Im in TOO Deep>>>>>>>>> 6

[popotech]

hello,
I have a major problem, as the webmaster at my job I have been given the job of networking the entire building of about 80 nodes. we will be using a windows 2000 professional as our OS.

Let me start here with what they want:
- they want an email set up so the officers can check their email i was just going to use outlook, I hear about a thing called logon scripts but unfortunately I have no idea on how to use them I don't even know if it needs to be on the 2000 server. Heck, I don't even know if I need to 2000 server to run the network.

- they want it so that anybody can get on any computer and login and see their personalized desktop, I have done some research on this and found something called "roaming profiles" is that right?????

- they want all the users to be able to access the internet, I have purchased a firebox firewall to be installed at a later date, and also purchased a DSL line to run into the building. I only got a DSL into the building because out all the nodes only about 6 of us will actually be on the internet

Those are the only real pains in the back side that I can believe I will encounter, I believe I will have to assign all the pcs a static ip so I won't be needing a DHCP but I believe I will need to run the DNS on the Server......?

Any guidance will be much appreciated, once again I know your a busy person so if you could, throw some of that knowledge my way or even give me something to go I.E. site, webrings or forums anything would be great thanks in advance.

 

[koquito]

if your going to share the DSL line, then you must use a DSL router. If everyone needs email, the you can use on the Server, Exchange 2000 or IPswitch email server (Exchange is integrated with Active Directory, a very cool feature in windows 2000) , you can USe OUtlook as the email client.And You should buy or install a (one or more) server(s) with Windows 2000 Server.
Remember that each user will have a storage limit for email, so if you take that into acccount one of your servers (the one you will use as emails server) must meet this requirements or more than meet them if you can. A+, MCP, CCNA
marbinpr@hotmail.com

Keep fighting for your knowledge!

 

[leinad]

Popo,

I don't know why you would want to manually assign IP addresses rather than using DHCP on the server.

And yes, you will need a big, beefy machine to act as server. Plenty of processing power, plenty of drive space to store the mailbox database and the users' (roaming) profiles.

You said they want all users on the Internet, but you also said that only 6 of them will be on the Internet?

You also said your firewall will be installed 'at a later date'. I caution you about even stepping one foot onto the Internet without a firewall already in place. It will take no more than about a minute for someone to try to jump onto your network.

Let us know how it goes

Daniel

 

[leinad]

P.S.:

You are not in too deep. Part of being an effective IT manager is knowing where to go for the answers. You don't have to know them all.

Daniel

 

[popotech]

First off, thanks for help with my situtation. secondly i will fine tune my writing.

i am in the infantile step of the network, i have just recently recieved the pc's (70) and the firewall just need to be ordered. i wouldn't dream of installing the network with o firewall assigned to the network.

my question is should our network use our AS400 as a pop server or should we go with the webhosting company that offers us unlimited pop accounts and creat all the address through them?

i thought that if i would have to manually enter all the ip addresses, what does the DHCP do?

popotech

 

[mozingod]

DHCP (Dynamic Host Configuration Protocol) does pretty much what it says... it dynamically configures the machines. For instance, you setup all 70 PC's now, with an IP and DNS address. Another couple of weeks down the road you need to get all these clients a default gateway (say, for the internet). Using static IP's, you'd have to revisit all the machines, but with DHCP, you can just change an option on the scope and bam... all the clients are updated (well, next time they check the DHCP server). This also helps when you have to change the IP of say the DNS server or anything else. Trust me, do NOT use static IP's. You could set the IP lease time to a week or two and it wouldn't put that great of a load on the server (after the initial startup of the clients).

Roaming profiles is definately the way to go. When you make a profile on your local machine, it's saved in a directory. With roaming profiles, it basically saves the profile to a network share, and from any computer on the network, when you login it will pull the profile off that share onto the computer, hence making it a "roaming" profile.

Are you planning on using Active Directory? You'll need it to use DHCP (2000's anyway). You might also consider setting up a Remote Installation Services (RIS) Server to setup those new PC's. You can make one image of a preconfigured machine with all the programs/settings/icons on it, and have the new machines go to that server, pull of the image, and install it with no hassle. You can then take down the server and use it for something else once the initial setup of the clients is done. You'll need AD, DHCP, and DNS to do this by the way.

