Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > Landed Job admining Windows network but don't know Windows Networking need help?

Landed Job admining Windows network but don't know Windows Networking need help?
Thread Tools
Mac Write
Mac Elite
Join Date: Aug 2000
Location: Vancouver B.C.
Status: Offline
Reply With Quote
Jun 5, 2007, 02:05 AM
 
I know this is a Mac forum, but I have semi officially been put in charge or running a network for a non-profit groups clubhouse for people with aquired brain injuries. I am also a client there as well (I Have Asperg Syndrome). Anyways, The manager trusts me and said that to head office so the other person helping out is out and I am in.

The problem (and I am completely open about this I don't pretend I know anything just tell the truth) is I have a great idea for making the network extremely secure and all, wanting user logins to work on any of the systems and of course restricting access.

I am running XP Pro on Parallels at home (gaming, learning (more to help PC users move to Mac) and website testing on my Mac Pro of course (Don't ask how I pulled that off).

So the question is, where can I learn about setting up a XP network (all XP Home (I know I want it to be XP Pro for restricting access but money $$$$). If I could pull it off I would love to put Ubuntu on all the systems, but not going to happen (Yet). These are also 500mhz old system blah blah blah (I need to inventory the stuff). There are about 5-8 computers (or will be).

So I need some good sites for learning how to setup a double Windows network with logins for any system, central files, restricting access etc. Reason for 2 Networks is Office (sensitive data) and semi public computers.

Right now it's Telus (GASP) 2Wire wireless router completely locked down for geek access, way to easy for anyone to screw it up, then the front room computers (Public) and then wired to Office which has a Linksys router.

So I need help to get going for learning how to build an extremely locked down windows network.

Thanks all
Get busy living or get busy dying
--Stephen King
     
shifuimam
Addicted to MacNN
Join Date: Aug 2006
Location: The deep backwoods of the PNW
Status: Online
Reply With Quote
Jun 5, 2007, 01:04 PM
 
Are the people who hired you aware of your lack of knowledge in this field? Just wondering...

If you're going to setup a real Windows network, you're going to need to get yourself a legal copy of Windows Server 2003. And each machine is going to need to have Windows XP Pro installed. That's going to be the only way to manage things like domain logons and Windows active directory services, as well as IIS if you plan on running a website in-house. Managing users and user access is also a hell of a lot easier with Server 2k3, or even Windows Server 2000, and domain logons are useless with XP Home.

Let me reiterate that: you can't have central logons with Windows XP Home. It doesn't work. It's not even available on that OS.

If the company who hired you is unwilling to license Server 2k3 and Windows XP Pro, you have no real option but to use local logons for each machine, and make up a network using basic network hardware (which they already have in the form of a Linksys router and 2Wire gateway). If you need two separate private networks, use two separate routers that are connected to your 2Wire gateway. Use the Guest Account feature of Windows XP for the semi-public computers, so that people are less likely to screw anything up. It's going to be impossible for you to substantially lock down those machines, because Group Policies only work in XP Pro.

You can setup a central file server if you want (running Linux with SMB, even), but that's about as complex as you're going to be able to get with XP Home.

If you want to keep people away from the network hardware, just lock em in a closet or even just a cabinet.

You could switch to Ubuntu on those machines, but I'm guessing that'll raise hell with your users.
Sell or send me your vintage Mac things if you don't want them.
     
peeb
Addicted to MacNN
Join Date: Mar 2006
Status: Offline
Reply With Quote
Jun 5, 2007, 01:42 PM
 
If it is a clubhouse, how secure do you really need it to be, I mean, what is on these machines that you need more than what shif is proposing? You might be over-thinking this.
     
olePigeon
Clinically Insane
Join Date: Dec 1999
Status: Offline
Reply With Quote
Jun 5, 2007, 01:47 PM
 
You really don't need to bother with central logins for 5-8 computers. Otherwise you're looking at spending a pretty penny for an ActiveDirectory server and upgrading the clients to XP Pro. Also, don't forget to buy Anti-Virus and Anti-Spyware. You'll also want to buy Norton Ghost or some other program to image the computers.
"…I contend that we are both atheists. I just believe in one fewer god than
you do. When you understand why you dismiss all the other possible gods,
you will understand why I dismiss yours." - Stephen F. Roberts
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jun 5, 2007, 03:32 PM
 
