SBS 2011

[legal22]

Hi, we use the Small Business Server 2011 which is coming to end of support/security patches in January 2020. We have moved our exchange to Office 365 and we use the server only for file sharing and an sql database.

My question is, is it possible to hook the workstations (running windows 10) directly to the internet and then disconnect the server from the internet. Would this eliminate the security risk of running the obsolete SBS2011 as the server will no longer be exposed to security vulnerabilities?

Thanks

 

[Gabriel Pike]

So. You could run the file share and SQL on a workstation. You would lose any active directory login if you needed it for some reason. But the simple answer is yes, you could connect workstations to a local domain and internet as long as you have the flieshare and SQL running on something else, assuming you still need it.

 

[legal22]

But could I run the server as it does at the moment, SQL active directory, printers and so on, but disconnected from the web, with web access coming from the modem to the workstations directly? Would the server then be insulated from vulnerabilities due to end of maintenance for SBS2011?

 

[Gabriel Pike]

That would work as long as you are not using your server for DNS. If you are using it for DNS it will not be able to update queries that the LAN requested from the WAN. Part of active directory is DNS. To answer the second question. You can simply remove the gateway from the server to keep communication restricted to the LAN. This is assuming that you do not have multiple LAN segments.

 

[legal22]

Thanks. I can't pretend to understand all of that but I'll pass it on to our IT person who hopefully can make use of it.