Heres what I have:
------------------------
I have a home network that has 4 mahcines on it. All the machines are running windows xp. 3 have pro and one has home. Currently they all connect to the internet via a router with no file sharing etc allowed. Each computer has its own logins/passwords.

Here is what I want:
---------------------------

Centeralized Login: I want to be able to set all the users that are allowed to access the computers on one machine and have all users be able to use any machine on the network.

Centeralized Storage: I have one machine with a larger hard drive where I would like to have a portion of the drive set aside for each user as well as a large portion for shared files. I would aslo like to use the individual machine's hard drives as networked storage.


Remote access: I want to be able to use a remote desktop so I can log into the network from anywhere and have access to my files

Remote managment: I want some of the users to have no install/uninstall rights so I want to be able to remote into the computer to be able to install applications on the computer. I would like this to be done from any machine on the network, as well as any outside the network.

Network managment: I want to know whats going on on the network. I want an application to monitor the traffic on the network and report any odd ports being accessed etc.

Recoverablity: I want to be able to recover the server easily as well as each individual pc.

-------------
What I'm thinking so far:
For each I would like to know how exactly to do it and if a better/easier solution is aviable. Any applications I need I would like to be able to find for free.

Centeralized Login: Setting up a domain and having the computers join the domain. Having an administrator account on the computer that only I can access.

Centeralized Storage: Use windows file sharing and map network drives. The server will be always on giving constant access to files

Remote access: Windows remote desktop solution

Network Managment: Not 100% sure here, the router supplies a list of traffic.

Recoverablity: Images for each machine as well as the server. Have networked files backed up weekly on external hd. Is it possiable to mirror the my documents folder on the network and the local machine automaticaly every week and hold roll back ability for one month?

---------------
I'm looking into solutions for this over the christmas break. I would like to have a working solution by new years that will be easier to recover from disasters than current situation and have some of checks on it to find problems quicker. Thanks :) Happy Holidays :santa2:

I must say you have a pretty ambitious schedule for getting this done on winter break. What you want to accomplish, IMO, is way over kill for a 4 pc LAN, but can be done. With that said, how much money do you have to do this? If you go to a complete M$ solution it will cost alot, (licensing) apart from any new hardware. I'll touch on some of the requirements as best I can, others can chime in on other subjects. You will need a server at minimum, that is running Windows 2kserver, configured for policies and roaming profiles, and possibley your main storage. The XP home pc will not support being in a domain, upgrade it to Pro, or leave it as is. You can use RDP to remote manage a PC, but it is NOT remote control of the desktop (console), there you will need something of the VNC family (free) RealVNC, TightVNC, or UltraVNC. YOu could also set up Terminal Services on a Win2k server. Another option, free, is to have a Linux box running Samba. Samba can provide most if not all your needs. I'm not sure about policies and roaming profiles though. Citrix is another option. It all depends on what you want and how much money you have, or don't have.

As jajmon said this is slight overkill for just 4 machines but not a bad learning exercise anyway. Essentially you need a domain controller, this will be able to control cetralised logons and access and will also be able to act as a file server.

Centeralized Login: Domain Controller

Centeralized Storage: File Sharing on the Domain Controller, using the users PCs as storage as well will get very messy, don't do it keep it central and controllable

Remote access: File access from outside the network, setup the Domain controler to act as an FTP server as well, there is a real seurity risk with this option though

Remote managment: can use MSTSC inside the network to log in as an admin to install software for users. To access all machines from outside the network will be messy, either use gotomypc (or similar) on one machine and then use MSTSC to get to the others or setup gotomypc on all machines. Not advisable. A better method would be to use VPN to connect to your network but this requires a VPN compliant router and some tweaking

Network managment: there are loads of bits of software out there that can possibly do what you need, get googling!

Recoverablity: look at investing in a second hand tape drive, I don't think it's possible to mirror My Docs but you could move it's location to a mapped network drive, there can be logon problems with that though, better to use domain policies to map drives on logon to the donmain controller and encourage users to store important docs there. The fewer locations there are to backup the easier it is to control.

