locked
A little Confused RRS feed

  • Question

  • Hey,  First time posting really...

     

    I have a decent network at home for a family of three with three desktops all Win XP, one Laptop with Win XP, a Laptop with Win 7x64, and a Mac Book with OS-X SL.

    My main question is, if WHS has the DCpromo.exe file in it then why is it that for those of us who know how to use and setup domains don't have that available to us on this server rather than purchasing something that some of us can't really fudge the money for due to other things.  If the files are available then those of use that know how to use them should be given the ability to use them under advanced or power-user type environment.

    It really makes no sence to have the software on here and not be able to utilize the capabilities of the server to its best.  I was hoping to create a small domain for use in the family home for added control and protection of sensitive information and drives from visitors who are given access to the network so they can do their daily surfing.  Also it would provide protection from those unwanted guests that pop in on your network and having a domain controller would be an added layer of security.

     

     

    Friday, May 21, 2010 3:02 AM

Answers

  • Even though it's possible to use DCpromo and setup WHS as domain controller it's specifically prohibited in the WHS EULA. Considering the price of WHS when compared to SBS or server 2003 I think this is a reasonable requirement.

    While brubber is correct that you can run dcpromo, doing so changes the security model on your server and may (read will) break functionality down the road. Microsoft doesn't test or support this scenario, and the only way to recover is to copy your files off the server, wipe it, and start from scratch.

    The EULA restriction is because Microsoft does not intend that Windows Home Server be used as SBS "lite". It has a place in the small and micro business as a backup engine and simple file server, but complex line of business tasks that you would consider a standard server for are out of place on Windows Home Server.


    I'm not on the WHS team, I just post a lot. :)
    Friday, May 21, 2010 12:08 PM
    Moderator

All replies

  • Daniel,

    WHS is a product designed for the SOHO market. It is not designed nor intended to have Active Directory installed. If you need Active Directory at home, you might want to start looking at the Small Business Server line. WHS is built on Windows Server 2003, so yes, utilities and functionality exists that is not utilized in WHS. All of the functionality you need to make full use of the product and it's intended use is exposed in the WHS Console and extended with Add-Ins.

    To address your security concerns, WHS allows you to set permissions at the share level for user access. Ensure the Guest account is either disabled or does not have access to shares containing sensitive information and your house guests shouldn't be able to access that information. Authentication is handled using NTLM which should be secure enough for your needs. For your unwanted guests problem, this sounds like more of an issue that can be headed off with the appropriate settings on your wireless AP. WPA2 and equivalent encryption technologies on current SOHO wireless routers are quite secure. You may need to pick a stronger passphrase. You can also disable SSID broadcast and utilize MAC address filtering to tighten things up even more. And if you have someone sniffing your wire, well, you must have some pretty important information and might want to think about physical security. I hear the A-Team is looking for side gigs. :)

    HTH,

     

    Michael Wheatfill

    Friday, May 21, 2010 7:07 AM
  • Even though it's possible to use DCpromo and setup WHS as domain controller it's specifically prohibited in the WHS EULA. Considering the price of WHS when compared to SBS or server 2003 I think this is a reasonable requirement.
    Friday, May 21, 2010 9:12 AM
    Moderator
  • Even though it's possible to use DCpromo and setup WHS as domain controller it's specifically prohibited in the WHS EULA. Considering the price of WHS when compared to SBS or server 2003 I think this is a reasonable requirement.

    While brubber is correct that you can run dcpromo, doing so changes the security model on your server and may (read will) break functionality down the road. Microsoft doesn't test or support this scenario, and the only way to recover is to copy your files off the server, wipe it, and start from scratch.

    The EULA restriction is because Microsoft does not intend that Windows Home Server be used as SBS "lite". It has a place in the small and micro business as a backup engine and simple file server, but complex line of business tasks that you would consider a standard server for are out of place on Windows Home Server.


    I'm not on the WHS team, I just post a lot. :)
    Friday, May 21, 2010 12:08 PM
    Moderator
  • Then instead of spending the money on seting up another server, what methods can i try to limiting shared access to storage drives on one Desktop which has tax, billing, and personal E-mails from others connected to the network including those that are wired into the network.

    ...Network Description...

    PC1-Win XP Pro SP3

    PC2-Win XP Pro SP3

    PC3-Win XP Home SP2 - Has the storage drive shared

    WHS - Backing all PCs and Laptop 1

    Mac Book - OS X-Snow Leopard

    Laptop1 - Win XP Pro SP3

    Laptop2 - Win7 Pro

    Friday, May 21, 2010 1:00 PM
  • Then instead of spending the money on seting up another server, what methods can i try to limiting shared access to storage drives on one Desktop which has tax, billing, and personal E-mails from others connected to the network including those that are wired into the network.

    ...Network Description...

    PC1-Win XP Pro SP3

    PC2-Win XP Pro SP3

    PC3-Win XP Home SP2 - Has the storage drive shared

    WHS - Backing all PCs and Laptop 1

    Mac Book - OS X-Snow Leopard

    Laptop1 - Win XP Pro SP3

    Laptop2 - Win7 Pro

    Put your shares on your server; XP Home only permits sharing "to the world" with no access control beyond on/off. Then grant permission to only those users who should have access to that data. (You may need more than one share.)

    Also, you should be aware of two additional items. First, your client computer backups can be accessed by anyone with the console password; there is no protection beyond that. Second, assuming your users are using Outlook, you should keep your pst files local on each computer. Storing a .pst file on a network share will, eventually, result in corruption of the file and may result in significant loss of emails. This is documented in this KB article, and (again) it's a question of when you will lose data, not if.


    I'm not on the WHS team, I just post a lot. :)
    Friday, May 21, 2010 1:45 PM
    Moderator
  • Well, really don't care for the mail and really, the shared drive is to accessed by everyone in the family.  My only concern is those that decide to either delete or modify files on the drive without any permission to do so.  But not everyone should be able to modify it in any way.
    Wednesday, May 26, 2010 12:19 AM
  • Still nothing here is of help to me.  I'll test my theories in a Virtual Sandbox and see what happens for myself.

    I understand that Windows XP needs to be a Pro version to connect to a domain as well as have better security controls for sharing a device over the network.

    And also i have the WHS doing enough and that is the real reason i was thinking of revamping the server.

    All in all, Have a good day...

    Friday, June 18, 2010 10:01 AM