Win2003 Small Business Server : Encryption

I'm looking to install SBS2003 in the office, as we want to migrate from a Workgroup to a domain, vpn, Exchange, etc.

We'd like to use file encryption on the server, for additional security, since people want external access to the server (for admin) and workstations. Since we would only have one server machine (i.e. no backup domain controller), is encryption a good idea?

All the posts I've seen so far have related to recovering encrypted files from workstations / home pcs - and it doesn't seem like you can.

If this machine fails, will we loose our data on a re-install or can the data be resurected after a fresh install? Do I need to do anything special to enable restoration of data, or will it just be possible (which seems to remove the point of encryption!).

Thanks in advance for all your advice!

Ian.
LVL 2
ibradshawAsked:
Who is Participating?
 
Fatal_ExceptionConnect With a Mentor Commented:
First, I would never run a single server in your domain.  You can install SBS on the first server, then add an additional Domain Controller afterwards, to give you some redundancy.

Regarding a failed server, just be sure you get VERY good backups of all your important data, including the System State.  You can use the built-in Ntbackup, or a third party utility like Veritas (which I recommend).

Encrypytion is a great idea.  Just be sure you have a Recovery Agent on the server, in case the admin needs to recover encrypted data.  The Recovery Agent is configured in Active Directory.  There is quite a bit written about this and a Google search will give you quite a few hits..

FE
0
 
Fatal_ExceptionCommented:
Here is some extra reading for you..

Encrypting File System in Windows XP and Windows Server 2003

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Recovery of Encrypted Files on a Server

http://support.microsoft.com/default.aspx?scid=kb;en-us;283223&sd=tech

Creating a Recovery Agent

http://www.winnetmag.com/Article/ArticleID/24103/24103.html
0
 
ibradshawAuthor Commented:
Just one quick question...

if we want an additional domain controller, does this mean buying two copies of SBS, or can we install it twice on two different machines?

Thanks for your help FE!

SBS with encryption and an updated backup policy seems the way to go.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
Fatal_ExceptionCommented:
No...  you cannot install it on two different machines.  You may have noticed that you have to activate 2003 with MS, as you do the XP clients.  But, for a backup Domain Controller, you don't need SBS, but just the standard W2K3 server, which will save you a lot of $...  Just make sure that the SBS server is the first one installed on the Domain.  Then once installed, you can add your standard version 2003 server to the domain and configure it as your 2nd AD/DNS server....

Good luck, and thanks..!!

FE
0
 
ibradshawAuthor Commented:
I thought it would be, just wondered if it had been setup to allow this since it was designed for small business's without much of an IT budget. - haven't bought anything yet! A few issues were still working through before we change over... now one less!

I would have thought you'd need two copies of SBS, so thanks for the advice! And saving us some cash!

Cheers

Ian.
0
 
Fatal_ExceptionCommented:
No problem..  if you have any other questions, come on back to EE and ask away..!!

Have a great weekend..

FE
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.