Originally Posted by peeb View Post
If it is a clubhouse, how secure do you really need it to be, I mean, what is on these machines that you need more than what shif is proposing? You might be over-thinking this.
Every computer that is exposed to the internet needs proper attention, period. The value of the data on these machines is irrelevant if these machines are facing the WAN.
     
macintologist
Professional Poster
Join Date: Apr 2002
Location: Smallish town in Ohio
Status: Offline
Reply With Quote
Jun 5, 2007, 03:36 PM
 
Can't you download a linux server OS that has OpenDirectory?
     
peeb
Addicted to MacNN
Join Date: Mar 2006
Status: Offline
Reply With Quote
Jun 5, 2007, 03:37 PM
 
Originally Posted by besson3c View Post
Every computer that is exposed to the internet needs proper attention, period. The value of the data on these machines is irrelevant if these machines are facing the WAN.
Right, but what was proposed would deal with this without complex network issues.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jun 5, 2007, 03:41 PM
 
Originally Posted by macintologist View Post
Can't you download a linux server OS that has OpenDirectory?
Yes, he could also setup a Kerberos server for central logins which might be a little easier (although it wouldn't store useful metadata like an LDAP server could).
     
shifuimam
Addicted to MacNN
Join Date: Aug 2006
Location: The deep backwoods of the PNW
Status: Online
Reply With Quote
Jun 5, 2007, 05:01 PM
 
Originally Posted by besson3c View Post
Yes, he could also setup a Kerberos server for central logins which might be a little easier (although it wouldn't store useful metadata like an LDAP server could).
Another advantage to using Windows XP Professional is that it defaults to using Kerberos for authentication. Kerberos offers the ability to reuse authentication credentials, providing single-sign-on capability. Although Home Edition provides password caching just like other Windows platforms (although it’s more secure), it doesn’t offer the same level of single-sign-on support provided by Windows XP Professional.

Unless I'm missing something here, I'm fairly certain that Windows XP Home cannot support any kind of server-based authentication system. It doesn't have the capability of selecting a domain to logon to, regardless of how that domain is provided.

<edit>
And, like peeb said, you don't need some insane security policies to keep your private machines private and away from your public machines. Putting your public machines behind any store-bought home router and installing antivirus software (even that which is open-source) is going to be enough to protect against nearly all vulnerabilities. Make sure Windows Update is enabled and set to all automatic, and force your users to use FireFox.
</edit>
Sell or send me your vintage Mac things if you don't want them.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jun 5, 2007, 05:09 PM
 
If Windows Home won't support any single sign-on technique like Shifuimam is suggesting, and this place cannot afford to upgrade to Windows XP Pro, and if all they do is basic stuff like type up documents, communicate with people, etc., *and* you really want to design something of this nature, you may want to give some serious thought into going with Ubuntu.

Ubuntu is a little harder to setup than Windows, but once you have your "build" it will be easy to duplicate your effort on all of these machines, and it should handle your day-to-day quite nicely even on older hardware, without having to worry about viruses and spyware and stuff. Plus, using Ubuntu Server you can work towards the single-sign on deal, and also worthy of mention is that there are a variety of techniques in which you could run Windows applications if you had to. Still, if their needs are pretty straight forward enough, you shouldn't have any trouble moving these people to Linux equivalent applications.

I have no clue whether this is feasible or not based on your level of need, but, just throwing this into the mix...
     
MacosNerd
Professional Poster
Join Date: Jun 2007
Status: Offline
Reply With Quote
Jun 5, 2007, 05:14 PM
 
I'd recommend that you pick up a book or two on windows server. What versions of windows are they running, sounds like they may not have active directory up and running or any need to have a PDC so that simplifies things.

There's a lot of differences between the various flavors of MS window for servers. We're running windows server 2003 and there's a fair amount of difference between that and server 2000.

