[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Win2003 Small Business Server : Encryption

Posted on 2004-08-04
Medium Priority
Last Modified: 2010-04-19
I'm looking to install SBS2003 in the office, as we want to migrate from a Workgroup to a domain, vpn, Exchange, etc.

We'd like to use file encryption on the server, for additional security, since people want external access to the server (for admin) and workstations. Since we would only have one server machine (i.e. no backup domain controller), is encryption a good idea?

All the posts I've seen so far have related to recovering encrypted files from workstations / home pcs - and it doesn't seem like you can.

If this machine fails, will we loose our data on a re-install or can the data be resurected after a fresh install? Do I need to do anything special to enable restoration of data, or will it just be possible (which seems to remove the point of encryption!).

Thanks in advance for all your advice!

Question by:ibradshaw
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 40

Accepted Solution

Fatal_Exception earned 2000 total points
ID: 11720599
First, I would never run a single server in your domain.  You can install SBS on the first server, then add an additional Domain Controller afterwards, to give you some redundancy.

Regarding a failed server, just be sure you get VERY good backups of all your important data, including the System State.  You can use the built-in Ntbackup, or a third party utility like Veritas (which I recommend).

Encrypytion is a great idea.  Just be sure you have a Recovery Agent on the server, in case the admin needs to recover encrypted data.  The Recovery Agent is configured in Active Directory.  There is quite a bit written about this and a Google search will give you quite a few hits..

LVL 40

Expert Comment

ID: 11720648
Here is some extra reading for you..

Encrypting File System in Windows XP and Windows Server 2003


Recovery of Encrypted Files on a Server


Creating a Recovery Agent


Author Comment

ID: 11735167
Just one quick question...

if we want an additional domain controller, does this mean buying two copies of SBS, or can we install it twice on two different machines?

Thanks for your help FE!

SBS with encryption and an updated backup policy seems the way to go.
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

LVL 40

Expert Comment

ID: 11735245
No...  you cannot install it on two different machines.  You may have noticed that you have to activate 2003 with MS, as you do the XP clients.  But, for a backup Domain Controller, you don't need SBS, but just the standard W2K3 server, which will save you a lot of $...  Just make sure that the SBS server is the first one installed on the Domain.  Then once installed, you can add your standard version 2003 server to the domain and configure it as your 2nd AD/DNS server....

Good luck, and thanks..!!


Author Comment

ID: 11735306
I thought it would be, just wondered if it had been setup to allow this since it was designed for small business's without much of an IT budget. - haven't bought anything yet! A few issues were still working through before we change over... now one less!

I would have thought you'd need two copies of SBS, so thanks for the advice! And saving us some cash!


LVL 40

Expert Comment

ID: 11735435
No problem..  if you have any other questions, come on back to EE and ask away..!!

Have a great weekend..


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question