I am totally new to the networking aspect and would like to start understanding how to do such things.

What I would like to achieve is hooking 3 computers to each other along with limiting access for various groups. The situation that I have is:

1) I work in an office that has 3 computers but many users.
2) Only a few of us understand how to use computers and how not to mess them up.
3) Many of the users install "crap" onto all of these computers causing many crashes.
4) Often, one or more of the computers are behind locked doors and users are not able to get to their work.
5) There is not any access to internet.

What I would like to do but don't have any idea if it's possible:

1) Have my company buy a version of Win2K..... pro if possible only because it's cheaper, but they would likely shell out for "server" if need be.
2) Have all computers networked (if that is the right term) so people can have access to their work from any computer and not just one of them.
3) Limit access to users.

My questions are:

1) Is this possible?
2) What type of equipment/OS would be needed?
3) Can a Newbe like me actually do such a thing? (I have built my latest rig and am not totally ignorant except in the field of networking.)
4) Where would you suggest I find networking information if the above is possible? i.e. books or forums
5) This sounds like a halfway simple project and if so, is anybody willing to coach me through this?

Thank you in advance to any who reply.

Originally posted by MBish31

My questions are:

1) Is this possible?
2) What type of equipment/OS would be needed?
3) Can a Newbe like me actually do such a thing? (I have built my latest rig and am not totally ignorant except in the field of networking.)
4) Where would you suggest I find networking information if the above is possible? i.e. books or forums
5) This sounds like a halfway simple project and if so, is anybody willing to coach me through this?

Thank you in advance to any who reply.

1. Yes.

2. Do you want to do this right or do this cheap? If you want to do it right you are going to need a decent server, a firewall, a router, and a switch or hub. You will also need to run network cable in the walls if it isn't prewired and jack plates at the walls. I suggest Cisco on the router, firewall, and switches. If you don't understand the Cisco IOS then you might want to go with something smaller and easier. Really depends on your Internet Connections. If you're going to go T-1 you'll need the Cisco stuff, if your cable or DSL you can get away with off the shelf stuff like Linksys and etc...

Operating systems...Win2k would be the best for this environment, with the server running 2000 Server at the very least. You are going to need Active Directory to make the control issues that you have a non-player and to support the roaming profiles that you will have to use in order to have them get their work at other terminals with relative security.

3. No. A newbie can't do this. But you aren't going to be a newbie by the time you start. Go buy, read, download, all the information that you can on 2000 Server and Active directory.

4. You have the most powerful tool at your fingertips to find this information...the Internet.

5. This is by no means an easy task. You need to carefully plan out your groups in Active Directory, and your log on credentials to keep user A out of user B's files, even if he logs on to B's computer. You will also need to understand basic routing. Roaming profiles are an absolute pain in the ass, don't be over confident. And remember to test everything before going live. And here's a tip on the profiles....If you use them so they can log on to other machines the user needs to have a network share directory, if they already have them for storing their work, don't use that directory or it will delete everything in there.

The server is going to have to be a domain controller and the users are going to have to log on to it. You know when you hit Ctrl-Alt-Del to log into Windows 2000? Well when you join the computer to a domain you get another drop down box that says "Domain", you will have to options, the Domain you assigned them to or the local machine and in order for them to pull their profile information and be validated on the domain with any security.

You're up for a hell of an adventure if you've never done this before.

I would strongly recomend "Mastering Windows 2000 server" by Mark Minasi. I read it and it is an unbelivable book. It has _everything_ you could possibly need to know about Windows 2000 Server. Windows 2000 Server is a pain in the butt, however once you start playing with it, it gets easier and actually can become fun! :) . If I, a fourteen year old can do it, i know you can :) By the way, that book i recomend is 1500 pages long lol...happy reading :D

Originally posted by MBish31
1) Is this possible?
2) What type of equipment/OS would be needed?
3) Can a Newbe like me actually do such a thing? (I have built my latest rig and am not totally ignorant except in the field of networking.)
4) Where would you suggest I find networking information if the above is possible? i.e. books or forums
5) This sounds like a halfway simple project and if so, is anybody willing to coach me through this?


First of all, why are you networking them?
----to share files or printers? consider my solution..
----to concentrate security to one point? consider Kingslayer's solution..
Next, how many users is "many"? and is there a need to have them centrally administrated?

My solution for a simple network of 3 computers would be to connect them all to a hub or a switch, and thereby they could share resources. For the security, I would suggest Windows 2000 Professional on all 3 computers, (or XP, if you want).
The security would be set up per-machine (that means you would add each user to all 3 computers, so that every user has the same username & password on all 3.)
As for keeping them from installing stuff, just modify the permissions to read-only for them to the C: drive. (some programs may complain, and you will have to give them write access to that directory).
For their work, find the computer with the biggest hard drive, and make a directory on there for each user. Give them, and only them permission to it. Then share it (and give the share permission to them).
Then, tell them where there stuff is, eg: If they are on computer "MATT" then their stuff is in C:\Users\<username>, but if they are not, then their stuff is in \\MATT\<username>
(Eg. If my username is "ted", my stuff will be on C:\Users\Ted or \\MATT\Ted )
You'll also want to toy around in the Local Security Settings in MMC

Here are my answers..