Best of luck in the setup! Hope this information was a bit helpful. Remember, just take it one step at a time and plan all your design issues out a head... there's nothing worse than having to go back after a few months/years and realising you made a bad decision at install time. Darrell Mozingo
MCSA, A+, Network+, i-Net+, MOUS 2000 Master

 

[popotech]

okay, thanks for the in depth explanation. so let me tell you after what i read and see if i had absorbed any of the info.

- don't use static ip's
- use a server
- use it as a DHCP and DNS
- i can image the first pc and send the image to all the pc's
- i want to use roaming profiles
- setup the server2000 first
- connect all the pc's to the network "or connect all the pc's to a switch"
- run the DHCP/DNS - i would like to put both on one -
- it will recognize the pc's on the switch and create the network

am i close?

 

[turquoise]

Yes, that about sums it up.

-remember the SERVER MUST have a static IP.

-set up the server first. The server will be the domain controller. It'll also run the DHCP and DNS server.

-with IP's I'd recommend using the range like 172.27.0.x subnet 255.255.255.0. 172.27.0 is the network id, x is the host id. This gives 254 IP's. Keep a block from 172.27.0.220 to 172.27.0.254 for static addresses. Assign the server one of them. Set the DCHP server range to 172.27.0.1 to 172.27.0.219. Remember to activate the DHCP server! if you don't the DHCP server won't respond to requests from the clients at start up.

-set up 1 client. image the client with Norton Ghost (don't use RIS, too much time and hassle, in my experience, unless your running a massive installation) or just complete the install of the pre-installed OS if it's a Dell/Compaq etc.

-If you're installing the network also, you'll need a hub stack. most hubs have 12 or 24 ports. So, you'll need 4 24-port hubs stacked. The clients then connect to the ports on the hubs. With 80 nodes a stack of 3com switched hubs will be OK.

-cut down on your complexity and overall management of the system by getting your ISP to host the mail boxes. Otherwise your into installing Exchange server or similar product. And normally you'd not run exchange on ADSL because ISP can change your IP address on tht router, then you'd loose your inbound mail.

Hope this helps

 

[popotech]

okay, now i have been confronted with a new problem, since my place of employment is a police department we have an even stricter policy. we can't have pc's get dynamic ip's because the system we recieve all our data from when we do inquiries on people,auto or history is making us use the static ip's. yes i know it sucks but i can't do anything about it.

- for mail, am i right when i say that if i can set up roaming profiles on the server that i all i need to do is make them up a email address on our web server. ex.
officer--@police.org and individually set up their accounts if that is right its going to take for ever. and with roaming profile they can be anywhere in the department and logon and get their desktop.

- lastly i have a problem with the whole static ip thing, so basically the company that is making us do this needs this to be done so they can trace where the request came from and ok it and if their was a problem that they can back track the problem.....to me there has to be an easier way.

popotech
thanks again for all the responses.....

 

[leinad]

If you use an assigned IP range (or even if you use NAT and allow your firewall to pin a valid address on each request) there can be no mistaking where the request is coming from.

There is no reason for static IP addresses from a security standpoint. I would ask for a second opinion, or simply let them know how it is.

You can set up NAT in combination with DHCP so that all your requests are coming from the same address (which will be static -- your server or your firewall or your router).

Daniel

 

[turquoise]

I guess for the security side of things they want you to be running full aduiting so you can say the request was made at 9:28am from workstation with IP 172.27.0.23 and user Mr John Doe was logged in at the time.

OK you don't need to worry about IP's. Either use one of the reserved private ranges i.e. 172.27.0.x sub nett 255.255.255.0 or they will allocate you a range of IP's to use. It just means more planning and management from your side. Perhaps security mark each machine as PC 1 and set it's IP to 172.27.0.1 then PC 2 172.27.0.2 etc. up to 80. And setting the DNS IP to the IP on your server.

I think your going to have to explain how they want you to config email? either your own server or hosted by a secure authority. And the reason why you have an adsl line with a router... Bear in mind, and I have a firebox 1, it ain't plug it in and your secure. Even with discovery configuration your going to have to make config changes to the firewall/router.

I'm surprised that given the place of work you have not been given a guideline or policy document set to work with from the out set of the project.

 

[popotech]

i couldn't agree with you more, their vagueness is what is making it so difficult to understand. i just a few more questions though, if u don't me asking as few here they are.

