Choosing a server brand and OS
Some features are only available in the server versions of Windows, such as Active Directory Domain Services and Certification Services and multiple simultaneous remote desktop connections.
First off, Windows Server Essentials would be more affordable than Windows Server Standard or Data Center. Client access licenses are not required. There are some limits though. For example, only the Remote Desktop Gateway is included, other Remote Desktop Services such as the Session Host are not available. I think a max of two Remote Desktop connections are allowed, but for administrative purposes only. Hyper-V is also not available… At least that’s true for Windows Server 2012, but 2012 R2 Essentials includes Hyper-V. I can’t find anything on learn.microsoft.com that tells whether or not Hyper-V is available in the Essentials edition of Windows Server 2016 or 2019 or only available in the Standard edition. I only find comparisons of the Standard and Datacenter editions, https://learn.microsoft.com/en-us/windows-server/get-started/editions-comparison-windows-server-2016, https://learn.microsoft.com/en-us/windows-server/get-started/editions-comparison-windows-server-2019, and https://learn.microsoft.com/en-us/windows-server/get-started/editions-comparison-windows-server-2022, and nothing comparing the Essentials with the Standard or Datacenter Edition.
With the Standard edition, more features are available, such as the Remote Desktop Session Host and Hyper-V. There are some challenges though. First of all, a client access license (CAL) is required for each user or device that accesses the server. Windows Server CALs are not enforced, that is to say that they can be reassigned at anytime. CALs for advanced functionality on the other hand, such as RDS CALs, are enforced. Remote Desktop Services CALs can only be reassigned once every 90 days.
Per-device CALs are issued to particular devices. That means that anyone can connect to the server from the licensed client device, but only from that device. Per-user CALs are assigned to users and mean that only particular users can connect to the server, and they can connect using any device. Per-user CALs can only be used with domain-joined servers, whereas per-device CALs can be used with workgroup servers.
Windows Server Standard Hyper-V host license covers two guests it the Hyper-V host is not used for anything other than the Hyper-V role, and one guest if additional server roles are installed on the Hyper-V host. One could have Windows Server Standard for Hyper-V host, and Windows Server Essentials for guest. I don’t know about Windows 10, but think the Windows Server guest can be covered by the host license whether the guest is the Essentials or Standard edition. SMB file and print services and IIS web services and Active Directory Lightweight Directory Services could be run on the Windows Server Essentials guest. One could also run a Linux distribution, for which one of the best is Oracle Linux with Unbreakable Enterprise Kernel.
Since the Essentials edition doesn’t have the Remote Desktop Session Host or any Remote Desktop Services other than the Gateway, the Remote Desktop Session Host and Remote Desktop License Server roles could be installed on the Hyper-V host. But only per-device RDS CALs can be used for workgroup servers – for per-user RDS CALs, domain join would be required. Could make the Windows Server Essentials guest a domain controller and have the Hyper-V host, also running the Remote Desktop License Server and Session Host roles, be joined to the domain, but that would mean no Lightweight Directory Services, since that and Domain Services are mutually exclusive. And Microsoft recommends not to install any additional software or server roles on a domain controller. But I think Microsoft supports running certain server roles like Internet Information Services on a domain controller, and I’m sure that if any server role should be supported being run on a domain controller, it would be SMB file and print services. And I’d rather install SMB file and print services or IIS web services on a domain controller than to make a Hyper-V host also a domain controller. It’s worse to make a Hyper-V host a domain controller than it is to install say, Remote Desktop Services, IIS web services, or SMB file and print services on a Hyper-V host, or to install say, IIS web services, SMB file and print services, Exchange Server, or SharePoint on a domain controller.
Another idea would be to just run a Linux distribution. One of the best Linux distributions for home lab is Ubuntu. One could install Ubuntu on a PowerEdge T40 or T1x0 with Intel or AMD x86 processor, but maybe an ARM server would be better. Maybe a Raspberry Pi would do. Either way, one could run LXD containers and KVM virtual machines. One could also have VNC, SSH with X and Pulse Forwarding, Xrdp, or the recent FreeRDP for remote desktops and apps.
Alternatively to Ubuntu, another idea is Proxmox Virtual Environment, which can run both containers and virtual machines.
Storage and print services
SMB is available on Windows Server, and NFS can be used on Unix and Linux.
As for max connections, the client versions of Windows only allow for a maximum of 20 simultaneous connections. That’s a good recommended limit. If there are too many simultaneous connections, the computer will be overwhelmed.
Remote desktop
It is recommended to limit the number of remote desktop connections to two. The client versions of Windows only allow one remote desktop session at a time, and only when no one is logged in locally. The Multi-Session option is limited to the Enterprise edition of Windows 11, and the enterprise editions of all Windows versions are exclusive to enterprise customers. Even if multi-session was allowed for Windows 10 Pro or 11 Pro, it would still be recommended to limit the max number of concurrent remote desktop connections to two, especially for laptops.
Windows 10 only allows one interactive session at a time, Ubuntu doesn’t have that limit. Even then, it is recommended to limit the number of concurrent remote desktop connections to two, up to five is acceptable but a limit of two is recommended. Also provide for session timeout, limiting how long remote desktop connections can be established.
For home desktops and servers, up to five concurrent remote desktop connections would be acceptable, but each user would impact the performance of other users, whether each user has a thick client (laptop or desktop), a thin client, or a zero client.
Windows Server Essentials has only the Remote Desktop Gateway. Other Remote Desktop Services, such as the Session Host are only available in the Standard and Datacenter editions. Windows Server Essentials has Remote Desktop for Administration, which allows a max of two simultaneous remote desktop connections for administration purposes only. But even if a family can afford to get a Windows Server Standard edition AND install client access licenses on the Hyper-V host, a max of two simultaneous remote desktop connections would still be recommended, a max of five would be acceptable. Either two-to-four per-user or three-to-six per-device remote desktop services client access licenses (CALs) will do, and maybe five-to-ten per-user or ten-to-15 per-device Windows Server CALs will do.
Web services
OwnCloud or NextCloud for personal cloud storage, and Collabora Online or OnlyOffice for self-hosted office collaboration.
Virtualization
The vast majority of commercial and proprietary virtual desktop infrastructure (VDI) software is exclusive to corporate and institutional customers.
If there was maybe a shareware, freeware, or free and open source virtual desktop, then on the server, there could be a virtual desktop for each family member, but it would not be of much use, since immediate families have only a few members. But for friends, uncles, aunts, nephews, nieces, and cousins to connect to the immediate family’s server services, the family could configure a VPN so that all of the extended family and also non-blood-related friends could connect to remote applications and virtual desktops and also other services like file and print services, media services, web services, and directory services.
ThinLinc would be good for Linux. GNOME Remote Desktop is not good for a headless experience because it requires a dongle and you can’t hide the session from local users.
Privileges for children
It is strongly recommended not to grant administrative privileges to children. How old a child should be to be given administrative privileges, depends on the child’s responsibility. A good age would be 16. Minimum age, probably 12 or 13, but only that young if the child is responsible for their age.
If the family has a server to provide services like file, print, media, web, data, and directory services to the family, whether it be Windows Server, Ubuntu, Red Hat Enterprise Linux, or FreeBSD, and the eldest child is growing up, the father may supervise the eldest child administering the server, and teach him how to manage server services. Wait until that child turns 12 or 13.
Maybe the father should grant one or more children some administrative privileges, maybe put one into the “IIS_IUSRS” group for administering IIS and another “Hyper-V Administrators” group for administrating virtual machine services.
IT recommendations and ideas 