1. Yes
2. For 3 computers, with no internet access, you'll need a network card for each computer, and a switch or hub. Switches are better.. I got an 8-port D-Link DSS8+ for $100 CAN a couple weeks ago. (difference between hub and switch (http://forum.oc-forums.com/vb/showthread.php?s=&threadid=64471)).
3. Yeah, but don't expect the security to be very tight..
4. Browse the Networking archives in the forums, goto a bookstore & pick up a simple windows 2000 book, you are looking for something dealing with permissions and security, but not with Win2k Server or active directory.
Windows 2000 Permissions:
http://www.cira.colostate.edu/Infrastructure/Intranet/fileman.htm
http://windows.about.com/library/weekly/aa010128a.htm
There's a couple to start..
5. If you run into any problems, chances are that atleast one person here on the forums has run into it before.

IMHO, kings's idea is for a larger/more complex setup that I ::think:: you are wanting. However, I may be wrong.

My work has 18 PC's, and 1 server all running off of win2k pro. Granted, it's getting to be a huge hassle with this many computers (and the fact that they're spread out over 2 buildings), but for only 3 computers, I think su root's idea should suffice.

What you would need:

-3x win2k pro
-3x NIC
-1x switch (or router, if you are going to hook up an internet connection)
-cat5 cable between each comuter and the switch
-a little time for learning
-an internet connection to ask all the questions you'll have
-a little patience

Technically, with only 3 computers, all this should be doable with just win2k pro. If you start getting up there in computers/users/complexity... you're gonna eventually wanna move past that (as I am getting ready to do with our system).

good luck, whichever way you go!

The big thing that he wants is roaming profiles. I.E. You get YOUR desktop background, settings, network shares, and etc, no matter where you log in. So you can walk over to your neighbors computer, log in as you, and walla, it's basically your settings on that computer.

This isn't going to be accomplished easily without 2000 Server and Active Directory.

If it wasn't for his needs of doing this, I wouldn't send a newbie down the long path, but it's just much easier to administrate the nightmare he want's to accomplish.

Holy Cow! MUCH, MUCH to learn I can see. I thank everybody for their sound advise. At least I know where to get started. I think I will need to do a lot of reading but unfortunatly I don't have a test environment other than the actual work setting and those machines will be used most of the time unless I go in late. Another unfortunate thing is that I am not even over this department at work and I would be doing this on my own time w/o compensation. (Salary sux!) I would be doing this mostly for my own knowledge.

To answer some questions..... how many people are many? I would guess about 20 people in about 5 groups that could use 5 profiles and just devide the profiles for the 20 people.

Why am I networking them?..... so if a computer that you have your stuff on (current situation) is in the boss's room (he shares a room w many) and he needs to take a private call and kicks you out, you can log onto another computer and continue with your work.

One mis-understanding..... there will be no internet connection. We have no need (my opinion is there is a need at least for W2K patches and updates but I don't run the company) and therefor we don't have one.

Last but not least..... I have to brag...... I love my new rig so here it is.....

Dual boot win98 & win2kpro
Athlon xp 1900+ UNLOCKED!!!!!!!!!!!!! WOOO HOOO!!!!!!!
Epox 8k3a+
Gainward 128MB 4200
Sound Blaster
2 60 Gig Barracuda IV
Cheiftech Aluminum (Dragon Blue w acrylic window) case 420W
CC lighting
Lite-On Writer and CDROM
Corsair 3000 - 256MB
(4) 80mm case fans
And to top it off..... I'm drinking homebrew as we speak!

:beer:

How many people are alot? In my opinion when you have to have Microsoft come out and install Windows 2000 Datacenter. I have 300 on my work network and that's really not alot.....

What you really need in this situation is a file server then.

If you have 5 different groups of people working (with 20 members each) then all you really need is a file server.

For this, the 3 computers would basically be left alone, and you would need another, low-power, high-hard drive capacity server.

A celeron 233 would do fine for a file server, but even something as low as pentium 200 would suffice. The number and size of the hard drives depends on what would be stored on them... if it's just word documents, a 20 gig 5400 would do... add ram for performance.

The 3 computers would be open, and anybody could do anything to them (install any programs, etc.) The security comes in where the files are stored.

You would have to make a directory for each person, and add each user (& their password) to the fileserver. (or group, if that's how you want to run it). Then share each directory. Set up the permissions such that the person to whom the folder belongs has full control, and nobody else has any rights.

Then when they want their files, they can contact the file server by:
\\FILESERVER\Joe
and then the fileserver will ask for Joe's username & password. If the username & password are supplied, then Joe can get into his directory on the server. (assuming the fileserver is named "fileserver" and "joe" is a shared directory, that only the user "joe" can access).

In this scenario, there is no security per-machine.. you can set up the usernames for each person on each computer, or just give them a general login. If it's a general login, then they still have to log into the file server before they can access their files.

And for a network of 3 computers and upto 100 users, you definately don't need Windows 2000 Datacenter Server. You barely would need Windows 2000 Server.