Also SBS assumes domain, so even if you don't stash your computers into domain (you can't add home versions of Windows to domain), you will need domain user accounts to access file shares.

It's not a problem to live with such server, even if your computer is not in domain as you just tell windows to memorize username (domain\user) and password for \\server\share

Also you will be able to use exchange and then you can give up blacberry for iOS/Android/Windows/Symbian phone.

Whs does not offer domain controlling out of the box.

I have no desire to change to another phone. My BB works seamlessly with my Playbook.

Amazing what a rebuild of the server can do. Must have screwed something up the first time, not clue what that would be. That is an issue of course as I lose a sense of control not bening able to actually correct a possible error of mine.

Anyway, first client connected flawlessly and backed up.

Now the challenge is with getting automatic backups of another client that uses truecrypt (7.0a, including boot loader). How the heck am I going to get the server to wake it up and provide the bootloaders' password? Probably not possible.

That client has a lot of sensitive data that I need to protect from theft. Going to try and encrypt the server as well even though it will be placed rather out of sight. Automatic rebooting of the server might be an issue but I intend to solve that by using a usb flash drive. One might ask how that protects against theft as the drive would be stolen as well. Luckily I have a hole in the floor near the servers' location and I will attach the usb stick through a USB cable and fix it below the floor so that they can only steal the server easily without the usb stick.

Just built a WHS 2011 system this week. Remembered this old thread and decided to poke through it.

Do you need the bootloader password coming out of sleep? Sleep should bypass the boot loader. Hibernate won't, I can see that as a problem.

Are you talking about BitLocker or TruCrypt on the WHS? BitLocker is built into WHS 2011.



You either need a USB thumb drive or a TPM module on the motherboard to get it working. If you go USB you only need it for boot time, then you can unplug and hide it until the next reboot.

Hah, how you like it? For me, n00b that I am nowadays, it works like a charm.

Out of sleep? No clue, would need to check, LOL, but is sleep destroyed when power is taken off? Otherwise an adversary would at least get one shot at getting all the data. In fact, if sleep bypasses the boot loader I should tell the user not to put it to sleep when leaving the machine.

In any case, it is a moot point for us. We have little data and WHS only backups differentially so it is no problem. I set it to backup between 12 pm and 6 am and it works during the day.

I have not done it yet but I guess I'll go the bitlocker way with the WHS given that it is build-in. I assume cheap mobo's don't have TPM chips by default but IIRC the it did have a connector for a module. Appear to be hard to get. Was thinking of a thumbdrive indeed but permanently connected to the server. Not as secure as possible but good enough given the expected type of adversary we'll have to deal with.

What type of adversary are you taking into account?

Drive encryption like Bitlocker or Truecrypt is rather useless if you have access to a live physical machine. The encryption key can always be extracted from memory (ports with hardware DMA give an easy way to read the memory).

The only safe encrypted drive is one when there is no machine powered on that has access with decryption key. (And of course you keep the decryption key out of reach).

So e.g. a combo of a notebook + usb boot key is nice to have, if you always have the notebook powered down when it might be compromised. As Jammrock noted, 'S3 sleep' is equivalent to the machine running, since the memory is still powered with all its contents.

I really like WHS 2011 so far. It's good even for tech geeks like me. It's a far better product than the original. I'm actually really surprised at all the built-in preconfigured features.

The breach dZeus is talking about is still a pretty high tech hack. The average joe thief can't do it. And if they power off the system for any reason they lose all chance of stealing your encryption key from memory.

But he is right about physical security. The harder it is to access your box the safer your data is.

Indeed, my type of expected adversary is a common thief breaking in but curious enough to take a look at the data on the hard drive. Physical access to the machine is possible but it is headless and in a place where it is not only hidden but kinda hard to attach devices to. Still, given time and a burglar who is confident enough he can fool around undisturbed for a while and has some skilzzzz, yeah, we'd be screwed.

It's not like the data is national security sensitive, so I am guessing that if the data ever leaked, we should be able to argue that we took reasonable precautions.

Thx on the S3 sleep info. Policy here (in my house that is) is to simply turn off / power down.

I did not know WHS V1, when I started to think about WHS, Vail beta came around shortly thereafter so I've been reading a bit for a long time.

Aside from my initial issue, which I think points to issues arising when the initial install of WHS 2011 hasn't been flawless, it has worked like a charm.

Two buggers though:
- The lauchpad, It is HUGE and won't start minimised. It's either on or off.... Also with 55MB memory use for a mere four shortcuts, it does appear a bit bloated.
- No backup-notification. When a backup starts, there should be a simply msg (like what you get when adding new hardware in the bottom right corner) and, preferably, when restarting/shutting down a msg if backup is still proceeding with the option to postpone till finalising backup.

Things I need/want to do:
- Get SMART monitoring for noobs on HDs. I run HDs which (I just found out) are not specced for 24/7 but rather 8/7(?!?).
- Related to this I should check energy savings settings etc to reduce wear and tear perhaps.
- Torrent add-in, thinking about this. I currently have a seperate machine for these things which is on the network but not a server. You never know what it is you get with torrents I guess so not entirely sure you should want anything like that on or near the server.
- Test restore.....

WHSuTorrent is available as an add-in. It's alpha and people have mixed reviews, but you can give it a shot. Microsoft could never put something like that in there. They have too close ties to the media industry, who would go ballistic if MS put that in by default. That's why they made an API to create add-ins...

I'm never awake when backups kick off so I don't notice it. I put mine to sleep and let WHS wake them up for backups. I remember the old version used to pop up a balloon in the notification area, but it went away after 10 seconds. I don't know about this version.

There is an add-in called Lights Out that may interest you. It's a power saving program that automates computer power states and monitors some of the power saving characteristics. Not free, but not poorly priced.



As for SMART...Windows does that automatically, but there is also a SMART monitor add-in:




In other words, WeGotServed.com is great place to look for WHS add-ins

Yeah, I've been reading over there for about 2 years now (to bad they don't have a Soap Box forum ). The uTorrent add-in is not only alpha, it is no longer being developed. WGS-posts give alternatives though. When I find time I may look into those.