Servers¶

server¶

Custom built Windows Server that acts as a NAS, hosts media server apps, and manages Active Directory.

• Windows Server 2016
• Custom Build February 2018

Auto-login¶

The server is currently set to auto-login to the Administrator account. There are a few reasons for this.

• The first is historical - previously we were running Docker on Windows. It doesn’t run as a service, and had some other issues with regards to host mount availability at startup.
• Plex can’t be run as a service (easily, anyway). If the transition to Emby is successful, we may ditch Plex totally.
• SpeedFan - not sure if this can be run as a service.

Auto-login is handled by the sysinternals “autologin” program.

• Use this instead of the registry method. The sysinternals tool encrypts the password. The registry method stores passwords in plain text!!
• Login as:
  • User: Administrator
  • Domain: VICTORBUSH
  • Password: in Proton Pass

Once the auto-login occurs, we need to immediately lock the machine – otherwise the account is logged in and anyone with physical access is then logged in as admin.

• A Scheduled Task handles this:
  • Trigger: At login.
  • Action: Start a program: %windir%\System32\rundll32.exe
  • Arguments: user32.dll, LockWorkStation
  • Uncheck the Power conditions. We always want this task to run, no matter what.

TV Tuner¶

UPDATE (8/7/23) - I removed the TV Tuner card. Probably need to go with a USB solution if I want to revisit this.

UPDATE (2/18/22) - TV Tuner not hooked up to antenna. Card is installed, but was having trouble with the tuner card not showing up again, even with the BIOS settings.

A Hauppauge WinTV HVR-2250 TV tuner is installed in this server. To get the tuner to show up, I had to go into the motherboard BIOS and manually set the PCI link speed to “Gen2”.

Emby can utilize the tuner to stream live TV from an over-the-air antenna. The WinTV 10 software is required to allow Emby to use the tuner. I purchased a copy from Hauppauge. The activation code is:

• 46VKXY-RE37GQ-LMPAB8-JUHFC5

Notes¶

• The “Work Folders” service uses ports 80 and 443. You have to disable this service if you want to be able to bind to those ports.
  • https://blogs.technet.microsoft.com/filecab/2013/10/15/windows-server-2012-r2-resolving-port-conflict-with-iis-websites-and-work-folders/
• NIC Teaming
  • https://blogs.technet.microsoft.com/keithmayer/2012/10/16/nic-teaming-in-windows-server-2012-do-i-need-to-configure-my-switch/
• SSL Best Practices
  • https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

server-02¶

This server runs DNS for the network (Pi Hole). It also runs various containerized services using Docker.

• HP EliteDesk 800 G2 Mini 35W
• S/N: MXL7191W2X
• MAC: 3c:52:82:01:31:37
• Ubuntu Server

Setup Notes:

• Install Docker: Install Docker Engine on Ubuntu | Docker Documentation
• Clone kremlin repo to ~/home/kremlin.
• Start portainer container with Docker.
  • I copied existing certs/keys I had for portainer into the mount directory.
• NewRelic agent installed using directions in NewRelic.
• Tailscale installed using directions from Tailscale. See the Tailscale section in this documentation for more details.