Windows Server 2008

[daniel1113]

I am building a server to use here at home. When I started this project, I had planned on installing OpenSolaris and configuring it as nothing more than a ZFS/RAIDZ file server. However, I was unable to get my onboad Sil3114 RAID chip to work with Solaris, so I switched gears to a Windows Server 2008 based server.

Basically, I'd like to use this machine as a file server that I can access from any of my computers at home through a direct LAN connection or on the road using a secure connection through Hamachi. Since I do a lot of .NET work, I also plan on using this server as a development box with IIS and MSSQL.

At home, I operate both a desktop and laptop which are connected to a wireless router that currently operates as a DHCP server.

It seems that the best way to "join" all of my systems together is to make my file server into a DHCP, DNS, and active directory server. I am familiar with DHCP and DNS, but AD is completely new to me.

Basically, I'm hoping to use AD in order to synchronize user authentication across my systems. So, if I am logged into my desktop and want to pull up a file on the server, I can simply navigate to the necessary directory without being prompted for a username/password.

So, my question is pretty simple. Is AD the correct way to do what I want, or is it overkill? Thanks in advance.

 

[TheKub]

Well in most cases you can "synchronize user authentication across my systems" by just doing that, setting up the same user account and password on all systems and when connecting you remote shares you will not be prompted.

But yes, AD will also provide this. Basically when you set up your domain you will be using domain credentials instead of local ones.

 

[Nothinman]

It'll get you what you want, but so will creating similar accounts on all of the machines and making sure that their passwords are in sync. AD will give you one account to worry about but without you'll have one account on each machine, so it depends on how important that is to you.

 

[RebateMonger]

You create an Active Directory Domain using the DCPromo command. (Or whatever Wizard is in Server 2008). You are given the opportunity to name the Domain and set other options.

Once a Domain and Active Directory are initialized, you create Domain accounts for computers and for users. Then you join the computers to the Domain using the computer accounts. It only takes a minute to join the Domain.

Then you create Domain user accounts. By default, the Domain Administrator is made Local Administrator on computers joined to the Domain. Subsequent Domain accounts are generally for standard users who aren't given Domain Administrator rights. It's obviously a very powerful account and Domain Administrator rights aren't something you want to have when simply making daily use of a desktop computer.

When logging into a desktop, you use a Domain user account rather than a local account. It's Best Practice to remove all local accounts except for Local Administrator. You don't want a bunch of unused and unmaintained Local accounts available on the desktops.

Unless specified otherwise, any Domain user can log onto any desktop computer. Each user will receive a different desktop profile. All user names and passwords are maintained by the Domain controller and the desktops authenticate User Name/Password by communicating with the Domain Controller.

Acitve Directory Authentication is pretty easy to set up and use and it gives you automaticaly synchronized user accounts across the entire Domain. Sharing Permissions and other rights are based upon Domain accounts rather than local accounts, making it easy to maintain security because there's only one Domain account per user, no matter how many ussers you have.

 

[pstylesss]

Working with domains when your new at it is a huge project to undertake. Active Directory is essentially a database of user accounts and computers on your network, when you log into your computer it grabs your credentials from AD. Unless you understand basic networking also, you're going to have a difficult time with it. You'll need to set a static address on your Win 2008 PC and turn off DHCP on your router, then make sure that DNS is properly configured on your Win 2008 box.

You know what is going to be easiest for you? Screw AD, edit your computer policy and setup a quasi roaming profile on both your PCs pointing to the same directory. I think that would work...

EDIT: Yes, for 2 PCs and no beforehand knowledge I think it's overkill... but you'll learn a lot so go for it and you'll gain a lot of knowledge, and if you're a true techie you'll have fun figuring it all out.

If you just want to have access to all your files on the file server without adding a password, you are able to do that, just create a network drive, put in the separate username and pass and choose to remember the password. OR revoke all security on that shared folder so you don't need a username/pass.

 

[daniel1113]

I appreciate the responses.

I am pretty familiar with networking and have worked with Active Directory after it has been configured on a particular domain. I just have not set one up myself before. If anything, I am tempted to do it simply to learn the process and the details involved. For example, I am aware of the dcpromo command, but I have never actually gone through and configured it.

I agree that it is overkill, but that's half the fun.

So, it sounds like after installing Windows, I'll first need to disable the DHCP server on my router and establish a static IP address for the file server. This will allow me to properly configure both DNS and DHCP services on Windows. Once both of those services are up and running, I should be able to run dcpromo and make the server into an AD domain controller.

That brings up another question. If I still need to use the wireless features of my router, but I disable the DHCP abilities of the router, will my Windows DHCP service be able to assign IP addresses to the clients that connect wirelessly through the router?

