How to setup a Network Server for Computers in a Small School

[rekta]

Hi all,


My Uncle just opened a small school in our area (100 students only). He INSISTED that I should work for him as an IT Head Guy. I'm a hardware kind of guy (OCing, Installing from scratch, repair and troubleshooting etc.) Ok, I'll be honest ... I'm not a Network Guru, but I know the basics.
I've setup a basic home Network just using a router and a switch/hub using Auto DHCP/Static - 14 Computers to be exact and It was easy.


*Warning*


I'm new at this so please bear with me. This is where I need your help
I also took the job because I want to learn how to do this. If I have to read dozens of books or web links, I'll do it.



Now, here is the school setup:


My Uncle just purchased 45 new bare computers for the Students and Teachers. I've finished assembling all 45 computers two days ago (Whew, at last .. it took me (alone) 3 days). Now I've already installed Windows XP Pro on 40 and all are running ok. I left 5 of these computers to be blank (no OS) at the moment for your instructions.


There are 2 computers labs (one for Elementary, one for High School)


Here is the breakdown:


15 Computers will be for High School Students
15 Computers will be for Elementary
10 Computers are for Faculty
the other 5 could be the server or anything else ..


The web and email servers are already outsourced by a different company.
My focus should be on
- File Sharing
- Networking
- Internet Sharing
- Parental Control (for student PCs)
- Restrictions
- Active Directory(???)
- Security - one of the main concerns / What is the best firewall/anti-virus should I deploy
- Domain/Client setup
- other things that I should know
- What router/switch/hub to buy



As I understand, I need a server computer. Since it is not a web server, I could turn it off at the end of the day.


I have some basic/intermediate knowledge in Linux and Mac-irrelevant (but not servers), however, I think I'll just go for Windows 2003 server. I'm not sure, please educate me on what will be the best and easiest server OS. All client computers will be XP Pro Build 2600 (Sp3).


Anyway, where should I start?


Can anyone provide me of the links I need to study? I'm a fast learner and I'm eager to learn. Again, my knowledge in computers are purely hardware/OS installation/troubleshoot/Ocing/repair/etc.


Any Network Admins here that can give me some inputs about this?


The simplest or easiest way would be the best.


Thank you in advance!


*BTW, Sorry for my poor English

 

[dandragonrage]

Well, one should run Untangle, one should be a domain controller (which can also have a network share with whatever software you guys use, legal copies of course), and one should have lots of storage and be used for backups.

A single 48 port 10/100 switch with a couple of gigabit uplinks should work great for you. They can be had for under $100 on Ebay. You can set up a couple of the servers that will be transferring a lot on it. (The firewall box won't need a gigabit port unless you have a REALLY FAST internet connection)

Get a decent UPS setup for the servers. Liebert GXT2 is my suggestion, or APC SmartUPS is not far behind.

 

[JackMDS]

First Step Read few basic books about small Networks.

Second Step, buy or (get a trial version) of Windows 2003 SBS, and learn how to set it and use it.

http://www.microsoft.com/Windo...r2003/Sbs/Default.mspx

When you feel ready start to deal with hardware.

If this is too much get your self a consultant that would assis you in the process.

Do not start with the Hardware, and make the typical mistake of Gamers and OCs the try to deal with Networking.

With Networks you first have to learn basic Networking, and only then deal with Hardware.

 

[skyking]

For filtering content I used Dansguardian for the private school network I set up, and it does a fine job.
The turnover at a school will require quite a bit of administration. It would be best to consider that, and make adding/removing users as painless as possible. It would be in your best interests to set it up so faculty could add/remove students without you.

 

[rekta]

Thanks for your replies. I'll consider all your inputs. I just found out that Parental Control will NOT be implemented for Higher Grades (only for Elementary). We just got the server and it is an old (3 years) IBM that was Windows 2003 Server R2 on it. I just got done setting up a Wifi Access Point in the reception area. I'm not trying to learn Windows 2003 and I guess I'm doing fine. I talked to the teachers regarding saving documents - Since I'm still on the learning stages of Servers -- Is there a way to save documents from the "My Documents" of the computer that being used and automatically copy the file to the server (in a shared folder)? I was also informed that there should be NO restrictions on all of the other computers (except Elementary), so students are free to install all the things that they want (scary huh?). Well, I'm just following what I was told.

