Re: getting me ducks in a row - concepts

From: barney (barney_at_example.com)
Date: 10/19/04 

Date: Tue, 19 Oct 2004 10:07:07 GMT

Lanwench [MVP - Exchange] wrote:
> barney wrote:

>> 1) When I setup client PC's, can I specify that they can only logon
>> through the domain controller or not at all (is the latter a good
>> idea? I want to keep them controlled so they use the file space on
>> the server)
>
> Yes. Don't create local login accounts for users, and make sure only admin
> types know the local administrator credentials on all PCs. Make sure all
> client PCs are running NT-based OSes like 2k or XP Pro.
> Use folder redirection via group policy to redirect My Documents to the
> user's home directory.

Ah, group policy, that's how it's done. I assume that once I've setup the
client PC's through the admin account to be a part of a domain the login
screen will change from the normal XP login (with usernames automatically
rendered to the welcome screen) to something like a Novell login? Where
users must type in their UN and PW.

>> Secondly, when setting up local client machines;
>>
>> 1) should I flatten all the HDD's and "push" all the apps to those
>> machines?
>
> You mean, reinstall Windows & all apps? I don't know if that's called for,
> unless you don't know or trust whatever's on there already & really want to
> make sure your workstations are standardized. You can push out application
> installs via GP & MSI files if you know what you're doing with that....try
> posting or lurking in m.p.windows.group_policy

Thanks. I was just thinking of consistancy and the ease of reloading or
adding new machines. I only have around 15 machines, so maybe it's not
worth the trouble?

>> 3) Would I be able to push QuickBooks (yes I've read about some of the
>> other QB issues with user rights and registry keys)
>
> Do all your users really need Quickbooks? Do you have enough licenses to
> install it on all computers? Note that Intuit software tends to assume that
> the user has local admin rights and you will want to tweak this using RegMon
> and FileMon from www.sysinternals.com

Not *all* users need it. Am I right is assuming that I don't need to give
local admin rights if I provide users with admin rights to the QB registry
keys on the server?

>> 4) could someone give a brief idea of what's involved (at a high
>> level) in pushing apps - am I just sending the setup files or will
>> the setup auto-run?
>
> How many apps are we talking about? How many desktops? Unless you have a
> boatload, setting 'em up manually may be a lot faster & easier for you.

About 15 desktops, basic office apps and QB. Nothing huge.

>> Lastly, (anyone still reading??) The two NIC setup;
>>
>> 1) Can this be performed satisfactorily with sbs standard in
>> conjunction with a good firewall? Is it just a matter of whacking
>> them on different subnets and running a routing wizard?
>
> Unless you use ISA or really need to use the built-in (and not terribly
> configurable) W2003 firewall, use only one NIC - let your firewall appliance
> do NAT, and handle Internet routing, filtering, whatnot. You don't need to
> do anything with routing on the server at all in that case. Assign your
> server/s static IPs in the same (private) IP range as the LAN IP of your
> firewall - and set up DHCP on the SBS server, not on the firewall.
> Note: I may be in the minority on this topic, but I've been setting up
> domains & servers a long time - and outside of the SBS groups, a dual-homed
> DC is generally considered a big no-no. Given how cheap router/firewall
> appliances are these days, I don't see it being worth the bother.

I do like the idea of using a different subnet with port forwarding from
the router for external access though. I may try that first, seems
reasonable to segment public traffic from private.

>> Ok I think that's all for now, thanks to anyone who answers any of my
>> numerous dumb questions.
>
> Hope this helps.

It has indeed. Thank you.

Relevant Pages

  • Re: SP4 - explorer.exe
    ... Bad Beagle a écrit: ... server. ... I can login but then I just get a blue screen. ... The only strange point is that it works if we give local admin rights to the user. ...
    (microsoft.public.win2000.setup_upgrade)
  • Re: SP1 doesnt want to install
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... > IIS is on a separate server ... > admin rights in the domain and local admin rights on the ...
    (microsoft.public.sms.setup)
  • gdm hangs
    ... gdm will hang 9 of 10 times when logging out. ... with or without the client having been connected to the Server. ... # Timed login, useful for kiosks. ... Must output the chosen host on stdout, ...
    (Debian-User)
  • RE: OWA 2003 with ISA 2004
    ... OWA externally. ... i can login by any user. ... 825763 How to configure Internet access in Windows Small Business Server ... g. Reproduce this issue and send the logs to me. ...
    (microsoft.public.windows.server.sbs)
  • Re: Compromised Server? Anyone recognize the suspect Services?
    ... there are a bunch of logins for Website Accounts created by the ... The login accounts are for web sites that are on the ... Server management is ... right under Network Connections there were 3 ...
    (microsoft.public.windows.server.networking)