 

[RebateMonger]

Originally posted by: daniel1113
If I still need to use the wireless features of my router, but I disable the DHCP abilities of the router, will my Windows DHCP service be able to assign IP addresses to the clients that connect wirelessly through the router?

Yes. That's how it's done.

 

[daniel1113]

Originally posted by: RebateMonger

Originally posted by: daniel1113
If I still need to use the wireless features of my router, but I disable the DHCP abilities of the router, will my Windows DHCP service be able to assign IP addresses to the clients that connect wirelessly through the router?

Yes. That's how it's done.

Nifty.

 

[Nothinman]

If the wifi router is just doing bridging it should just work, if it's routing and the wifi clients are on a different subnet then you'll have to setup a DHCP relay agent on the router and the second subnet on the DHCP server.

 

[imported_snikt]

Originally posted by: ZeroIQ
then make sure that DNS is properly configured on your Win 2008 box.

EDIT: Yes, for 2 PCs and no beforehand knowledge I think it's overkill... but you'll learn a lot so go for it and you'll gain a lot of knowledge, and if you're a true techie you'll have fun figuring it all out.

AD does seem overkill for just two clients unless he's doing it for educational purposes, but with that in mind, since it is only two clients, I'm wondering if he would still need DNS. Or could he just use his Hosts files?

 

[daniel1113]

I could probably edit the hosts file; however, I'd like to play with setting up a proper DNS server.

Oh, and I'll actually have a total of 5 computers (server, 2 desktops, 2 laptops). Still not a lot, I know, but a little more than two, and enough to build a decent network.

 

[Nothinman]

And having a local DNS cache can be convenient.

 

[daniel1113]

Alright, it's time for more questions. I am basically trying to setup a network with the following devices:

Cable modem
Wireless router/access point
File/DHCP/DNS server
3 client computers

Right now, my wireless router acts as a DHCP server for the network. My cable modem is attached to the WAN port of the router, and then my other machines are connected either through the wired LAN ports or the wireless antennae.

However, if I am going to switch DHCP to my file server box, it seems silly to keep the same setup. Shouldn't the file server box be the center of my network? Would it be more logical to attach my cable modem directly to the first LAN jack on my file server, switch the router into an access point, and then plug it in to the second LAN jack on my server (I have dual gigabit LAN jacks). This way, the file server (192.168.1.1, static) would be connected to the internet via cable modem while acting as a DHCP server for the client machines (192.168.1.2 to 192.168.1.10).

 

[Nothinman]

You don't want the server directly connected to the Internet unless you absolutely have to for security reasons. Generally you put it behind a firewall (router in this case) and forward any ports that you need for publicly accessible services.

 

[daniel1113]

Ah, makes sense. Although, I have to ask, is the router firewall really that much better than the Windows firewall?

One last question: to properly configure DHCP/DNS in Windows, I need to have a static IP address. So, when I configure TCP/IP in Windows to reflect a static IP address (192.168.1.1 in my case), the same IP will be used for the default gateway and DNS server, correct? I am basically pointing the DHCP/DNS server back to itself.

 

[RebateMonger]

Originally posted by: daniel1113
Ah, makes sense. Although, I have to ask, is the router firewall really that much better than the Windows firewall?

Any OS is hosting a lot of services that are potentially listening for incoming packets. A router in front of the server ensures tnat no incoming packets are being forwarded except those that are absolutely necessary.

One last question: to properly configure DHCP/DNS in Windows, I need to have a static IP address. So, when I configure TCP/IP in Windows to reflect a static IP address (192.168.1.1 in my case), the same IP will be used for the default gateway and DNS server, correct? I am basically pointing the DHCP/DNS server back to itself.

Any network interface that's hosting DHCP or DNS services needs to have a static IP address.

Yeah, you tell the server to get its DNS services from itself. Then you tell the DNS server to get any DNS information outside its own zone (the local network) from an external DNS server (usually either the ISP's DNS server or from the public Root servers using Root Hints.

 

[daniel1113]

Sweet. Back to do some more tinkering/learning.

 

[hans007]

i think a domain should work for what you are doing.

I have not done this on 2008 ever, but I have on 2003 and it seemed fairly straight forward. there is a pretty easy wizard in 2003 and i've been told its even easier in 2008.

I'm a developer, and had never touched active directory or in fact instaled 2003 server ever when I did that (it was only like 2 months ago) and if i can figure it out, I'm pretty sure you can.

My setup is actaully pretty similar to what you have.. I've got 2003 server with IIS, MSQL , dhcp and AD to test out a network of only 2 clients for some software I am writing. It should not be too hard. Just turn your router into "wireless access point" mode and let the server handle dhcp.

 

[daniel1113]

Yeah, I messed around with it a bit this weekend and was able to get DHCP, DNS, and AD all working without too much trouble. I disabled both while I get all my files transferred over, but once that is complete, I plan on continuing. I'm sure I'll have more questions soon!