Pop on over to amazon and do a search on window server and see what it pulls up. Learning Windows Server 2003 from O'Reilly is probably a good place to start (provided you're administering server 2003 machines.
     
shifuimam
Addicted to MacNN
Join Date: Aug 2006
Location: The deep backwoods of the PNW
Status: Online
Reply With Quote
Jun 5, 2007, 05:29 PM
 
See, I'd almost suggest Ubuntu myself, but my own forays into it have been less than pleasant. After finally getting everything working correctly, it crapped on me for no reason. I literally didn't boot into it for three months, and suddenly upon booting into it, my video and audio settings were irrevocably FUBAR. I haven't touched it since. It's just not worth it.

Depending on what you're going to use these machines for, I'd suggest running either Windows or Linux and designing some kind of frontend for them, either in a programming language or just on a website. If the public machines need to function more as terminals, stick with letting the users run WordPad or AbiWord (don't even try using MS Office) for word processing, Firefox for browsing, and Pidgin if you're going to let them have IM access at all. I doubt they'll ever need much more than that.

Or, give them nothing BUT a web browser, and they can use Google Pages for a word processor. You can use a Firefox extension to put it into Kiosk mode. Opera has its own kiosk mode.

Or, you can try this application: Webconverger.com

It appears to be free, customizable, and based on Linux. It looks like it should allow your users to use the public machines as internet kiosks and nothing more. This is probably your safest bet, especially if non-employees will be using the public machines.

For the office machines, since your organization won't upgrade to XP Pro, just create the same user accounts on every machine and leave it at that. That way, anyone can log on to any machine. You aren't going to be able to get much more complex than that.
Sell or send me your vintage Mac things if you don't want them.
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Jun 5, 2007, 05:45 PM
 
As others have pointed out, you cannot make a `secure network' with XP Home. XP Home doesn't even allow the user to change file permissions (yes, there are hacks, I know), so essentially everyone is root.
I don't suffer from insanity, I enjoy every minute of it.
     
Mac Write  (op)
Mac Elite
Join Date: Aug 2000
Location: Vancouver B.C.
Status: Offline
Reply With Quote
Jun 5, 2007, 10:45 PM
 
Popped in today (didn't get much done since I wasn't expected, and I didn't expect to either, but a 8:34AM nature call made me too wide awake I was expecting to get up at 12:30PM).

Anyways If I am not mistaken there are 4 PC's (not including the Compaq Win98 box that can't even get on-line). Off the top of my head, 2 of each.

•Athlon 1.8GHZ, 448MB RAM+64MBVRAM (onbaord (what do you expect for a $200 PC), 80GB HD, DVD-RAM (burner ?), wanna talk about the light as air keyboards?,
•466mhz, 256MB RAM, 20GB HD (pure guess), one has a CD burner.

All running XP Home. BTW The 2Wire/ADSL modem won't even have enough ports for the 4 "Internet Cafe" as they call it system. One of the Ethernet ports is for the line to the office for the Linksys. Every clubhouse member (including me) is disabled and a majority of them don't know how to use computers.

One of the office computers has Office (one of the head office guys put it on there (OpenOffice). The office computers have extremely sensitive confidential client data. I can do what ever I want basically on the public computers. Maybe Ubuntu is the way to go. They need to do a newsletter on there so OpenOffice on XP is being used at present. As for money, they can't even afford to pay me so that says something. As for one login for Public/Private system, they don't want that (the confidental data, hence the office router). I am told the laptop is the only system backed up nightly to the head office server.

I am supposed to meet with the manager on Thursday. All that the Public computers should be used for is flyers, newsletter, web browsing, that type of stuff. I am not sure at this point if I will be able to do the office computers, but would like to. I want to get in there, and pull all the public computers and inventory everything out there first before I do anything. Same with the office if I can get to do that, but again the confidential info could be a problem. If they can't afford anything, then Linux is the way to go (some people do have home PC's).

They are also very aware I don't know Windows that well, but I can learn I have said.

Sigh…
Get busy living or get busy dying
--Stephen King
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 11:04 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,