• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Tell me about this network, why its bad, and how to fix it

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
SpaceRangerJoe

SpaceRangerJoe

Member
Joined
Dec 13, 2001
Location
Tulsa, OK
[Preparing to rant...BEGIN!] - Sorry, this is kinda long.

I worked for a publishing company for about 2 years doing all computer work, and some other office stuff. I had done all the networking before I left. Nothing fancy about it. 4 computer, a few printers, 1 router/switch w/ cable internet, 2 or 3 shared folders. One lady worked from houston using remote desktop on an extra comptuer in the telecom closet. No big deal. I left for the summer to work a different job. I started back up this week to find that my entire network setup had been replaced by a local computer support company.

The accounting software (running off of a pervasive sql DB) had been moved to a seperate server (a P4 celeron with 512 ram, and a 2meg cache 40gig hdd. weak to say the least) with windows 2000 advanced server edition (upgraded from XP Pro, which the company had initially installed on the server), new router/switch (that I dont have the password to). They also setup the server has a domain controller and DHCP server. Now, this did make the network drive sharing a bit easier, i think this is extreme overkill for the size of office we have. The lady who works from houston, does not connect via remote desktop now. She connects via VPN to the domain, so she can have access to the shared drive. All her work is done on a microsoft access DB, and it is ungodly slow. She will need to have access to the accounting software (read: sql DB) in the near future. With this VPN setup, I would imagine that it would be nearly as slow. Not to mention she will have to drag her computer up from houston again (did it a few weeks ago, and the guy from the support company didn't show up to install the software), and that's our last software license. They decided that the software needed to be installed on the server, which (obviously) isn't a work station. All it needs to do is host the DB.

[/Rant]

The company I work for is pretty small. Less than 15 employees, and only 3 of which use the computers. They are not going to be expanding any time soon. They don't need anything fancy, and don't have a ton of money to be wasting on over engineered, pourly implemented computer system. I want to know a few things.

1. Is this domain actually necessary?

2. In either case, tell me about domains. Links to material to read would be nice. I want to know what I'm working with, and I want to know how to set them up on my own.

3. Is it a bad idea to have someone working several hours a week over remote desktop? Bad security, or just plain stupid? Let me know.

4. All of the workstations have the first DNS entry as the server IP address. Is this becaue of the domain, or is it a bad setup? That goes along with #2.

5. Is accessing a large SQL DB over VPN via accounting software going to be ungodly slow, or is my understaning of them sub par? Please educate me.

I think that's about it for now. To those of you who actually read all of that, give your self a pat on the back. Any help on this topic is appreciated. I have a fair amount of experience setting up small home networks, but I have never really had any firsthand experience with a system like this. Any input is welcome.
 
I don't think the domain is hurting anything

It's not really a terrible idea to work over remote desktop, but why would you need to?

If the goal is to just get the remote user working within the network it sounds like that other company has done that. She is using an Access DB? This happens to be my forte...

Is she using forms? If she is, what will speed it up is if the forms are in a form on her own machine and the tables are linked to the db, you can link to SQL tables or plain Access tables. Look here for more info on Access http://www.mvps.org/access/

Access is not that slow until you get into some pretty complex stuff. I can make the thing take out the garbage and make me drinks though, but it took a while to learn. I develop tools using Access for a large parts company (very large) and have had 60 users all actively using a tool that hit Access tables on a 2000 adv server. The team is smaller now but I also manage more tools for other departments, all using Access because it is indeed very powerful.

I can't help you much with the network, but it doesn't sound like that is a 'problem' really. It's just that you want to make it faster for some folks right?
 
Well tell us this, was the way you had things set up efficient, safe, easy to use, and liked by all employees? If the answer to those questions is yes, then it shouldn't be hard to get a company of ~15 to change things back, i mean every dollar counts i would imagine?
 
Sucka said:
Well tell us this, was the way you had things set up efficient, safe, easy to use, and liked by all employees?
Click to expand...

Yes. My way also worked. Every day last week, at least one computer wasn't able to log into the network. And these jerks charge about $85 for this work.

I guess I want to know if it is going to be worth my time to try to figure out what these guys have done, and how to fix it, or should I just put the computer back to what it was before?
 
SpaceRangerJoe said:
Yes. My way also worked. Every day last week, at least one computer wasn't able to log into the network. And these jerks charge about $85 for this work.

I guess I want to know if it is going to be worth my time to try to figure out what these guys have done, and how to fix it, or should I just put the computer back to what it was before?
Click to expand...