For ease of setup and speed, you are best starting by setting up a domain controller with a tape drive and not trying to setup up any external network access

Remote managment: I want some of the users to have no install/uninstall rights so I want to be able to remote into the computer to be able to install applications on the computer. I would like this to be done from any machine on the network, as well as any outside the network.


If you want to do this, either buy a real firewall that supports VPN access, or at the very least set up another Win2k/2k3 server as a VPN server (not nearly as secure). Having remote desktop access available directly on the Internet is just asking to be hacked.

Basically you need a Windows server, a Group Policy File, roaming profiles, WinXP Pro workstations, a tape drive or external hard drive, and a firewall.

Alternatively, you could build a Linux box to act as your firewall, and another one as your fileserver, but it would take somebody smarter than I to tell you how to do it.

I got the same thing at home with 4 machines as well.

You dont need a VPN Server if your router has port redirection. AKA if the router detects traffic on a specific port it will redirect it to a specific internal IP. Basically you will need a static IP from you ISP. Then you set the router to forward any port 3389 traffic to a specific computer. You will then be able to RDP to any Win XP Pro machine on you network. You will also be able to remote manage from and XP Pro machine in the world. Via you static IP. I would suggest running on a crappy computer something like smoothwall or linux if you are going to open youself up. Roaming profiles would allow your users to have the same desktop and access to all their files from any comp as long as you set their home directory on the server that will always be on.

--- AD is very simple to manage specially if its only a few users.

--- Group Policy. If you are going to use Win Server 2k3 I would suggest downloading GPMC from Microsoft

--- Remote managment: can use MSTSC inside the network to log in as an admin to install software for users. To access all machines from outside the network will be messy

No it will not, RDP is like being in front of the box. I use this all the time. Its my job.

--- Data redundancy - DVD Backup. Cheap media Huge capacity.

--- Network Management - There are many port sniffers available just do a search and try a couple out.

- Security - Just make sure you setup strong password and reasonable length usernames. Rename the administrator account (group policy). Possible encrypt sensitive info. Set you router to only allow the MAC address the network cards in your house. Shut off the port redirection when you dont need it. You should be able to set up remote management on the router itself so you can turn in port redirection remotely.

My point about using a VPN server is for security; I know you can port forward with a real router but then you are leaving your RDP connection for anybody to try and get in or possibly use one of the many hacks out there for MS servers.

would that not limit where he can access from the outside world

Nope. You set up the firewall with a user database that allows people to connect through it via a VPN connection. Once inside, you are assigned a virtual local IP address that matches the subnet on your internal network. Then you connect to whatever machine you want via RDC.

What this does is give you the ability to leave the RDC port closed to the outside world, yet still give you a method of logging in to your network remotely. You can use Windows' built-in VPN client to do this, as long as you have a firewall that can act as a VPN server (which your basic Linksys/D-Link/Netgear routers do not support out of the box as far as I know.)

On the internal network, you will still be able to do whatever you want on the Internet, including online gaming, IRC, cybering, etc.

thats if you wanna fork out the extra cash for vpn compatible dlink/linksys etc. I have no experience with VPN and neither my linksys or dlink support it so i just set it up so I can remote manage the router from the outside world then i can turn on port forwarding for RDP. Works for me and with the ability to turn it on and off minimizes security risks.

Here's a new idea:

Apparently you can buy a Linksys WRT54G (Staples and Walmart sell it for $60, and there's a $10 rebate from Staples on it right now), and install a 'hacked' alternate firmware that will give the router all sorts of other functionality, like becoming a VPN server, increasing/decreasing the radio strength, and other stuff.

You can read more about it here:

http://netstumbler.com/2004/12/14/how_to_hack_the_wireless_fantastic/

I just bought one from Staples and I am going to start playing with it tonight.

Win2K3 is the way to go. You can use GPO to control everything your wanting. You can even push out new software packages via GPO (no client touches) but they have to be in a msi format. There are tools out there that will convert the software to MSI if needed.

Win XP SP2 adds a feature to GPO that allow programs to be installed on shutdown as well.

You could also take a look at the Free 5 user version of 602Lan Suite (http://www.software602.com/products/ls/). It has a lot of the same functionality as you were looking for.
I spent the Big Bucks for M$ products as well. $1500 for NT Server is a learning experience.