The BYOB Podcast

The BYOB Podcast


BYOB Episode 139

February 08, 2014

Today I am joined by Christopher Courtney (aka: Drashna) to dig deeper into the topic of running a domain at home.  As enthusiasts, we will be faced with the potential of making the choice to either upgrade to Windows Server 2012 Essentials or possibly to look for other solutions.  Our discussion today deals with exploring all the benefits and drawbacks to running a domain at home.  After talking today with Chris, I now have a different perspective and viewpoint on this topic.  I would like to thank Chris for joining me today and enlightening us with his experience and views.  In addition we also discuss an update to Plex which breaks Blu-Ray folder metadata and changes how I am using it.   Show Outline Why do you need a domain at home?

* Most people don’t
* If you have a larger number of computers, it makes management easier
* If you have a few computers that everyone shares

What is a Domain/Domain Controller?

* It’s an Authentication Server, basically

* Authenticates users on multiple machines
* Verifies security

* Specifically, it allows one user account (a domain user) to access “resources” on multiple machines with the same username and password

What does a domain allow you to do?

* Authenticate users (yes, this is a running theme and the main point of domains/active directory)
* Enforce security/group policies

* Folder Redirection? Part of the “Implement Group Policy” feature in Essentials

* Sets user folders (Contacts, Favorites, Downloads, Desktop, Documents, Pictures, Music, Videos) to use a Network share location by default, and to be synced between domain PCs
* Sets these files up in “Offline File Sync” so they are available if you don’t have access to the server, such as “Out of Office”

* Push MSI installations such as:

* Google Chrome for Enterprises
* StableBit Products
* TightVNC
* PDF Readers

* Most any other MSI

* Anything that uses “secpol.msc”, aka Security Policies

* CryptoLocker Prevention Kit http://msmvps.com/blogs/bradley/archive/2013/10/15/cryptolocker-prevention-kit.aspx
* WHSv1’s Windows 7 x64 Password Conflict issue http://homeservershow.com/windows-7-rc-x64-whs-password-conflict.html
* Disabling SMB Signing http://mctexpert.blogspot.com/2011/02/disable-smb-signing.html

* Anything that uses “gpedit.msc”, aka “Group Policy Editor”

* BitLocker without TPM? www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
* Disabling the annoying new computer wizard in Windows 8
* Enabling Remote Management of Event Viewer, Devices, and Disks
* Configure Windows Update settings, and even allow configuration for a WSUS server
* And many, many other things that you can control via Group Policy, includes Start8 settings.

* Organize and manage your network This is a bit more technical, and many not be needed in a home environment

* OU’s
* Volume Licensing Activation via the Key Management Services

* Domain Name Server (DNS)

* DNS is the back bone of Active Directory/Domains
* Instead of Host file hacking, you can add a “Primary Zone” and “A NAME” here