Another question:

Since all the computers are identical, could I just make an 1 CD image and use it for everyone? I'll just use a cdkey changer right after restoring it and change it to the right license numbers?

 

[Crusty]

You can use Roaming Profiles with Active Directory, but be careful because it can certainly hog network traffic if users are swapping computers often and have a large profile folder.

In all honesty, from the sounds of the requirements I would run far away and fast. Not locking down computers that teenage kids are using, and without parental controls is a massive disaster/lawsuit waiting to happen.

 

[Bashbelly]

Sounds like you need to setup quite a few things. Well you have that windows 2003 server so thats a great start. I would do things in this order.

1) setup a simple very flat active directory. Make a generic user for students (so you can lock it down good), and probably unique log ins for every teacher/administrator (will help support having individual private shared folders on your server AND maybe if you implement an exchange server later on).

2) As for saving documents on the server hell yes its possible. You have to make a logon script , a good place to learn is http://www.rlmueller.net/LogonScriptFAQ.htm
Once that is done you can give shared drives that are mapped as drive letters to your users (permissions given per active directory user(s) ).

3) About restrictions they are going to regret it big time if you do not implement group policy (also on same server) to lock down those computers. You will spend ALL of your time fixing the massive problems students create by installing games/spyware/viruses. Trust me I have been there lol.

4) And as for your last question yea, thats fine. As long as you have the legal amount of licences for your software I think you are gold. Might look into Volume Licensing for microsofts stuff, makes life easier when you can use the same lic keys.


Good luck you got a TON of work to do.

 

[Bashbelly]

I forgot to mention, all this work you are doing... definately invest in a backup solution. There are plenty out there that will cost around 1000-1500$ (A small tape drive unit fits the bill depending on how much you expect to backup). Sounds expensive but its not when you consider the massive amounts of hours you sink into setting everything up.

 

[ChAoTiCpInOy]

There's a Microsoft program that you can install on the computers that the high school people use. It'll revert back to its initial state after restart so they can download and install whatever they want but it won't be saved to the computer. I don't remember what its called, but it's for Windows.

 

[Tsaico]

Originally posted by: ChAoTiCpInOy
There's a Microsoft program that you can install on the computers that the high school people use. It'll revert back to its initial state after restart so they can download and install whatever they want but it won't be saved to the computer. I don't remember what its called, but it's for Windows.

I don't know about Windows reslease version, but Faronics Deep Freeze works great for me. Not too expensive a unit either. We use this to lock our windows images. It is also good because people like to set things like desktops and screen savers. Not to mention, even with internet scanners filters whatever, you will inevitably get a lot of OS pollution.

There is also a Microsoft subscription based solution for your software needs, like a campus site license for all of MS produts. This works well for schools, since they base the pricing of software on number of instructors, not devices. So if you have five instructors, you pay "x" amount on them, even if you have 100 computers. There are a few different options, were you can go for a specific application for a smaller annual fee, or you can pay a little more and get everything from OS, to Visio, to Office, to Exchange. It is a really good deal. The only downfall is you do not own the software. Stop paying, stop using model. But really, it is still a much better way of going, since licesnsing headaches are usually top or second problem of any company. With this style, it become a blanket coverage, so you do not have to worry. It also eases the purchasing of software since you can then spread it out over years instead of lump sums. Under the agreement, it also allows you to install any version of MS product, from the most current, to whatever older version you want to. Talk to your accounting office to find out how they depriciate the software or if they do at all.

And as a future note, building the computers isn't as cost effective as you would think. The main reason why it comes in under budget is because you do not factor in the cost of your labor and often the OS. The cheapest Dell I can purchase with integrated low everything, is about $350 or so. The cheapest set of the same stuff that I could buy is about $220, and then add in a OS, now I am about the same, only I now have to build a bunch of machines. It also makes it harder to donate the equipment when you are done, since they are "home made" looking machines vs. a brand name. Some places are less likely to give you your salvage value on the machine. Ideally you don't want to do the cheapest, but that is just an example, since you will rarely give the student top of the line in a training environment. It is pretty easy to get $950 or so with 17" monitor and 2 gigs of ram. So unless you have a specific purpose for building it yourself, I generally suggest not to.

 

[RebateMonger]

Originally posted by: rekta
I was also informed that there should be NO restrictions on all of the other computers (except Elementary), so students are free to install all the things that they want (scary huh?). Well, I'm just following what I was told.

