

The configuration file for the SBS 2008 BPA has been updated with new rules. Some of the new checks include:

  • Check for the existence of a web.config file under the Rpcproxy directory
  • Check for the Rpcwithcert virtual directory’s authentication method
  • Check for the existence of the /RPC virtual directory on the default web site
  • Check to detect whether the Internet Address Management wizard (IAMW) has been run
  • Check to determine if IE’s enhanced security has been disabled on the server for Administrators
  • Check to determine if IE’s enhanced security has been disabled on the server for users
  • Updates to checks for the BackConnectionHostNames registry value
  • Updated text for the check to determine if running in a virtual machine
  • Check to ensure the Administrators group has logon as a batch job right
  • Updated text if the Windows SBS User Group policy is modified
  • Check for SSL client settings not being default on the /EWS virtual directory
  • Check for SSL client settings not being default on the /autodiscover virtual directory
  • Check for SSL client settings not being default on the /RPC virtual directory
  • Check for SSL client settings not being default on the /OWA virtual directory
  • Check for SSL client settings not being default on the /OAB virtual directory
  • Check for SSL client settings not being default on the root of the SBS Web Applications site
  • Check for large WSUS Administration web site logging directory
  • Check for large SBS Monitoring database
  • Check for Kernel mode Authentication being enabled
  • Updated check for Windows SBS Update Rollup being installed

You can check to ensure that you have the latest version of the configuration file by clicking on the About the Best Practices Analyzer link on the left. This should show the Configuration File Version as 2.1.60.0. (as of 9/7/2010)

Comments

  • Anonymous
    January 01, 2003
    I am sure this update will make troubleshooting easier. As a feedback - If SBS BPA can detect Virtualization.

  • Anonymous
    September 09, 2010
    Thanks for the update. One complaint though, SBS 2008 BPA still generates this error; "The host (A) resource record points to the incorrect IP address 10.0.0.110.0.0.21. The record should point to 10.0.0.1." As far as I am aware this isn't actually an error to be concerned about. Unless someone can suggest otherwise  can it be fixed in the next update?

  • Anonymous
    September 09, 2010
    I'm getting the new warning "Web.config exists in the Rpcproxy directory" There doesn't seem to be any other info supplied with this warning, What problem does this cause? Where did the file come from? Is there any reason that I might need the file?