Setting up a new office network

[tanotia]

In our office we have five PCs and four laptops, all from different manufactures, with many different operating systems. We are using XP home, XP pro, Vista, and Vista Business, plus there is no consistency to the software installed on these machines. Also we are still using floppy disks and usb sticks to transfer files from one machine to the next. There is a printer for each of the machines and the internet is a shared adsl connections. Although we do already run antivirus software, we also have a real problem with people opening malicious file attachments and bringing in viruses. This is a real worry as we have not backup solution in place for the entire business.

We really need to bring our IT into 2009 so within the next few weeks I am going to aim to setup a new professional network. We want to create a system where each user is given a windows login, a private documents folder, and access to shared documents, as well as restricted internet access. Is this referred to as Active Directory? I am open your suggestions but I am going to take a guess as to what we will need to achieve this.

Hardware

Initially we will only be focusing on the desktop pcs as these are our primary use. All the desktop computers currently being used are pretty old so therefore we have decided it would be best to replace them all for new ones. The specifications are below. These are really only basic so please let me know if I have missed anything.

Desktops

Processor: Intel® Pentium™ Dual-Core E5200 processor (2.5GHz, 800MHz, 2MB cache)

Microsoft Operating System: Genuine Windows Vista® Business with Service Pack 1, 32-bit - English

Memory: 2048MB 800MHz Dual Channel DDR2 SDRAM [2x1024)

Hard Drive: 160GB (7200rpm) Serial ATA Hard Drive with 8MB DataBurst™ cache

Video Card: Integrated Intel® Graphic Media Accelerator X4500

Optical Devices: 16x DVD-ROM Drive

Server

Base: Dual Core AMD Opteron™ 1214, 2.2GHz, 2X1MB Cache

Memory: 2GB Memory, DDR2, 800MHz (2x1GB Dual Ranked DIMMs)

Raid Connectivity: RAID 1 configuration, 2 Hard Drives (SAS or SATA) connected to add-in SAS6iR RAID Controller

RAID or SCSI Controller Card: SAS 6iR Internal RAID Controller Card

1st Hard Drive: 500GB, SATA, 3.5-inch, 7.2K RPM Hard Drive (Cabled)

2nd Hard Drive: 500GB, SATA, 3.5-inch, 7.2K RPM Additional Hard Drive (Cabled)

Optical Devices: 48X DVD/CDRW Combo Drive with SATA Cable

Factory Installed Operating System: Windows Server® 2008, Standard Edition, Includes 5 CALs English

Switch

Dell PowerConnect 2708 – 8 Port Web-Managed Switch

Software

The Dell server has the option of Windows Server 2003 and Windows Server 2008. The Windows Server 2008 is priced at 150 more than 2003, is this worth having the 2008 version for the extra money? Am I right in saying that 5 CALs means 5 users, or 5 logins? The new desktop PCs come with Vista Business installed as standard. Regardless of which server we use I understand that Vista Business with run from either 2003 or 2008?

In addition I will be adding the following software to the desktop pcs:

Mircosoft Office Suite

Adobe Acrobat Reader

Adobe Flash Player

Windows Media Player

FireFox w/ NoScript – firefox with noscript to block untrusted scripts

GData Business Anti Virus – installed on each pc and server

Faronics Deep Freeze – for preventing unauthorised system changes

Where did I go wrong?

I wait your feedback.

Regards

Tanotia

[ɹəuəllıʍ ʇɐb]

Welcome to the Windows Forum.

I don't know if any of us has the necessary expertise to answer all your questions. Most likely you will get some answers from some forum members that only answer some, but not all questions.

I am unsure whether to move your post to the Networking Board, as it has basic Windows questions, as well as some networking questions.

To me, without looking at too much detail, it looks like a good plan. Make sure that you have firewall(s) set up, either software firewalls on each machine, or a hardware firewall on the router. Of course, each machine needs a good antivirus software that is capable of updating itself with virus definitions.

[tanotia]

Thanks.

Can anyone else add their views please?

[ɹəuəllıʍ ʇɐb]

OK, I am moving this to the networking board; perhaps you get some more input over there.

[Seshomaru Samma]

In my office the setup is this:

We use a Linux server. All files are hosted on shared folders there. You can set up access to them according to user , IP , group, whatever.

On the server, cron is set to backup those folders periodically , there are many backup options that you can use.

There is also a printer shared on it.

The clients are XP and a few Osx , occasionally a Linux .

Most users are set to limited user. Browser is limited to Firefox with no-script, a strong Hostfile and IP policies + NOD32 take care of most problems ,malware-wise. In the rare cases that XP does get infected we have a Ghost backup of the system to which we can revert to.

For your set-up I can't see any reason why you would want to pay money for Windows server when you can achieve the same thing with Linux

Of course if you have the money and more comfortable with Windows then go for it...

[tanotia]

We could use a linux server but the problem is i know nothing about linux and i don't really have the time to learn.

How easy would it be for me to setup a linux server based on no knowledge?

[ɹəuəllıʍ ʇɐb]

The Dell server has the option of Windows Server 2003 and Windows Server 2008. The Windows Server 2008 is priced at 150 more than 2003, is this worth having the 2008 version for the extra money?

