Win2003 Small Business Server : Encryption

Posted on 2004-08-04
Last Modified: 2010-04-19
I'm looking to install SBS2003 in the office, as we want to migrate from a Workgroup to a domain, vpn, Exchange, etc.

We'd like to use file encryption on the server, for additional security, since people want external access to the server (for admin) and workstations. Since we would only have one server machine (i.e. no backup domain controller), is encryption a good idea?

All the posts I've seen so far have related to recovering encrypted files from workstations / home pcs - and it doesn't seem like you can.

If this machine fails, will we loose our data on a re-install or can the data be resurected after a fresh install? Do I need to do anything special to enable restoration of data, or will it just be possible (which seems to remove the point of encryption!).

Thanks in advance for all your advice!

Question by:ibradshaw
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 40

Accepted Solution

Fatal_Exception earned 500 total points
ID: 11720599
First, I would never run a single server in your domain.  You can install SBS on the first server, then add an additional Domain Controller afterwards, to give you some redundancy.

Regarding a failed server, just be sure you get VERY good backups of all your important data, including the System State.  You can use the built-in Ntbackup, or a third party utility like Veritas (which I recommend).

Encrypytion is a great idea.  Just be sure you have a Recovery Agent on the server, in case the admin needs to recover encrypted data.  The Recovery Agent is configured in Active Directory.  There is quite a bit written about this and a Google search will give you quite a few hits..

LVL 40

Expert Comment

ID: 11720648
Here is some extra reading for you..

Encrypting File System in Windows XP and Windows Server 2003

Recovery of Encrypted Files on a Server;en-us;283223&sd=tech

Creating a Recovery Agent

Author Comment

ID: 11735167
Just one quick question...

if we want an additional domain controller, does this mean buying two copies of SBS, or can we install it twice on two different machines?

Thanks for your help FE!

SBS with encryption and an updated backup policy seems the way to go.
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

LVL 40

Expert Comment

ID: 11735245
No...  you cannot install it on two different machines.  You may have noticed that you have to activate 2003 with MS, as you do the XP clients.  But, for a backup Domain Controller, you don't need SBS, but just the standard W2K3 server, which will save you a lot of $...  Just make sure that the SBS server is the first one installed on the Domain.  Then once installed, you can add your standard version 2003 server to the domain and configure it as your 2nd AD/DNS server....

Good luck, and thanks..!!


Author Comment

ID: 11735306
I thought it would be, just wondered if it had been setup to allow this since it was designed for small business's without much of an IT budget. - haven't bought anything yet! A few issues were still working through before we change over... now one less!

I would have thought you'd need two copies of SBS, so thanks for the advice! And saving us some cash!


LVL 40

Expert Comment

ID: 11735435
No problem..  if you have any other questions, come on back to EE and ask away..!!

Have a great weekend..


Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain Share problems 5 70
Connecting two servers 30 92
What is this Task? 4 181
Exchange 2007 error after database repair #550 5.2.0 STOREDRV.Deliver error 5 111
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In a recent question ( here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question