Solved

2 questions Microsoft 2012 Server Essentials Small Business Server

Posted on 2016-08-17
13
50 Views
Last Modified: 2016-08-20
Is it possible to use this as a workgroup and Not as a domain?

Second is it possible and if so how to reduce the password security to less that 7 ?
0
Comment
Question by:kaman40
  • 3
  • 3
  • 2
  • +3
13 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
1) No. The Essentials SKU must be a domain controller and hold all FSMO roles.
2) Standard group policies apply here. Just edit the default domain policy to meet your needs. Not that I *ever* recommend weak passwords. 7 characters is not a lot and can often be rainbow tabled faster than it takes to pour a cup of coffee.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
Agree with Cliff and I think he meant to say "...*Never* recommend weak passwords."

I consider it foolish to do so - train your users.  Complex passwords are not hard with some simple rules...
0
 
LVL 22

Expert Comment

by:David Atkin
Comment Utility
Not really sure why you'd want to do this unless you're client OS's aren't Pro editions?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
C'mon Lee. "Not that I never" would be a double negative!  "Not that I ever recommend" is proper grammar in that instance and equates to "I never recommend" in context.  

Or we can debate the nuances of double negatives at summit in a few short months.  *evil grin*
1
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
I misread - on my screen Not is on the previous line and I guess my skimming made that look different... <g>
0
 

Author Comment

by:kaman40
Comment Utility
LOL thanks guys, It's just a weird setup and the owner of the system has had his system as a workgroup for 7 years running server 2003 and he had to buy the cals etc. The 2012 version has 25 users w/o cals etc. and he just didn't want to have the strict rules of this domain controller.  He is actually an isolated system so the strict pw are really necessary for this application, nor profiles etc.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:kaman40
Comment Utility
sorry meant to say unnecessary
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
You have to have CALs for Windows Server even if it's a workgroup. Doing *anything* with a Windows server requires CALs. That includes DNS, DHCP, and file storage. So if he has Windows versions that allow domain joining, get them on the domain. It makes things way way easier.

At any rate, 2012 Essentials does need to be a domain controller, and as such, to change the password requirements for users on the server is to create a GPO that modifies the password settings requirements and link it to the domain (Or you can use Fine Grained Password Policy). You can drop the minimum length down to 7 (or 0, actually) and disable complexity if you want to. The policy just won't apply to the domain users unless it's linked directly to the domain itself.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
Comment Utility
Let me correct Adam Brown on this...

Server 2012 Essentials does NOT need CALS ever.  

Let me also correct Dave Atkin...

It doesn't matter if workstations are Pro or Home version with Server 2012 Essentials -- any version of Windows can join an Essentials domain.

To change the password policy (even though none of us recommend doing this), follow these steps:

1.  Open the Windows Server Essentials Dashboard, and then click Users.
2.  In the Users Tasks pane, click Set the password policy.
3.  On the Change the Password Policy screen, set the level of password strength by moving the slider.
4.  Click Change policy.
2
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Just an FYI (because this seems to be a very common myth about windows passwords):
7 characters is not a lot and can often be rainbow tabled faster than it takes to pour a cup of coffee

This is only true if you're using a version of windows prior to Vista (XP and earlier) and haven't disabled storage of LM hashes. Since 2008 and Vista came out, LM hashes aren't stored by default. Those are the ones that have the full rainbow table mapped out in something the size of a CD. NT Hashes (Which use MD4) aren't nearly as thoroughly mapped, and the full rainbow table for up to 7 characters is 52GB or more.  If you have 8 characters, the rainbow tables are 460GB for the full keyspace. The rainbow tables available for NT hashing above 9 characters only include alpha-numeric characters with mixed case. Once you pass 10 characters, good luck finding a rainbow table that will fit on the average hard drive (also, the only tables available are alpha-numeric, lower case only).

You can't actually get the hash for a domain account from anything other than the Domain Controller. Workstations don't store it. Using Cached credentials on a Domain Joined computer actually stores a "validation" package that doesn't use NT or LM hashing. It uses a much more secure method, and cached credentials can't be used to authenticate against anything in the Domain. Rainbow tables on workstations will only get you local account access to the computer. You can't get domain access using a rainbow table unless you're able to log in to the DC with System level access, which means everything's pretty much broken anyway, and why do you need a Rainbow table if you have System account level access to the AD Database already? https://technet.microsoft.com/en-us/library/hh994565(v=ws.11).aspx for reference.
1
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Server 2012 Essentials does NOT need CALS ever.  

Did not know that. Thanks for the info :D
0
 
LVL 22

Expert Comment

by:David Atkin
Comment Utility
Thanks Jeffrey, I tried deleting my comment once I realised it was Essentials.  I was about a minute too late after Lee's comment.
0
 

Author Closing Comment

by:kaman40
Comment Utility
Thank you that was the best and most precise answer. I wasn't sure about the domain as I was questioning whether there was a registry hack to change to workgroup.  This is a small office and the basic premise was a workgroup is fine and he doesn't need the level of security a domain provides. Everything is currently on 2003 server but just as a data storage. There is only one main file and it is just mapped to each workstation.  The sole purpose was upgrading to a larger server that can handle more memory and storage and keep the system as it is.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now