Re: getting me ducks in a row - concepts

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 10/19/04 

Date: Mon, 18 Oct 2004 21:04:31 -0400

barney wrote:
> Hi, this is my first dabbling's with windows servers so please bear
> with me while I get my head around a few concepts.
>
> Firstly, think I know what a domain is, but a few questions;
>
> 1) When I setup client PC's, can I specify that they can only logon
> through the domain controller or not at all (is the latter a good
> idea? I want to keep them controlled so they use the file space on
> the server)

Yes. Don't create local login accounts for users, and make sure only admin
types know the local administrator credentials on all PCs. Make sure all
client PCs are running NT-based OSes like 2k or XP Pro.
Use folder redirection via group policy to redirect My Documents to the
user's home directory.
>
> 2) Can I use local machine admins to bypass the domain to logon to the
> local machine?

Yes, you or anyone can log into a workstation as a local admin if you know
the credentials.
>
> Secondly, when setting up local client machines;
>
> 1) should I flatten all the HDD's and "push" all the apps to those
> machines?

You mean, reinstall Windows & all apps? I don't know if that's called for,
unless you don't know or trust whatever's on there already & really want to
make sure your workstations are standardized. You can push out application
installs via GP & MSI files if you know what you're doing with that....try
posting or lurking in m.p.windows.group_policy
>
> 2) I'm not entirely sure what's involved in "pushing" apps, can I
> pre-configure the app for each user before I push? (or only certain
> apps)

Depends how you do it.
>
> 3) Would I be able to push QuickBooks (yes I've read about some of the
> other QB issues with user rights and registry keys)

Do all your users really need Quickbooks? Do you have enough licenses to
install it on all computers? Note that Intuit software tends to assume that
the user has local admin rights and you will want to tweak this using RegMon
and FileMon from www.sysinternals.com
>
> 4) could someone give a brief idea of what's involved (at a high
> level) in pushing apps - am I just sending the setup files or will
> the setup auto-run?

How many apps are we talking about? How many desktops? Unless you have a
boatload, setting 'em up manually may be a lot faster & easier for you.
>
> Thirdly, I've read about RWW;
>
> 1) when used to access the desktop it's connecting to client
> machines, does this work with roaming profiles, so the login could be
> to any machine?

Yes.
>
> 2) Would RWW be a usable method of using QuickBooks or should I use TS
> (sorry about two QB questions :-))

You can use either. Again, how many licenses for QB do you have?
>
> Lastly, (anyone still reading??) The two NIC setup;
>
> 1) Can this be performed satisfactorily with sbs standard in
> conjunction with a good firewall? Is it just a matter of whacking
> them on different subnets and running a routing wizard?

Unless you use ISA or really need to use the built-in (and not terribly
configurable) W2003 firewall, use only one NIC - let your firewall appliance
do NAT, and handle Internet routing, filtering, whatnot. You don't need to
do anything with routing on the server at all in that case. Assign your
server/s static IPs in the same (private) IP range as the LAN IP of your
firewall - and set up DHCP on the SBS server, not on the firewall.
Note: I may be in the minority on this topic, but I've been setting up
domains & servers a long time - and outside of the SBS groups, a dual-homed
DC is generally considered a big no-no. Given how cheap router/firewall
appliances are these days, I don't see it being worth the bother.

>
> Ok I think that's all for now, thanks to anyone who answers any of my
> numerous dumb questions.

Hope this helps.
>
>
> Regards!

Relevant Pages

  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISA SERVER NOT STARTING
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
    (microsoft.public.dotnet.general)
  • RE: Is this as bad as it seems?
    ... The network being protected by the router or firewall is still vulnerable to ... > circumvented - the administrator has explicitly allowed HTTP traffic on ... this exploit has the effect of allowing the attacker to send *INBOUND* HTTP ... The HTTP server (located on the internal network or anywhere else that is ...
    (Security-Basics)