Well, if everyone was happy with the way things were, then by all means switch back, make everyone happy, and save some money for a new server or whatever on the side. From what info you gave the way they have it setup will work alright, but when it really comes down to it, wouldn't it be nice to have the IT guy (you) actually on site, and actually know how the system is setup, rather than contract out and have to wait for him to show up ect? I think you should sit down with your boss and explain it to him in words he can understand, mainly money ;)
 
1. Is this domain actually necessary?
Click to expand...

Useful, but not necessary. In a network that small most of the benefit is negligible.

2. In either case, tell me about domains. Links to material to read would be nice. I want to know what I'm working with, and I want to know how to set them up on my own.
Click to expand...

The short answer is that a domain is collection of computers administered together by the same trusted system. The long answer is… long. You get some benefits like ease of browsing, security, remote manageability, configuration management, etc. These wouldn’t seem to be an issue in a network this small.

Here are some really basic links.

http://www.microsoft.com/windows2000/en/server/help/sag_adintro_15.htm
http://www.wellesley.edu/Computing/WinXP/domain.html


3. Is it a bad idea to have someone working several hours a week over remote desktop? Bad security, or just plain stupid? Let me know.
Click to expand...

If it’s over a VPN connection then security isn’t an issue. I’ve seen remote desktop used often where an application wants to pull insane amounts of data to the client. With RD the host computer does all the work and only the screens are pulled across the internet. This is basically the same as PC Anywhere, Citrix, and terminal services. RD on it’s own is not very secure, VPNs are.

4. All of the workstations have the first DNS entry as the server IP address. Is this becaue of the domain, or is it a bad setup? That goes along with #2.
Click to expand...

Yes, as part of the domain the server is running DNS. If they’ve installed an active directory domain, then it absolutely has to be this way. If they haven’t then it’s still not a bad thing; the desktops use DNS to find each other, and the server looks up addresses on the internet for anything else. You’re not losing anything and picking up some benefit, even in a small network.

5. Is accessing a large SQL DB over VPN via accounting software going to be ungodly slow, or is my understaning of them sub par? Please educate me.
Some links for domains…
Click to expand...

If they’re using remote desktop or terminal services then speed won’t be a problem because the data won’t be pulled across. If they’re not using some form of remote desktop then it will depend on how the application is setup; it doesn’t *have* to be a problem.

From what you describe the network was built pretty much by the book, but for 3 users it’s overkill. It’s not hurting you but it’s not helping you too much either. Also, unless you signed a support agreement that says otherwise, your company has a right to any passwords necessary to admin your network. It’s illegal for them to withhold this from your company.

Hope this helped!
 
Yes, that was helpful. Thank you. I will definately have to check out those links.

I'm sure they have all the passwords somewhere. I just need to get them from the support company. If they try to tell me I can't have them, I will tell them just what they can do with their tech support from now on. I also noticed that they setup an admin account on the server for their techs when they come over. They also set it so they can dial in to access the server. I don't think I like this one bit. I will probably be removing this very soon. If there was ever something important enough for them to need to help me on, they can damn well drive themselves there. I don't want them logging into the server remotely. It looks like they also created several other random accounts, or just failed to disable the default ones. I was under the impression that it is a bad idea to just have ran logins hanging out on the computer. Would it be a good idea to delete those, or is it pointless?

As for the VPN and remote desktop. What about connecting to the domain via the VPN, then tell remote desktop to use the VPN tunnel to connect, so the lady in Houston could telecomute? How could I do that? With the appropriate subnetting on the remote computer, and/or binding RD to use the tunnel somehow? That should provide plenty of additional security, while maintaining the ease of use RD offers.

I'm sure I will think of more things to complain about later.
 
Unless they look like real names, the oddball accounts are probably related to services on the box (e.g. IUSER and such). You'll want to leave them alone.

To limit the consultants I'd just disable their login account. That way if you need them to get into the network remotely it's easy to do.

What you describe for the remote connection is just the way you want it. The VPN creates a secure connection for the RD (and everything else) to use. You don't need to worry about subnbetting the remote desktop, once the VPN connection is made it will think and act like a computer directly connected to your network, complete with a valid IP. The VPN tunnel is transparent to services on the remote computer, including RD and file sharing.
 
You must log in or register to reply here.

Similar threads

torin3
VPN for RDP connection?
Replies
2
Views
352
torin3
torin3
B
Comcast CGM433 Modem & Bridge Mode - SOLVED
Replies
6
Views
400
Barryng
B
B
Ethernet Cables and Best Cat Rating. Some Thoughts
Replies
3
Views
197
Railgun
Railgun
Kenrou
This Amiga 500 was left outside for years. Let's try to revive it!
Replies
6
Views
250
Woomack
W
R
Bad CPU, Bad Mobo, or 3 Bad Ram Kits?
Replies
14
Views
475
Rewire
R
Back