[AccessD] What a mess (otherwise known as "who owns things")

Bill Patten bill_patten at embarqmail.com
Tue Jun 2 12:27:12 CDT 2009


Hi John,

My solution, though I do not need my server up 24/7, is to have 2 plug in 
hard drives. Since my AD doesn't change very often, Once a month I shut down 
my server, plug in a second SATA drive, boot to Acronis and clone the 
server. Then I swap drives and re-boot. This assures that I do in fact have 
a good backup. I then set the old drive aside until next month. If you 
really need 24/7 then you probably do need a backup domain server.

I do backup other key files daily to my NAS.

By the way does WHS, backup the server?

Bill
----- Original Message ----- 
From: "jwcolby" <jwcolby at colbyconsulting.com>
To: "Access Developers discussion and problem solving" 
<accessd at databaseadvisors.com>
Sent: Tuesday, June 02, 2009 10:16 AM
Subject: Re: [AccessD] What a mess (otherwise known as "who owns things")


LOL, so now I have to leave THREE computers running 24/7/365.  WHS, Domain 
controller, BACKUP Domain
controller.

This is getting less and less desirable.

ATM there are 4 computers on 24/7, the WHS, my laptop, Mary's laptop and 
Robbie's laptop.  The two
SQL Server machines are relative power hogs simply because they have more 
powerful quad core
processors as well as anywhere from 8 to 16 disk drives in them.  I do not 
use them every day so I
turn them off between uses.

John W. Colby
www.ColbyConsulting.com


Jim Lawrence wrote:
> I think Drew is right on this... just a warning to make one computer a
> backup domain controller because if the Active Directory drive/computer 
> ever
> fails you could lose the security for the entire network and that has all
> sorts of really ugly ramifications.
>
> Jim
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Drew Wutka
> Sent: Monday, June 01, 2009 1:47 PM
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] What a mess (otherwise knbown as "who owns things")
>
> NTFS bases it's security on username/domain name, in a sort of hash.  If
> you rebuild a machine, but only one partition, other partitions aren't
> automatically set to be used by the new machine's credentials.  This is
> because an account on a local machine is not going to be quite the same
> as an account on the same machine with the OS reloaded.  So all the
> files/partitions will be 'foreign'.
>
> I know this is kind of annoying, but it is a failed attempt to provide
> security for your files.  NTFS can't really do that since it doesn't
> encrypt anything by default.  I have a program called Restore Pro 2000,
> which lets me recover anything from NTFS partitions (so you can format a
> drive, and I can recover the data....unless you do a low level 'zeroing'
> of that drive).  It completely ignores NTFS security, because it doesn't
> use Windows to read the drive, it is using lower level BIOS calls.  Very
> handy.  NTFS is only applicable if you are accessing folders/files
> through windows itself.  Even more bizarre is that Microsoft released an
> NTFS driver for Windows 9x, which allows a windows 9x machine to
> read/write to an NTFS partition...and it completely ignores the NTFS
> security flags.
>
> So, to answer your question about how to prevent this from happening, if
> you have a license (or 2) for Windows 2003 Server (or copies you are
> using), then I would recommend setting up a domain.  By setting up a
> domain, with Active Directory, you are centralizing your users and
> groups, so your login account will have the same permissions no matter
> what machine you are using.  (And if you wipe the C drive of a machine,
> and reinstall the OS, as soon as you join it to the domain, all your
> permissions are back!).  Setting up a domain controller can also make
> home networking WAY easier (and more efficient).  The DHCP, WINS and DNS
> servers available in a Windows Server are pretty easy to use, and
> provide some pretty slick options as to setting up pointers to what is
> what!
>
> Just my two cents though....
>
> Drew
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
> Sent: Sunday, May 31, 2009 10:07 PM
> To: Dba-Sqlserver; Access Developers discussion and problem solving
> Subject: [AccessD] What a mess (otherwise knbown as "who owns things")
>
> I rebuilt a server from C:\ format on up.  New Windows Server 2003 X64,
> New SQL Server 2005 etc.
>
> Now the current administrator (apparently) does not own the files on the
> raid arrays which of course
> survive quite nicely.  When I tried to attach a database it gave me an
> "insufficient rights" kind of
> error which I Googled and that tells me that I do not own the files.  I
> took ownership which worked
> (I can now attach),  but then I tried to attach and it said it couldn't
> because the files were read
> only.
>
> Only it DID the attach, and now I have a database in read only mode,
> which I cannot detach
> because... it is read only.
>
> Sigh.
>
> So... this invites MANY questions...
>
> 1) How do I take ownership of a disk drive on down and all the files on
> that disk drive?
> 2) Why are the files read only?
> 3) Now that I have one of the databases mounted (read only) how do I
> detach it so that I can make it
> read / write and reattach it?  Or how do I make it non-readonly?
>
> 4)Why did all of this happen?
> 5) Is there an easy way to prevent all this in the future?  I have a
> second server which I will be
> rebuilding when new parts get here mid week.  New motherboard /
> processor and 5 new terabyte drives
> for the server I rebuilt this weekend and 5 new drives for the one to be
> rebuilt next.  Obviously if
> there is something I can do in advance to prevent this mess I am all for
> that.
>
> In fact the new motherboard is the same motherboard as I have in the
> current rebuild, and my plan is
> to clone the boot drive and just use that clone in the new system.  I
> have gone to much trouble to
> get all the multitude of software installed etc so when I am done I HOPE
> to end up with two
> literally identical machines, other than the second machine having some
> additional storage (and a
> next generation processor).
>
> Any words of wisdom out there?
>
-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com




More information about the AccessD mailing list