[AccessD] What a mess (otherwise knbown as "who owns things")

Drew Wutka DWUTKA at Marlow.com
Tue Jun 2 10:51:30 CDT 2009


Ok, did a little research before replying.  Apparently you can and can't
run a domain controller with WHS.  DCPROMO is there (which is what you
use to create a domain controller), however, the EULA disallows it, and
from what I am reading, after a week, the licensing kicks in and starts
shutting things down.  Not good.  So to run a domain, you need a full
blown Server OS.  (Windows NT 4 (which won't have Active Directory),
2000 Server, 2003 Server or 2008).  

Next, as far as RAID controllers and BIOS calls...yes, you can read a
drive that is on a RAID controller just like a regular drive, without
going through the OS.  A RAID controller 'mimics' a regular drive, so to
the BIOS, a striped or mirrored drive looks just like a regular drive.
Hardware level calls allow a program to read the actual sectors of a
drive, so your program needs to 'understand' the NTFS structure for
anything to make sense (or the FAT structure if it's a FAT partition).

Finally, if what you heard about 'home domains' is due to WHS, that
would explain things.  A domain and Active Directory is really not very
complex, or hard to setup.  Now, it IS a very powerful tool, and to use
it to it's fullest extent requires a lot of learning/training.  However,
it's basic functionality is very easy to setup and use, and can really
help with a lot of things.  I am going to post a little tutorial on how
to do setup a basic Active Directory domain, and to tie it into this
forum, at the end I am going to post some code that will show how you
can incorporate Active Directory capabilities into your Access
applications.  As developers, if you are not familiar with Active
Directory and domains, you are excluding clients that use such.  (And a
lot of my code actually works on a 'workgroup' machine too).

Drew

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Monday, June 01, 2009 4:53 PM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] What a mess (otherwise knbown as "who owns
things")

If it is so easy to set up, what would you charge me to remote in to my
system and help me set it 
up?  Would I be able to maintain a domain by myself?

I am definitely not a notwork guy.  I have a workgroup with NINE
machines on it.  I have Windows 
Home Server (Windows 2003), a Vista (Ultimate) based Windows Media
Center machine, another Vista 
(Ultimate) machine on my development laptop, TWO Server 2003 X64 based
SQL Servers (I am rebuilding 
both of them last / this week), and about 4 Windows XP Pro machines
including my wife's laptop, my 
son's laptop, a game machine, and a Piano / BandInABox workstation.

I currently use my hardware router / firewall as the dhcp server.

The Windows Home Server is the only machine that is on and connected
24/7/365, though I could leave 
one of the SQL Server machines on all the time as well I suppose.  And
while WHS runs Windows 2003, 
I am not sure they particularly want it running as the domain
controller.  Not that I care what they 
want.  ;)

To be honest I have not heard good things about trying to run a domain
in a home office but I am 
willing to listen.

As for "recovering the data" I use Areca RAID Controllers running RAID 6
arrays, and the servers 
WERE running on a partition on the RAID array.  I doubt that bios calls
will make it through 
hardware raid controllers?

John W. Colby
www.ColbyConsulting.com


Drew Wutka wrote:
> NTFS bases it's security on username/domain name, in a sort of hash.
If
> you rebuild a machine, but only one partition, other partitions aren't
> automatically set to be used by the new machine's credentials.  This
is
> because an account on a local machine is not going to be quite the
same
> as an account on the same machine with the OS reloaded.  So all the
> files/partitions will be 'foreign'.
> 
> I know this is kind of annoying, but it is a failed attempt to provide
> security for your files.  NTFS can't really do that since it doesn't
> encrypt anything by default.  I have a program called Restore Pro
2000,
> which lets me recover anything from NTFS partitions (so you can format
a
> drive, and I can recover the data....unless you do a low level
'zeroing'
> of that drive).  It completely ignores NTFS security, because it
doesn't
> use Windows to read the drive, it is using lower level BIOS calls.
Very
> handy.  NTFS is only applicable if you are accessing folders/files
> through windows itself.  Even more bizarre is that Microsoft released
an
> NTFS driver for Windows 9x, which allows a windows 9x machine to
> read/write to an NTFS partition...and it completely ignores the NTFS
> security flags.
> 
> So, to answer your question about how to prevent this from happening,
if
> you have a license (or 2) for Windows 2003 Server (or copies you are
> using), then I would recommend setting up a domain.  By setting up a
> domain, with Active Directory, you are centralizing your users and
> groups, so your login account will have the same permissions no matter
> what machine you are using.  (And if you wipe the C drive of a
machine,
> and reinstall the OS, as soon as you join it to the domain, all your
> permissions are back!).  Setting up a domain controller can also make
> home networking WAY easier (and more efficient).  The DHCP, WINS and
DNS
> servers available in a Windows Server are pretty easy to use, and
> provide some pretty slick options as to setting up pointers to what is
> what!
> 
> Just my two cents though....
> 
> Drew

-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
The information contained in this transmission is intended only for the person or entity 
to which it is addressed and may contain II-VI Proprietary and/or II-VI Business 
Sensitive material. If you are not the intended recipient, please contact the sender 
immediately and destroy the material in its entirety, whether electronic or hard copy. 
You are notified that any review, retransmission, copying, disclosure, dissemination, 
or other use of, or taking of any action in reliance upon this information by persons 
or entities other than the intended recipient is prohibited.





More information about the AccessD mailing list