jwcolby
jwcolby at colbyconsulting.com
Mon Jun 1 22:46:45 CDT 2009
Oh, I forgot to mention I also run VMWare virtual machines. Some Windows 2003 and some Windows XP. John W. Colby www.ColbyConsulting.com jwcolby wrote: > If it is so easy to set up, what would you charge me to remote in to my system and help me set it > up? Would I be able to maintain a domain by myself? > > I am definitely not a notwork guy. I have a workgroup with NINE machines on it. I have Windows > Home Server (Windows 2003), a Vista (Ultimate) based Windows Media Center machine, another Vista > (Ultimate) machine on my development laptop, TWO Server 2003 X64 based SQL Servers (I am rebuilding > both of them last / this week), and about 4 Windows XP Pro machines including my wife's laptop, my > son's laptop, a game machine, and a Piano / BandInABox workstation. > > I currently use my hardware router / firewall as the dhcp server. > > The Windows Home Server is the only machine that is on and connected 24/7/365, though I could leave > one of the SQL Server machines on all the time as well I suppose. And while WHS runs Windows 2003, > I am not sure they particularly want it running as the domain controller. Not that I care what they > want. ;) > > To be honest I have not heard good things about trying to run a domain in a home office but I am > willing to listen. > > As for "recovering the data" I use Areca RAID Controllers running RAID 6 arrays, and the servers > WERE running on a partition on the RAID array. I doubt that bios calls will make it through > hardware raid controllers? > > John W. Colby > www.ColbyConsulting.com > > > Drew Wutka wrote: >> NTFS bases it's security on username/domain name, in a sort of hash. If >> you rebuild a machine, but only one partition, other partitions aren't >> automatically set to be used by the new machine's credentials. This is >> because an account on a local machine is not going to be quite the same >> as an account on the same machine with the OS reloaded. So all the >> files/partitions will be 'foreign'. >> >> I know this is kind of annoying, but it is a failed attempt to provide >> security for your files. NTFS can't really do that since it doesn't >> encrypt anything by default. I have a program called Restore Pro 2000, >> which lets me recover anything from NTFS partitions (so you can format a >> drive, and I can recover the data....unless you do a low level 'zeroing' >> of that drive). It completely ignores NTFS security, because it doesn't >> use Windows to read the drive, it is using lower level BIOS calls. Very >> handy. NTFS is only applicable if you are accessing folders/files >> through windows itself. Even more bizarre is that Microsoft released an >> NTFS driver for Windows 9x, which allows a windows 9x machine to >> read/write to an NTFS partition...and it completely ignores the NTFS >> security flags. >> >> So, to answer your question about how to prevent this from happening, if >> you have a license (or 2) for Windows 2003 Server (or copies you are >> using), then I would recommend setting up a domain. By setting up a >> domain, with Active Directory, you are centralizing your users and >> groups, so your login account will have the same permissions no matter >> what machine you are using. (And if you wipe the C drive of a machine, >> and reinstall the OS, as soon as you join it to the domain, all your >> permissions are back!). Setting up a domain controller can also make >> home networking WAY easier (and more efficient). The DHCP, WINS and DNS >> servers available in a Windows Server are pretty easy to use, and >> provide some pretty slick options as to setting up pointers to what is >> what! >> >> Just my two cents though.... >> >> Drew >