I don't know the differences between the 2003 and the 2008 servers. 2003 is based on XP, and 2008 is based on Vista. The 2003 server will some day soon (in a few years) no longer be supported by Microsoft, and you will need to upgrade anyway. So why not going for the newest server right from the beginning; it will give you a few more Microsoft-supported years.

[Seshomaru Samma]

We could use a linux server but the problem is i know nothing about linux and i don't really have the time to learn.

How easy would it be for me to setup a linux server based on no knowledge?

It depends on what you want to do with it.

If you want to use it to share files between clients then it would be very easy. Certainly much easier than setting it up with AD. If you want something more complex then it depends....on what you want....

to share files -install Ubuntu or Debian server with some sort of Gui (or even without GUi - save resources)

install samba (about 1-10 minutes depending on your internet connection)

set the permissions by editing a file that will look like this:

comment = Public Folders
path = /path/to/folder
public = yes
writable = no  (or yes)
create mask = 0777  (permissions -read/write etc...)
directory mask = 0777 (permissions -read/write etc...)
force user = nobody (or user name)
force group = nogroup (or group)

there are GUI tools for setting samba as well (here's a wiki using one ) ,though I never used them

(more details here )

as for restricting internet access - you need to give me more info

here is basic ICS ( there's a GUI tool for that as well , I think)

if you wish to set different permissions for different users (User A cannot access yahho, user B cannot access digg) then install a proxy server (like squid)

The installation of a Linux server is much faster than Windows and if you are lucky all hardware is recognise during install (you can run a LiveCD beforehand to make sure it does). Worth a try - you will get stability and security out of the box.

For Ubuntu - use Ubuntu Hardy Server version

For Debian- Debian Lenny

[tanotia]

Thanks for that.

How do we make the my documents folder in vista be stored on the server, is this activedirectory?

[Seshomaru Samma]

In my setting- we don't use the My Documents folder

The clients only store files on the server

We don't have any Vista clients so I can't help you with that

In XP we make sure the "My Documents" folder does not show up on any menu, you can use some sort of 3rd party hack to make sure Explorer doesn't display it. Instead they save to their folder on the server, they have a short-cut for it on the desktop so its quite easy. It takes new employs about 3 weeks to get used to not saving to "My Documents" . I was thinking about moving the My Documents folder to a different partition and change the permissions on that partition to prevent users from saving there, but its not worth the hassle.

We also use the server to stream music and videos as well as hosts HTTP and FTP. That is very simple to set up.

[homecomputeraid]

If you're still considering Windows, I'd definitely recommend 2008 over 2003. It will be supported for many more years than 2003.

[tanotia]

OK I think we are going with a Ubuntu Server with Vista Business for the clients. I assume Roaming Profiles are still going to be ok using Linux like they would be with WS2008? In regards to the user security policies, are these setup on the individual computers or can they be managed through Linux?

[Seshomaru Samma]

By Roaming Profile you mean that whatever computer the user login through ,(s)he still gets the same settings ? In Linux the settings are stored on the /home directory which you can put on the server. Check out NFS server here , also here (in the comments section there is reference to setting Vista as client).

If you set Linux as your domain controller and as your internet gateway then security is on the server

[Seshomaru Samma]

I would like to expand a little about what I just wrote

there are many different ways to control users in a network

the simplest way is to through the samba protocol (smb)- you will be able to control access to files and folders either according to IP, user or group. In this setting you can either put security on the server (use it as a gateway ) or put security on the clients (hosts, anti-virus, no-script, limited users etc).

If you want to control internet access for the users then you have several options - one is to keep file access and channel internet access through a proxy server (like squid). Another option is to run the server as a domain controller , this will get you the 'roaming profiles' , you can do it with smb , basically you install a DNS and a DHCP server and thats about it (example) . But if you want the server to authenticate like a Windows server then you NFS will be more appropriate .

But really for 9 computers sharing files and printers I would go for SMB and forget domains, profiles and authentication.

Put all data on the server, define folders and users permissions and thats it. With a bit of luck you can have this kind of server running in less than 2 hours. As for the clients - lock them down with limited users (easy on vista) , sandbox the browser, close all ports or just channel internet access through the server.

What I would do is install the server with smb and see if that works for you, Linux is very modular , if you want to add and remove something you can always do it later.

Also remember that Ubuntu server installs without a GUI by default. If you want a complete GUI with all the bells and whistles runs this command :

sudo aptitude install ubuntu-desktop

if you want a functioning gui with little memory footprints ,do this:

sudo aptitude install xorg xterm xdm icewm menu firefox

if you want something in between :

sudo apt-get install xorg xterm gdm xfce4 mousepad thunar firefox gksu synaptic

xorg is the graphical environment, xterm is a terminal, xdm/gdm are the login screen, icewm/xfce are windows managers (like explorer) , mouspad is like notepad , synaptic is a package manager (a graphical way of installing software) and firefox is a browser

The easiest way will be to use the full gui (ubuntu-desktop) for setting it up. later you can get rid of it or replace it with something minimal.