network administration questions
first of all, i'm a novice at this, so bear with me.
two of our older PCs at the business had been decommissioned, so they landed up at my place, i now have 3 systems at home. thinking it would be a good project, i decided to network them all, and so i did. what i now want to do is,
1. set up user accounts so a user can log in from any one of the computers
2. set all other users restrictions on installing software, deleting and accessing certain files.
3. set up one single software firewall that protects the entire network instead of installing/using a firewall on each system.
i realise i have to have one system acting as a server, my question is, can win XP be used as a server for what i want to do, or do i have to install another server OS?
the systems are a mix of intel and amd based configs, with 512 to 1GB RAM. the networks' wired by the way.
i've gotten this far with google, but now even google is beginning to get a little obscure on how to do this. would appreciate a few pointers, and even the helpful tutorial!
Windows 2003 Server.
2003 Server can get a little hairy for the novice. You also, ideally, want to install 2003 Server on a server grade machine. If not a server grade machine, you'll want to install it on your fastest box. If you try to use a machine with insufficient specs, it will be a bottleneck for all your activity (filesharing, web surfing, p2p). It could also crap out on you as servers take a lot more wear and tear than workstations.
Are you dead set on having multi-user access for every machine? Is it the end of the world to assign each user to their own machine? This makes the whole scenario SO much easier. With a router you'd be up and running in no time. Some ISPs provide their customers with combo modem/routers with firewall capabilities. If yours doesn't, I'm sure you could pick up a good router for about $50 (on sale). I got my old router for free after rebate, and, although it's not feature rich, it still allowed me to connect 4 machines to it and share files, printers and internet and had firewall settings. As you spend more money, networking gets a LOT easier. On my free router I had to set up internal (subnet) IPs on every machine in order to communicate with the outside world. With my Verizon FiOS modem/router, it assigns internal IPs to all my machines automatically. I'm guessing my Verizon router is about $200 retail, but it also has wireless capabilities. A good wire based router will probably run about $100 but if you find a good sale, you can shave it down to $50.
The router can't allow multi-user access but it does give you a firewall that protects the entire network and it allows files and printers to be shared amongst all the machines. You can also grant users read only privileges for files/folders you don't want them to delete.
As far as restricting software installation goes... a personal firewall should achieve that end although that might be a little more trouble than it's worth. You might want to consider a more hands off approach by cloning fresh installations so that if someone mucks up their box, within a few minutes you can transfer the fresh installation back. In other words, let your users do their worst :) If you're really concerned, you might want to go with a personal firewall and cloning. Anti-virus software probably has software installation limitation capabilities as well.
With this subnet set up, there's a crapload of ways to monitor your users as well. You can log their keystrokes, you can set up remote admin so that you can be watching their screen on yours (highly recommended) and there's parental control opportunities up the wazoo. You can do parental controls on the browser side, install software or both.
Remote admin not only allows you to watch your users, it also gives you the ability to control their machines from yours, allowing you to show them how to do things and tweak settings on each machine.
The router/multi XP machine/p2p scenario is surprisingly feature rich for the home network. The one thing it doesn't give you, though, is the ability to mirror your work setup at home (for troubleshooting issues), and, although you learn some things about networks, you definitely don't learn as much as going the full fledged server route. If you really want to learn all the ins and outs of networking, I'd either build or buy a server grade machine.
thanks enter, actually this is a sort of winter project. i've got my little sandbox, and its time i bought something new for myself anyway, so the router is a good idea...basically, none of what i want to do is really necessary, i just want to learn a little about networking using a hands on approach.
what i've got now is a 3 system network running of a simple 8 post switch i dug up from one of my junk piles. i've got the internet connected to one machine sharing ICS to the others, and separate user accounts like you said on each machine.
basically what im trying to replicate is a network not unlike those seen offices where users login from any system connected to the network. i suppose i could mess about with a routers firewall and figure that end out eventually, but this is what i need help on. also, a few helpful links won't go unappreciated. thanks guys.
You should just buy Windows Home Server which will allow many of the things you have listed and is alot simpler to configure.
Otherwise you are going to have to setup a domain, with Active Directory, network policies for a start. That is if you want to have a windows network.
For the single firewall thing you mentioned most businesses have enterprise routers and that handles the firewall. Such routers have licenses for the features like firewall and anti-virus that are expensive and have to be renewed yearly.
You are way better off getting a good consumer router that has a NAT and a SPI(stateful packet inspection) firewall on it.
What you are doing is overkill for 3 computers, costly and difficult to setup and administrate. You would be better off getting some books or taking a class as a community college or other IT training place if you want to learn about setting up a MS network.
If you don't want to spend alot of money then you should look into using Linux.
Posting Permissions
Reply With Quote
Bookmarks