!!!HELP!!! ~Windows Small Business Server 2011 Essentials~

PNW-ITGUY · May 2, 2019

I have a client who's server was attacked and we need to do a barebones restore. Problem is we have no disk. Can someone with an .iso help me out? I'm really running out of options here.

G8racingfool · May 2, 2019

If I were you I'd be talking to the client about updating the server to something that's actually supported (2016/2019).

That said, do you have a regular SBS 2011 disc? IIRC they work the same way Windows Home/Pro/Ultimate does in that if you delete the ei.cfg file from the iso you can pick and choose what you want to install.

If you don't, I'll rummage around and see what I've got but it's old enough I may not have that one any longer.

timeshifter · May 2, 2019

I had offered to help last night because I had a burned CD copy of that software. But the disk looked scratched, not clean and shiny. Sure enough when I tried to make an ISO of it I got read errors, so can't help.

But, isn't the software available to download from Microsoft. I've seen some websites linked and tools mentioned here that makes downloading official software from Microsoft very easy.

Your software may still be supported, but I think it ends in January 2020, not far from now. Might want to figure out a way to upgrade in the process.

Markverhyden · May 2, 2019

I've got an ISO but I'm pretty sure it's from the old Technet. And usually you can't use non-Technet keys with those. Let me know if you want to try it and I'll PM the download link.

Sky-Knight · May 2, 2019

SBS 2011 is dead in Jan, why would you redeploy that? Where are your image based backups?

If you're rebuilding from a file level, you're going through the process of deploying a new server. From a cost effectiveness standpoint, the client should be paying to get into a younger OS. It's the same money to them...

Unless you want to double bill them... I'd be selling a new server.

fencepost · May 2, 2019

I might have a CD, can look if needed - might also have tossed it, but I remember seeing it at one point. Ended up with it along with a server from a customer that closed. It may be HP OEM if that matters.

PNW-ITGUY · May 2, 2019

Thanks everyone. I had someone give me the iso's last night. I have the restore going now. Unfortunately my client never swapped external backup drives and the no more ransom, encrypted everything, files, all computers and formatted the backup drives. And the drives didn't have any drive letters. It's a really sticky situation.

timeshifter · May 2, 2019

PNW-ITGUY said:
Thanks everyone. I had someone give me the iso's last night. I have the restore going now. Unfortunately my client never swapped external backup drives and the no more ransom, encrypted everything, files, all computers and formatted the backup drives. And the drives didn't have any drive letters. It's a really sticky situation.

And the external drives?? I’ve got several Essentials out there. One of the things I liked is that their backups go to drives that you can’t really see through the OS. I thought those were protected. Did those get encrypted too? Or did they get erased?

seedubya · May 3, 2019

Sorry this happened to your client. Just one thing, it formatted the backup drives? Really? I've seen dozens of these and never one that did that. Usually the drives get encrypted.

PNW-ITGUY · May 4, 2019

seedubya said:
Sorry this happened to your client. Just one thing, it formatted the backup drives? Really? I've seen dozens of these and never one that did that. Usually the drives get encrypted.

Yep! Formatted, never seen this before. Luckily i found a drive that had a backup from the middle of February, but that's it. Trying to recover data from the formatted drive now.

Sent from my SM-G975U using Tapatalk

PNW-ITGUY · May 4, 2019

timeshifter said:
And the external drives?? I’ve got several Essentials out there. One of the things I liked is that their backups go to drives that you can’t really see through the OS. I thought those were protected. Did those get encrypted too? Or did they get erased?

They got formatted. I talked to another IT guy who had the same exact virus a year ago. It's nasty. SWAP drives everyone.

Sent from my SM-G975U using Tapatalk

timeshifter · May 4, 2019

PNW-ITGUY said:
They got formatted. I talked to another IT guy who had the same exact virus a year ago. It's nasty. SWAP drives everyone.

Wow, that's brutal. I recall thinking those types of backups were safer because the drives weren't formatted in a way that was visible to the system or mounted. Some other backup programs do something similar, Acronis I think. Guess the bad guys have figured that one out.

PNW-ITGUY · May 4, 2019

timeshifter said:
Wow, that's brutal. I recall thinking those types of backups were safer because the drives weren't formatted in a way that was visible to the system or mounted. Some other backup programs do something similar, Acronis I think. Guess the bad guys have figured that one out.

