Solved

Win2003 Small Business Server : Encryption

Posted on 2004-08-04
6
297 Views
Last Modified: 2010-04-19
I'm looking to install SBS2003 in the office, as we want to migrate from a Workgroup to a domain, vpn, Exchange, etc.

We'd like to use file encryption on the server, for additional security, since people want external access to the server (for admin) and workstations. Since we would only have one server machine (i.e. no backup domain controller), is encryption a good idea?

All the posts I've seen so far have related to recovering encrypted files from workstations / home pcs - and it doesn't seem like you can.

If this machine fails, will we loose our data on a re-install or can the data be resurected after a fresh install? Do I need to do anything special to enable restoration of data, or will it just be possible (which seems to remove the point of encryption!).

Thanks in advance for all your advice!

Ian.
0
Comment
Question by:ibradshaw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 500 total points
ID: 11720599
First, I would never run a single server in your domain.  You can install SBS on the first server, then add an additional Domain Controller afterwards, to give you some redundancy.

Regarding a failed server, just be sure you get VERY good backups of all your important data, including the System State.  You can use the built-in Ntbackup, or a third party utility like Veritas (which I recommend).

Encrypytion is a great idea.  Just be sure you have a Recovery Agent on the server, in case the admin needs to recover encrypted data.  The Recovery Agent is configured in Active Directory.  There is quite a bit written about this and a Google search will give you quite a few hits..

FE
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 11720648
Here is some extra reading for you..

Encrypting File System in Windows XP and Windows Server 2003

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Recovery of Encrypted Files on a Server

http://support.microsoft.com/default.aspx?scid=kb;en-us;283223&sd=tech

Creating a Recovery Agent

http://www.winnetmag.com/Article/ArticleID/24103/24103.html
0
 
LVL 2

Author Comment

by:ibradshaw
ID: 11735167
Just one quick question...

if we want an additional domain controller, does this mean buying two copies of SBS, or can we install it twice on two different machines?

Thanks for your help FE!

SBS with encryption and an updated backup policy seems the way to go.
0
Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 11735245
No...  you cannot install it on two different machines.  You may have noticed that you have to activate 2003 with MS, as you do the XP clients.  But, for a backup Domain Controller, you don't need SBS, but just the standard W2K3 server, which will save you a lot of $...  Just make sure that the SBS server is the first one installed on the Domain.  Then once installed, you can add your standard version 2003 server to the domain and configure it as your 2nd AD/DNS server....

Good luck, and thanks..!!

FE
0
 
LVL 2

Author Comment

by:ibradshaw
ID: 11735306
I thought it would be, just wondered if it had been setup to allow this since it was designed for small business's without much of an IT budget. - haven't bought anything yet! A few issues were still working through before we change over... now one less!

I would have thought you'd need two copies of SBS, so thanks for the advice! And saving us some cash!

Cheers

Ian.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 11735435
No problem..  if you have any other questions, come on back to EE and ask away..!!

Have a great weekend..

FE
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question