Re: Help in setting up LAN with Server 2003
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 11/10/03
- Next message: Tom: "desktop icons disappearing"
- Previous message: Steve: "Re: Password Protecting Applications"
- In reply to: spanks_at_nc.rr.com: "Help in setting up LAN with Server 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 Nov 2003 08:15:47 -0700
This is really an Active Directory and Group Policy
question, not appropriate for this Windows XP newsgroup.
First, I would suggest that you :
1. shut off DHCP on the router
2. install DHCP on your server and configure it so that
it correctly supports your domain, giving out the address
of the DNS service on your server
3. configure your DNS server to use your ISP's DNS server(s)
as forwarder(s)
4. join all of your client machines to the domain, using DHCP
to configure their network stack
5. User group policy to set the Users group on all workstations
to be contrain only the Domain Users group
6. control who can get a lease from your DHCP either by
reservations or by certificate based network access control.
Now, given your choice of network topology anyone knowing
what IP and gateway address to use could just plug in. To prevent
this you need to gate access to the router, such as by having your
server between your multiport switch and the firewall/router,
using RRAS to configure either the NAT or the gatewaying.
Then you could control based on machine accounts what machines
can communicate with the Lan side of the server, so even if someone
knew an IP/gateway(server) address set to use and plugged in they
could not get out past the server.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA <spanks@nc.rr.com> wrote in message news:e$4nB2wpDHA.2064@TK2MSFTNGP11.phx.gbl... > Hello, > > To start off with, thank you in advance for anyone who is able to help > me with this issue. > > I am setting up a new LAN and I need advice on accomplishing the following > things with the hardware I have. > > The hardware I have is the following > > 1. Sever running Server 2003 Standard > 2. Cable internet access connected to Linksys Firewall/Router/Switch Combo > 3. This is connected to Linksys multiple port switch > 4. Server and multiple workstations connected to #3 which is connected to > #2 (hope not too confusing) > 5. 20 workstations running XP professional > > What I am trying to accomplish is the following > > 1. (Already done) The Linksys Combo device is running as the DHCP server on > the LAN and all the computer receive the IP through that device. > 2. Each workstation would need to log onto domain (testX.com) with a > password via the Server to gain access to the workstation and ability to > have internet access. > > 3. If the incorrect password was entered, the ability to access the > workstation or internet could not happen. > 4. Once logged on the workstation correctly, the user would not have the > ability to change anything that would later allow them to access the > workstation and internet without being authenticated by the server. > > 5. No random user with a laptop could plug into a jack (connected to the > LAN) and have internet access available on the LAN or have any access to any > computer or server on the LAN without a username and password provided by > the LAN administrator. > > This is for starters. > > Thanks for any help again. > >
- Next message: Tom: "desktop icons disappearing"
- Previous message: Steve: "Re: Password Protecting Applications"
- In reply to: spanks_at_nc.rr.com: "Help in setting up LAN with Server 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