Those computers will likely be worthless after a week.

 

[rekta]

I agree with all of you - no limitations to computers, would eventually make the computer useless in a few weeks and could bring lawsuits. I won the debate Meaning, I have to setup limitations on all of the computers.

@bashbelly: thanks for your suggestions, I'm looking at it right now. I hope I can get all of the computers running at ease before the school starts.

Thank you all for your suggestions guys!

 

[sonoma1993]

2) As for saving documents on the server hell yes its possible. You have to make a logon script , a good place to learn is http://www.rlmueller.net/LogonScriptFAQ.htm
Once that is done you can give shared drives that are mapped as drive letters to your users (permissions given per active directory user(s) ).

he doesnt have to use a logon script. He can do it through group policy. There a a folder redirection policy under user configuration

 

[Bradtechonline]

I worked as the IT Director for a Public School System for three years.

1. You need to setup a proxy server, and enforce that proxy server on all desktop machines via Group Policy Object assisgned to an Organization Unit in Active Directory. I recommend purchashing Websense Web Filter which can generate log reports for you.

2. Install Deep Freeze on all machines the kids touch. It reverts back to the image after a reboot.

3. Restrictions are your friend.. Take away access to everything they don't need. Lift restrictions when you see it may interfere with learning.

4. Just use DHCP, DNS, WINS, and all the basic services on your Domain Controller.. *2003 server* I had a separate server for each function but only because the federal gov paid for it all pretty much.

5. Create shares on a file server and use a batch file or vbscript to map those drives upon log up.

REM Batch file
net use H: \\server\sharename
/delete
net use P: \\server\sharename


If you are using the same 100 machines, and different kids logon. Just write a printui batch file to install printers upon startup..

Main thing is filtering man.. Get a good web filter, and proxy server. Kids are the worst... Good luck..

 

[Goosemaster]

I expected as much from this forum and it looks like you have a lot of great advice and a lot of work ahead of you

My primary recommendation is to start out with the basics: planning. Planning is an ongoing facet of IT, and you best start now with something as simple as a diagram. First start with a physical diagram a move up to initial and ongoing logical diagrams (who/what/where/when/why for data) describing how you are setting everything up. At each stage of any process this will keep you grounded, allowing you to create, manage, and achieve goals that you set for yourself and the school. It also make you look very professional, and rightfully so.

Of course planning isn't the actual work, so make sure to allocate planning time but don't get lost in it either.

As far as I'm concerned, feel free to drop me a line anytime you need some help.


my recommendations for software:


1. Win2k3/2k8 SBS It will offer you almost everything you need:

-filesharing
-networking
---DHCP (how comps get their addresses)
---routing (how pcs get on the internet)
-active directory
---handles the entire logical part of the network setup, use, and management (users, groups, permissions, access/authentication) via a Domain.

This will require one server with at least two network cards.

2. Untangle - Untangle uses a lot of free open source software and presents in in a very simplistic manner for someone starting out. This will require some networking skills so you might want to put this on the back burner. Just know that it offers you a way to provide a decent firewall, content control and caching (automatically stores heavily-used web data for quick access). This will require one server with at least two network cards.

3. anitivirus. I would look into edu pricing and see what your budget is. The are a lot of free ones out there (avg, avast, etc) so make sure to checkout licensing before you do anything. Always prefer managed to unmanaged so only the server has to download updates and pushes it out to the clients.

hardware:

-Dell/SMC switches are cheap. I would get 2 10/100 48 port switches in case one fails, but 1 48 port and another to cover the rest (8 or 16 port) will be fine.
-cabling -cat5e is fine

As someone mentioned, hardware is not the fist step, but one thing I do recommend you do before is make sure the computer you choose for a server can actually fulfill server duties. This means a RAID array, and some form of backup. This can, and should probably remain, as simple as possible:

-at least a 2,4ghpz p4 with at least 1GB of RAM
-at least 80-160GB of space in a RAID 1 array.
-at the very minimum use the integrated windows backup utility to backup to an external harddrive.

As you add more features and more services (antivirus, etc) your requirements will increase, so the better the specs, the better the service that it can potentially provide.

