gregoryacole 2 Posted January 29, 2021 Posted January 29, 2021 I have a Win 10 Emby server, and I have it set to start Emby automatically, but it seems to need the user to login to Windows to get Emby started up. Since Windows from time to time will pull an update and auto reboot, I have to remote into the machine and login. Any way to allow Emby to start without having a Windows user logged in? Thanks Greg
Spaceboy 2573 Posted January 29, 2021 Posted January 29, 2021 you'd need to run emby as a service i think
Spaceboy 2573 Posted January 29, 2021 Posted January 29, 2021 21 minutes ago, GrimReaper76 said: Or you can set-up auto-login. true - thats actually what i do. type netplwiz in the start/search menu and enable auto login for your username 3
GrimReaper 4740 Posted January 29, 2021 Posted January 29, 2021 Just now, Spaceboy said: true - thats actually what i do. type netplwiz in the start/search menu and enable auto login for your username Yup, same here. 1
gregoryacole 2 Posted January 29, 2021 Author Posted January 29, 2021 Auto login to Windows sounds like a good place to start. Think I'll try that first, thanks!
rbjtech 5284 Posted January 29, 2021 Posted January 29, 2021 .. It's not a great idea to do this from a security pov, especially if the user is an Admin. I would personally spend the time setting Emby up as a service with it's own Service Account with delayed start, auto restart etc. That way, emby will be running without anybody needing to be logged on and should survive a MS patch episode ... 1 1
gregoryacole 2 Posted January 29, 2021 Author Posted January 29, 2021 Oh, always more to think about. Maybe the service route would be better after all
GrimReaper 4740 Posted January 29, 2021 Posted January 29, 2021 Just now, rbjtech said: .. It's not a great idea to do this from a security pov, especially if the user is an Admin. I would personally spend the time setting Emby up as a service with it's own Service Account with delayed start, auto restart etc. That way, emby will be running without anybody needing to be logged on and should survive a MS patch episode ... Keypoint there being "if the user is Admin". With proper setup in the other areas, hardly an issue. 2
GrimReaper 4740 Posted January 29, 2021 Posted January 29, 2021 Just now, gregoryacole said: Oh, always more to think about. Maybe the service route would be better after all Some light read regarding subject:
Spaceboy 2573 Posted January 29, 2021 Posted January 29, 2021 my emby pc does nothing but emby and downloading duties. i'm not really worried
ebr 16177 Posted January 29, 2021 Posted January 29, 2021 2 hours ago, GrimReaper76 said: Keypoint there being "if the user is Admin". With proper setup in the other areas, hardly an issue. Also, if this is a machine in your house doing nothing but server duties it doesn't seem much of an issue either. 1
gregoryacole 2 Posted January 30, 2021 Author Posted January 30, 2021 This server is actually parked at my office (small business that I own) , so I don't want to unknowingly open any security issues for our business network. That change the perspective at all?
Spaceboy 2573 Posted January 30, 2021 Posted January 30, 2021 i'd still say you'd be fine either way but you might want to prefer the windows service option
rbjtech 5284 Posted January 30, 2021 Posted January 30, 2021 8 hours ago, gregoryacole said: This server is actually parked at my office (small business that I own) , so I don't want to unknowingly open any security issues for our business network. That change the perspective at all? Again my personal opinion (being a Network Security guy I guess it would lol..) but this changes many things if you want to follow 'best practice' and 'safe computing'. On any network, especially a network with important data on (such as your business..) then when you forward ports, you are effectively opening up the internet/hackers to your network. Yes, there is a firewall and yes there are no known vulnerabilities in Emby core but my advice is put Emby on an isolated network - that way, if you do get compromised - it is only emby, your business network remains safe. If emby is 'remote' - all the more reason to run it as a service. The reason being is you can do so much more remotely via a service than you can as a desktop. ie you can remotely start/stop the service from your home machine. You can proactively monitor the service. You can give the service least privilege principles (ie read only if not recording for example). Yes remote desktop type services (RDP) could give you a similar level of access, but this of course means opening up those ports - and we already know RDP itself has been compromised ..
Spaceboy 2573 Posted January 30, 2021 Posted January 30, 2021 i'd agree you would be crazy to open up RDP to the internet but its pretty easy to get around that and create a vpn between your home and office
gregoryacole 2 Posted January 30, 2021 Author Posted January 30, 2021 Yeah, RDP is not open. All remote actions are through a Sonicwall VPN.
pwhodges 2012 Posted January 30, 2021 Posted January 30, 2021 The problem with RDP is not its present insecurity - yes, like most systems it's had vulnerabilities, which have been corrected. But the problem is the sheer number of badly maintained systems out there which are either running vulnerable versions, because they've not been updated, or (more likely, and) the number of systems which continue to use inadequate passwords. If your system is fully up to date and you use a decent password, you'll be fine. After all, at least it is fully encrypted, unlike VNC, for example. I guess I'd be happy to accept the guidance of the University of Berkeley on this matter. Paul 1
Spaceboy 2573 Posted January 30, 2021 Posted January 30, 2021 20 minutes ago, gregoryacole said: Yeah, RDP is not open. All remote actions are through a Sonicwall VPN. then personally i think the simplicity of autologon outweighs the limit risks. but your decision at the end of the day 2
CBers 7450 Posted January 30, 2021 Posted January 30, 2021 To make any computer the most secure, just turn it off and unplug it. Thanks. 1 4
rbjtech 5284 Posted January 30, 2021 Posted January 30, 2021 2 hours ago, CBers said: To make any computer the most secure, just turn it off and unplug it. Thanks. lol - and playing devils advocate - if Auto Login is enabled then 'anyone' can just plug it back in again and have full access .. Agree with all the replies - the level of security vs convenience is entirely your call - nobody's viewpoint is 'incorrect'.
gregoryacole 2 Posted January 30, 2021 Author Posted January 30, 2021 Security is definitely key, so I think I'm going to set Emby up as a service. I think I'll also move it to a totally separate network as well. The only tricky thing there might be that my Cable card HDHomeruns will still be on the business network for the tvs in the office. The joys of good service providers at work but not at our home
CBers 7450 Posted January 30, 2021 Posted January 30, 2021 7 minutes ago, gregoryacole said: I think I'm going to set Emby up as a service. Don't forget that you can't update Emby when running as a service, you have to do it manually. There are scripts on the forums that help with this though. Thanks. 1
rbjtech 5284 Posted January 30, 2021 Posted January 30, 2021 (edited) Sharing the tuners on different networks should be ok - you'll need to provide a network route and firewall rule obviously - but I don't believe HDHomeRun use Broadcast/mDNS for discovery so should be reasonably easy. My HDHomeRun is on the same VLAN as Emby, but I view it on other VLAN's without issue - but I see no reason why this would not work in your scenario. Edited January 30, 2021 by rbjtech
gregoryacole 2 Posted January 30, 2021 Author Posted January 30, 2021 They are on fixed IPs already, so once the route is in place, I should be able to just point Emby to the address, no?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now