by lunarg on December 17th 2009, at 22:39

Microsoft has invented Windows Small Business Server for small to medium businesses. This, in itself, is not a bad idea. It allows small businesses to enjoy the capabilities and functions of a Windows Server with Exchange and more, for a fraction of the price it would be when buying standard editions of the components.

Unfortunately, Microsoft's idea is that small businesses probably don't have IT outsourcing, so they wizard everything up, and basically add a whole bunch of constraints and this-is-how-you-should-do-it's. Although Microsoft isn't all that wrong about this policy, they forgot about the number one rule: less is more.

With SBS 2003, there were already quite a few specially crafted wizards present, but the basics remained the same: a Windows domain and Exchange on one machine. The wizard allowed for an easy configuration (which made life a bit easier, also for IT specialists).
In SBS 2008, designed in Microsoft's hazy, what-the-f*-were-you-thinking period (which, not entirely coincidentally, started with Vista), things took a turn for the worst: the SBS wizards became angry evil wizards that wanted to do everything for you, and yelled at you when you weren't doing things the way it wanted (anyone who deployed an SBS 2008 knows what I mean). But okay, all-in-all we won't let us be scared out of our minds, just because a Microsoft wizard tells us how dangerous the Internet is.

One of the things I can't get my head wrapped around is the idea of disabling the Administrator user, and creating a "regular" user with Administrator rights to manage the server. The disabling the administrator is to a certain point of view okay, because it reduces the chance of someone hacking away at your server and succeeding by using brute force attacks. But, the second bit, having a "regular" user with admin rights, is just beyond me. Now, you may be wondering "what's wrong with that?" ... well, in theory, nothing, accept for the fact that a diversity of policies which apply to regular users now also apply to the Administrator account. The big bad here is password expiration (which is sometimes bad), and account lock-out (which is very bad).

The result is evil: a locked-out server with no way in.
Does this mean it's a lost cause and reason for a lot of swearing and ultimately, reinstalling the thing (because who takes backups, right)? Well no, after some googling around I merged a bunch of posts and got myself a working (and tested) solution in this post.

Does this mean SBS 2008 is pure evil? Maybe not, although I'm pretty sure it's not the very last obstacle and annoyance of the product.
Microsoft seriously has to reconsider the whole idea behind an SBS. At least, they should add an option to install an SBS with the regular installation wizards, so an IT specialist is not being treated like a 6-year-old.