- i am a little confused when you said connect the dns to the server, in my eyes i had planned on having the dns and the dhcp all on one server, is that correct and if so what exact purpose does the dns serve?

- are we really going to need a dns if we are working on a network that is going to be accessing the interent, other than email's which we would be getting from a company called adgrafix, just because i can make as many email addresses as i want, we dont have to worry about the @police.org portion because it won't be leaving our network

like i said i am novice to this, they just hap hazardly set this bag of trouble in my lap and said DEAL WITH IT! which basically sucks on my end.

thanks for being so helpful,,,,,all answers to my many queres are greatly appreciated.

popotech

 

[GlenJohnson]

My 2 cent's worth.
1) I've never configured dhcp except on a wireless router, and there I created a dhcp pool to divey out ip's and set it to keep the ip forever. Someone with more dhcp knowledge would have to verify that it can be done on a server.
2) Make sure your system is ntfs and not fat32. Much more secure.
3) For Active Directory to work, make sure the server is a Domain Controler and not a stand alone server. Don't believe AD works on stand alones.
4) Save yourself some headache, and go to

http://www.google.com

and do a search for tightvnc. It's free and you can install it as a service so it starts up when the pc's startup. This allows you to access those pc's from your workstation without having to run out to all the pc's when there's a problem. I have this running on 250 pc's and it saves me a lot of legwork.
Good luck. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com

"Take nothing on its looks: take everything on evidence. There's no better rule."
Charles Dickens (1812-1870); English novelist, dr

 

[leinad]

Glen,
DHCP service can be done in any number of ways...a windows server is one method.

Popo,
DNS is required so that when your machines access the Internet and request a resource, some machine somewhere (a DNS server) can translate your request (

http://www.yahoo.com)

to an assigned IP address (66.218.71.83).

The two services are unrelated, except that they both belong in the general 'networking' realm.

BTW, there is a WatchGuard solutions forum here at tek-tips if you are interested ;-}

Daniel

 

[turquoise]

OK you have to step away from the traditional term server, thinking that it's a box locked in a room somewhere. You get Windows 2000 Server and install it on a server specification box. (like a Dell PowerEdge). This is your platform to work from, for example you'd config DNS server, this is a IP <-> Hostname service, it's called a server. Then you could configure IIS Internet Information Server which still runs on the Windows 2000 Server, then you could buy Exchange server 2000 or 5.5 and install that on your Windows 2000 Server or SQL server 2000 or 7 and run that on your Windows 2000 Server.

You will be running the DNS server on your main Windows 2000 Server. It's installed by default when you install Win2K Server. Windows 2000 and in particular AD (active directory) rely on DNS. (this is one of the major changes from NT which used WINS) Windows needs to know who's out there and what resources are available, it does it by making entries in the DNS server.

You won't use DHCP if your using static IP's. So you can forget that now.

Oh also remember you get your 80 workstations with win2k Pro, install with NTFS not Fat32 as pointed out above. You got your Windows 2000 Server. You need to buy the equal number of CAL's (client access licences) for the workstations to connect them to the server in your case 75. (The server normally comes with 5 CAL's). Ever wondered why he was the richest man in the world?

Surely if your a police unit you'd be connecting to the outside world and to the company via a secure VPN (virtual private network)?

I'd put in for a Windows 2000 course if I was you. Microsoft or your prefered VAR can give you details. They run overview, implementation and management courses as well as the full MCSE/MCSD/MCP courses.

 

[shender944]

If you can I would go with active directory. This will make assigning rights much eaiser and in the future you might have the need to apply some group polices for secutiry reasons. I noticed in one of the post exchange was mentioned run that on a differnt machine than what you plan to host your profiles from. I would suggest you have a Primary Domain controler and a seconday controler. Setup your main machine for AD you can do this buy running DCPROMO from start RUN. OK on the second machine your backup domain controler you will run DCPROMO too but in the wizard make sure to choose not to let it become the primary controler. I cant recall the detials cause its been awhile since I have had to run dcpormo. But with 2 AD servers setup if one goes down your users will still be able to log onto the network. So you might make your 1st cpu the one that holds the profiles and make the second server for Exchange or what ever else you might need to run. And now that all your profiles are going to be stored on one machine dont forget to make some type of backup for them. Even if you just use the windows backup from the second server to back them up.

