[AccessD] What a mess (otherwise knbown as "who owns things")

jwcolby jwcolby at colbyconsulting.com
Mon Jun 1 16:52:56 CDT 2009 

If it is so easy to set up, what would you charge me to remote in to my system and help me set it 
up?  Would I be able to maintain a domain by myself?

I am definitely not a notwork guy.  I have a workgroup with NINE machines on it.  I have Windows 
Home Server (Windows 2003), a Vista (Ultimate) based Windows Media Center machine, another Vista 
(Ultimate) machine on my development laptop, TWO Server 2003 X64 based SQL Servers (I am rebuilding 
both of them last / this week), and about 4 Windows XP Pro machines including my wife's laptop, my 
son's laptop, a game machine, and a Piano / BandInABox workstation.

I currently use my hardware router / firewall as the dhcp server.

The Windows Home Server is the only machine that is on and connected 24/7/365, though I could leave 
one of the SQL Server machines on all the time as well I suppose.  And while WHS runs Windows 2003, 
I am not sure they particularly want it running as the domain controller.  Not that I care what they 
want.  ;)

To be honest I have not heard good things about trying to run a domain in a home office but I am 
willing to listen.

As for "recovering the data" I use Areca RAID Controllers running RAID 6 arrays, and the servers 
WERE running on a partition on the RAID array.  I doubt that bios calls will make it through 
hardware raid controllers?

John W. Colby
www.ColbyConsulting.com


Drew Wutka wrote:
> NTFS bases it's security on username/domain name, in a sort of hash.  If
> you rebuild a machine, but only one partition, other partitions aren't
> automatically set to be used by the new machine's credentials.  This is
> because an account on a local machine is not going to be quite the same
> as an account on the same machine with the OS reloaded.  So all the
> files/partitions will be 'foreign'.
> 
> I know this is kind of annoying, but it is a failed attempt to provide
> security for your files.  NTFS can't really do that since it doesn't
> encrypt anything by default.  I have a program called Restore Pro 2000,
> which lets me recover anything from NTFS partitions (so you can format a
> drive, and I can recover the data....unless you do a low level 'zeroing'
> of that drive).  It completely ignores NTFS security, because it doesn't
> use Windows to read the drive, it is using lower level BIOS calls.  Very
> handy.  NTFS is only applicable if you are accessing folders/files
> through windows itself.  Even more bizarre is that Microsoft released an
> NTFS driver for Windows 9x, which allows a windows 9x machine to
> read/write to an NTFS partition...and it completely ignores the NTFS
> security flags.
> 
> So, to answer your question about how to prevent this from happening, if
> you have a license (or 2) for Windows 2003 Server (or copies you are
> using), then I would recommend setting up a domain.  By setting up a
> domain, with Active Directory, you are centralizing your users and
> groups, so your login account will have the same permissions no matter
> what machine you are using.  (And if you wipe the C drive of a machine,
> and reinstall the OS, as soon as you join it to the domain, all your
> permissions are back!).  Setting up a domain controller can also make
> home networking WAY easier (and more efficient).  The DHCP, WINS and DNS
> servers available in a Windows Server are pretty easy to use, and
> provide some pretty slick options as to setting up pointers to what is
> what!
> 
> Just my two cents though....
> 
> Drew

More information about the AccessD mailing list