 

[Goosemaster]

Originally posted by: sonoma1993

2) As for saving documents on the server hell yes its possible. You have to make a logon script , a good place to learn is http://www.rlmueller.net/LogonScriptFAQ.htm
Once that is done you can give shared drives that are mapped as drive letters to your users (permissions given per active directory user(s) ).

he doesn't have to use a logon script. He can do it through group policy. There a a folder redirection policy under user configuration

Let's not get too ahead of ourselves....the guy needs to setup SBS up first

 

[sonoma1993]

Originally posted by: Goosemaster

Originally posted by: sonoma1993

2) As for saving documents on the server hell yes its possible. You have to make a logon script , a good place to learn is http://www.rlmueller.net/LogonScriptFAQ.htm
Once that is done you can give shared drives that are mapped as drive letters to your users (permissions given per active directory user(s) ).

he doesn't have to use a logon script. He can do it through group policy. There a a folder redirection policy under user configuration

Let's not get too ahead of ourselves....the guy needs to setup SBS up first

which it does, pretty much on it own lol

 

[Goosemaster]

Originally posted by: sonoma1993

Originally posted by: Goosemaster

Originally posted by: sonoma1993

2) As for saving documents on the server hell yes its possible. You have to make a logon script , a good place to learn is http://www.rlmueller.net/LogonScriptFAQ.htm
Once that is done you can give shared drives that are mapped as drive letters to your users (permissions given per active directory user(s) ).

he doesn't have to use a logon script. He can do it through group policy. There a a folder redirection policy under user configuration

Let's not get too ahead of ourselves....the guy needs to setup SBS up first

which it does, pretty much on it own lol

shh...lets make sure he takes this seriously

 

[Jeff7181]

Originally posted by: RebateMonger

Originally posted by: rekta
I was also informed that there should be NO restrictions on all of the other computers (except Elementary), so students are free to install all the things that they want (scary huh?). Well, I'm just following what I was told.

Those computers will likely be worthless after a week.

I agree. Giving students Administrative rights on computers is a disaster waiting to happen. You're going to become a full time Admin for the school if you participate in the design of something like that.

My advice is to lock it down as tightly as you can and have hard disk images ready to go to bring a hosed computer back up to "default" state in less than an hour. (maybe even have a couple hard drives ready and waiting with a fresh image so you can swap them out and have the PC back up and running in 5 minutes)

*EDIT* This is actually kind of an interesting project... I may throw something together using virtual machines to see what I can come up with in terms of locking things down while leaving the computers useful to students.

 

[Goosemaster]

Originally posted by: Jeff7181

Originally posted by: RebateMonger

Originally posted by: rekta
I was also informed that there should be NO restrictions on all of the other computers (except Elementary), so students are free to install all the things that they want (scary huh?). Well, I'm just following what I was told.

Those computers will likely be worthless after a week.

I agree. Giving students Administrative rights on computers is a disaster waiting to happen. You're going to become a full time Admin for the school if you participate in the design of something like that.

My advice is to lock it down as tightly as you can and have hard disk images ready to go to bring a hosed computer back up to "default" state in less than an hour. (maybe even have a couple hard drives ready and waiting with a fresh image so you can swap them out and have the PC back up and running in 5 minutes)

*EDIT* This is actually kind of an interesting project... I may throw something together using virtual machines to see what I can come up with in terms of locking things down while leaving the computers useful to students.

GPOs and hot spares of all kinds can be very useful, but the issue is that the OP has so much stuff on his plate. That focusing on one thing might detract them from fiinishing the rest.


OP, please take your time with this and keep us updated / ask as many questions as you feel you need to

 

[Modelworks]

I would look at Clark Connect.
It would fit your criteria perfectly and are available with paid support options should you need them . They have everything you need in one package that is well maintained.
And its not expensive to use.

http://www.clarkconnect.com/

 

[Goosemaster]

Originally posted by: Modelworks
I would look at Clark Connect.
It would fit your criteria perfectly and are available with paid support options should you need them . They have everything you need in one package that is well maintained.
And its not expensive to use.

http://www.clarkconnect.com/

CC is great as a proxy/cache/content filter server.

 

[hiromizu]

You're setting yourself up for failure. You need to seriously consider hiring a consulting firm to plan, build and support the infrastructure as well as have them make recommendations and manage vendors to implement educational applications. You can't do this alone - not even for 10 people considering you don't have experience. Bad bad move.

Just my .02.....