Sounds like you have a fun project. Wish I could help


Shawn

 

[CharlieJax]

Hey popotech,

You have quite a task there, but it is not impossible or hard if you split it up into the small tasks you want to completed.

1) Networking the PCs
The way a large network (such as 10+ computers) will work the best is if you have a central &quot;hub&quot; area where you store your main networking equipment, now when I say networking equipment I mean:
- Your router, DSL (or cable) modem, and or firewall
- Your network hub(s) or switches.
-To connect so many PCs you will need to purchase several hubs or switches.
- Your server (You really only need one server with >100 PCs)
- Your UPS (to protect your equipment)

2) Domain vs. Workgroup
Since your office wants you to setup the ability to use roaming profiles you will need to use a Domain setup which requires the use of a server. You can use the server to provide DNS, DHCP, Account Authentication, storage of the profiles, etc.

- Make sure you get a large amount of hard drive space to store the roaming profiles as they have to be on the server so that when people go to each new PC they can gain access to their profile.

3)You do NOT have to use Login Scripts
For what you want (e-mail and roaming profiles) you do not need to use login scripts. The advantage of login scripts is they will provide you a way to give people access to shared resources.

4) E-mail
I would go with the external POP accounts and use Outlook to access them. Why? Because it is easier to setup internaly and externaly. Otherwise you will need to setup an Exchange server, Notes server, or other internal mail system (POP mail - via the AS/400 is a choice).

Here is how I would tackle it:

1) Get the cabling done for the networked stations (HIRE AN OUTSIDE COMPANY TO SNAKE THE WIRES!!!)

2) Setup your network room, the way most companies have it setup is the external line comes into the router then into one of the hubs, if you plan to go with DSL you will need to do the following:

1) Connect your DSL line to your DSL modem
2) Connect the DSL modem to a DSL Router
- You could also setup your server with two network cards to share your network connection
3) Connect your DSL Router to your server and other PCs leaving a port open to connect to another hub, and connect your other hub to other PCs.

-NOTE: The DSL router can provide DHCP addresses, with a W2K server you do not need to use DHCP but to use Active Directory (allowing people to use roaming profiles) you have to setup DNS, but you don't have to populate the DNS database.

4) Setup your server to be an Active Directory Domain Controler (Setting up a W2K server is just like setting up a W2K Pro machine, then when the setup is complete and you are in Windows go to start and run and type &quot;DCPROMO&quot; to turn your W2K Server into a Domain Controler.

5) Setup your users in the Active Directory Users and Computers, and setup the roaming profiles under the the profile tab
- What it is asking for is the path to where the profiles will be stored, so you will need to share a directory on your server by going to where you want people to store them, creating a folder and then sharing it out. Each person will need their own folder, so perhaps something like this:

On the D Drive create a folder called profiles and inside that create a folder for each user. Then share out the folder called profiles. Assuming your server name is Server01 the path for a user named John Smith might be:

\\Server01\profiles\jsmith

6) Setup each PC to be a member of the domain you created in the DCPROMO part above and you should be able to login to your new domain, access the web from any PC and thus reach your e-mail.


IF you decide to do any of the following you should get another server for each function:

Setup an exchange server
Use shared resources (network drives) - This may require more than one server depending on usage load
Create an Intranet


There are several ways you could attack these problems, this is just one suggestion, but in recap split it into smaller tasks such as:

Setup the network
Setup the server
Setup the PCs

That will make it easier on you.

Also, there are a few choices you can take to image the PC, you can either use Microsoft's tools or you can use Norton Ghost.

Lots of little steps will make your project easier

Feel free to e-mail me at CharlieJax@aol.com if you need any clarification or use MSN messanger to get ahold of me at AmishHockeyGuy@hotmail.com and I might be able to assist you more. CJ
- Jr. Rocket Man

 

[leinad]

My advice:

Print out the post just above this one, and stay away from tek-tips until you finish going through your print-out.

Just my humble opinion

Daniel

 

[GlenJohnson]

What leinad said. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com

&quot;Take nothing on its looks: take everything on evidence. There's no better rule.&quot;
Charles Dickens (1812-1870); English novelist, dr

 

[jamor1999]

This is great info, and if you need any help, especially with that Watchguard Firebox, e-mail me. My co-worker knows his way around them and it looks like you're in the exact same situation we were in! We made it, though! And we've learned so much but we remember wanting to cry sometimes. Drop a line: jamor1999@yahoo.com

Jane