Yeah, i reached out to my old boss who set the system up. And he was all, just push the shares back from the backup. I was like, negative, drives compromised.

It even went after .exe files. Never seen that before. Normally just documents. Very brutal. My old boss told the owner, don't worry, he can pull your last good backup from the formatted drive. Thanks, now dude expects it to work 100%.

Sent from my SM-G975U using Tapatalk

brandonkick · May 4, 2019

This is why you need some robust backup solutions these days. Back and disaster recovery.

In a mission critical settings, their should be regular full backups, file versioning and so on. I'd imagine something like AWS would be preferred, because the connection isn't always alive (I think?)... you only dial into the storage container when you are performing the backup and the others are locked. If that's not a feature, it should be. Wouldn't that be something. AWS generates random complex passwords and denies access to existing backups, and implements a routine for defeating these "lets just encrypt or erase everything" ransomware attacks.

Of course, the other solution is offline and offsite backups. Full backups taken at least a few times a week, and taken home with the guy who signs the paychecks or opens and closes the doors. We do this at my part time job. Two 2TB drives that nightly make a full backup of our Synology NAS (which itself nightly backs up to another in house synology NAS). Every morning the office manager takes the 2TB drive out of the synology and puts it into her car and takes it home at lunch time. The next morning, the drive is swapped out. The owner of the company will bring in his drive about once or twice a month for his own copy.

PNW-ITGUY · May 4, 2019

brandonkick said:
This is why you need some robust backup solutions these days. Back and disaster recovery.

In a mission critical settings, their should be regular full backups, file versioning and so on. I'd imagine something like AWS would be preferred, because the connection isn't always alive (I think?)... you only dial into the storage container when you are performing the backup and the others are locked. If that's not a feature, it should be. Wouldn't that be something. AWS generates random complex passwords and denies access to existing backups, and implements a routine for defeating these "lets just encrypt or erase everything" ransomware attacks.

Of course, the other solution is offline and offsite backups. Full backups taken at least a few times a week, and taken home with the guy who signs the paychecks or opens and closes the doors. We do this at my part time job. Two 2TB drives that nightly make a full backup of our Synology NAS (which itself nightly backs up to another in house synology NAS). Every morning the office manager takes the 2TB drive out of the synology and puts it into her car and takes it home at lunch time. The next morning, the drive is swapped out. The owner of the company will bring in his drive about once or twice a month for his own copy.

They had 2 external backups. They never swapped them and took them offsite. I take daily full backups.

Sent from my SM-G975U using Tapatalk

Sky-Knight · May 5, 2019

Image based backups stored offsite or go home...

This why I Datto. I'll do less, but when this happens it's not my fault because they signed a waiver.

bluecoast · May 31, 2019

I gave up long ago on client's swapping drives.. They do it the first few times and promptly forget... even with an outlook calendar reminder. Datto is great for smaller clients who see the benefit.

A client got hit with a crypto varient while I was out of town. Luckily they had a Datto Alto. Unplug offending PC and restored files in about 20 minutes with the onsite Datto appliance. They really saw the light after that.

jflitney · Jun 1, 2019

timeshifter said:
And the external drives?? I’ve got several Essentials out there. One of the things I liked is that their backups go to drives that you can’t really see through the OS. I thought those were protected. Did those get encrypted too? Or did they get erased?

I've wondered this about Windows Server Backup, anyone know?
I use Veeam Agent which can store shared folder credentials in the hope that if no other account has those credentials the folder is inaccessible to a virus.

!!!HELP!!! ~Windows Small Business Server 2011 Essentials~

PNW-ITGUY

Member

G8racingfool

Well-Known Member

timeshifter

Well-Known Member

Markverhyden

Well-Known Member

Sky-Knight

Well-Known Member

fencepost

Well-Known Member

PNW-ITGUY

Member

timeshifter

Well-Known Member

seedubya

Well-Known Member

PNW-ITGUY

Member

PNW-ITGUY

Member

timeshifter

Well-Known Member

PNW-ITGUY

Member

brandonkick

Well-Known Member

PNW-ITGUY

Member

Sky-Knight

Well-Known Member

bluecoast

Active Member

jflitney

Member

Similar threads