[AccessD] What a mess (otherwise knbown as "who owns things")

jwcolby jwcolby at colbyconsulting.com
Mon Jun 1 22:46:45 CDT 2009


Oh, I forgot to mention I also run VMWare virtual machines.  Some Windows 2003 and some Windows XP.

John W. Colby
www.ColbyConsulting.com


jwcolby wrote:
> If it is so easy to set up, what would you charge me to remote in to my system and help me set it 
> up?  Would I be able to maintain a domain by myself?
> 
> I am definitely not a notwork guy.  I have a workgroup with NINE machines on it.  I have Windows 
> Home Server (Windows 2003), a Vista (Ultimate) based Windows Media Center machine, another Vista 
> (Ultimate) machine on my development laptop, TWO Server 2003 X64 based SQL Servers (I am rebuilding 
> both of them last / this week), and about 4 Windows XP Pro machines including my wife's laptop, my 
> son's laptop, a game machine, and a Piano / BandInABox workstation.
> 
> I currently use my hardware router / firewall as the dhcp server.
> 
> The Windows Home Server is the only machine that is on and connected 24/7/365, though I could leave 
> one of the SQL Server machines on all the time as well I suppose.  And while WHS runs Windows 2003, 
> I am not sure they particularly want it running as the domain controller.  Not that I care what they 
> want.  ;)
> 
> To be honest I have not heard good things about trying to run a domain in a home office but I am 
> willing to listen.
> 
> As for "recovering the data" I use Areca RAID Controllers running RAID 6 arrays, and the servers 
> WERE running on a partition on the RAID array.  I doubt that bios calls will make it through 
> hardware raid controllers?
> 
> John W. Colby
> www.ColbyConsulting.com
> 
> 
> Drew Wutka wrote:
>> NTFS bases it's security on username/domain name, in a sort of hash.  If
>> you rebuild a machine, but only one partition, other partitions aren't
>> automatically set to be used by the new machine's credentials.  This is
>> because an account on a local machine is not going to be quite the same
>> as an account on the same machine with the OS reloaded.  So all the
>> files/partitions will be 'foreign'.
>>
>> I know this is kind of annoying, but it is a failed attempt to provide
>> security for your files.  NTFS can't really do that since it doesn't
>> encrypt anything by default.  I have a program called Restore Pro 2000,
>> which lets me recover anything from NTFS partitions (so you can format a
>> drive, and I can recover the data....unless you do a low level 'zeroing'
>> of that drive).  It completely ignores NTFS security, because it doesn't
>> use Windows to read the drive, it is using lower level BIOS calls.  Very
>> handy.  NTFS is only applicable if you are accessing folders/files
>> through windows itself.  Even more bizarre is that Microsoft released an
>> NTFS driver for Windows 9x, which allows a windows 9x machine to
>> read/write to an NTFS partition...and it completely ignores the NTFS
>> security flags.
>>
>> So, to answer your question about how to prevent this from happening, if
>> you have a license (or 2) for Windows 2003 Server (or copies you are
>> using), then I would recommend setting up a domain.  By setting up a
>> domain, with Active Directory, you are centralizing your users and
>> groups, so your login account will have the same permissions no matter
>> what machine you are using.  (And if you wipe the C drive of a machine,
>> and reinstall the OS, as soon as you join it to the domain, all your
>> permissions are back!).  Setting up a domain controller can also make
>> home networking WAY easier (and more efficient).  The DHCP, WINS and DNS
>> servers available in a Windows Server are pretty easy to use, and
>> provide some pretty slick options as to setting up pointers to what is
>> what!
>>
>> Just my two cents though....
>>
>> Drew
> 



More information about the AccessD mailing list