|
I've never seen it.
Serv-U allows you to do things when files get uploaded/downloaded etc.
|
|
|
|
|
Thanks for the pointer. I've downloaded the eval version and will test it this week.
I am still trying to come to grips with the fact that MS didn't build this in to their products....... (shuffles down the hallway - head hung low, mumbling to self)
|
|
|
|
|
Thanks. I tested the eval version and liked it a lot. I've disabled the MS FTP service and purchased a license for Serv-U. Good tip!
|
|
|
|
|
Couldn't you just disable anonymous FTP access and then in the user profile manager, set their home directory under their account settings?
I'm speaking completely off the top of my head, since I have never done it, but that would seem like a logical place to start...
[edit]Never mind. I just re-read your post.[/edit]
|
|
|
|
|
Miszou wrote:
Couldn't you just disable anonymous FTP access and then in the user profile manager, set their home directory under their account settings?
I've done that. For a given FTP port number there seems to be only 1 home directory - the directory you configure in the Internet Services Manager. It uses NT account info to validate logins, but it ignores the clients home directory as configured in User Manager for Domains and instead dumps everybody who logs in into the single home directory for that FTP port.
I worked around this by using different ports and setting up several FTP sites. But the passwords work no matter what port number you enter. So you have the problem where someone could easily start guessing port numbers and ending up in other peoples folders.
I am just amazed that MS didn't think about this.
I guess they just assumed everyone in the entire friggin world would be using MS networking.
|
|
|
|
|
I can configure User Profile and Desktop setting for INDIVIDUAL USER as follows:
>mmc
>Add Snap in
>Active Directory Users and Computer OR local users and groups
>Select a PARTICULAR user from the available account/user list
>Properties
>Profile tab
>User Profile
>Profile Path
How can I configure the user profile for a "WINDOWS USER GROUP" instead?
Thanks.
Norman Fung
|
|
|
|
|
Groups don't have profiles, only users do.
Some of the settings you want to make may be possible through Group Policy - run gpedit.msc.
|
|
|
|
|
|
I have a requirement to install a network in a building that is shared by two small companies. Each company will require access to the internet via a single T1 connection.
What is the best way to arrange such a network, so that the 2 companies are unaware of each others existence on the network? I would like to have the clients authenticated on a Windows NT domain, although this is not essential. Can I have 2 domains on the same network? Or should I just use workgroups instead?
More information: Each company will need to host its own web site on its own server. We are buying all new computers and software, so any Windows based OS is a viable option at the moment...
Thanks for your help!
|
|
|
|
|
Miszou wrote:
Can I have 2 domains on the same network?
Sure! But you should split your network id into two separate subnets. A decent router on the T1 line will be necessary, and each company should have its own server to handle DNS and DHCP on its particular subnet. Post a bit more info here, like the number of hosts in each company, the network IP assignments you have, and the distribution of servers available, and I'll bet you'll get much better answers.
"Another day done - All targets met; all systems fully operational; all customers satisfied; all staff keen and well motivated; all pigs fed and ready to fly" - Jennie A.
|
|
|
|
|
Ok, here's the deal:
My company (4 people) is moving into some spare offices of a friend of my boss. As part of the deal for getting the new offices quite cheap, we have agreed to update his network and get him online with all new hardware/software etc. He won't have that much internet traffic, but we need the T1, so it makes sense for him to use it too, since we will be in the same building and can split the cost 50/50...
Both companies have a website that needs to be hosted (ours will require much more bandwidth - both upload and download, whereas his will be far less). My personal preference, since we are effectively reworking his existing system, is to "do it properly from the start" and buy half a dozen PC's with XP pro and get them authenticating on a Windows 2000 domain controller, which will also be his web server.
I would like to do the same for our own company (using our existing hardware), although we are looking to scale up by having several servers (Web/SQL/email), which can all be the same Win2k server for the moment as long as we can split them later, if necessary. We will also only require 5 or 6 workstations.
However, there is another school of thought that wants everything to be extremely simple. ie, set up everything as a peer-to-peer network with no domain controller (perhaps using workgroups to separate the 2 networks?) This belief is based on the fact that simple is better and we don't want to have to be responsible for maintaining the other guy's network and staff, since he is *ahem* "not a techical person".
One of the first problems that springs to mind is how to redirect 2 different port 80 requests to 2 different servers. The only experience I have really had with networking is my home project (NT Server + 4 Win2k clients + Win Xp wireless laptop all running through a $80 DLink wireless router). I know about domain controllers and that kind of thing, but how to get an elegant solution that will be easy to maintain for both companies - I'm a little out of my depth!
Thanks for your response, I hope this clarifies things a little...
|
|
|
|
|
Much clearer now! Given the difference in needs, you've got quite a deal going to split the T1 cost 50/50 - nice work!
Miszou wrote:
One of the first problems that springs to mind is how to redirect 2 different port 80 requests to 2 different servers.
Let's start here. Internet packets don't arrive willy-nilly looking for port 80. Each is tagged with a port number, an IP address, and a protocol. You don't have to worry about redirecting them, as each host on the network will have a different IP address. Only the server with the correct IP address will respond to a packet, and then only if it has a service listening on the same port and watching for the same protocol as matches that of the incoming packet. No worries there.
Your preferred approach - separate servers and domains - would be my choice, as well. I've worked with workgroups (though never two interconnected ones) and found them to be a pain to administer. Having a domain and a domain controller just makes life nicer, and admin costs are lower. A server for your needs ( and the other company's ) needn't be a large expense. My primary PC is a Win2K Server system, for reasons that made sense at the time, and it cost me less than $1800 to build from scratch including a 5-user OS.
Each office should be assigned a different IP address segment, and all the hosts in each connected to a hub or switch - those are cheap (< $100). Each hub is then connected to the router that handles the T1 connection. The router should be configured to sort out incoming packets from the Internet and send them to the proper hub. This is where I get fuzzy; I don't know for sure that your ISP will assign multiple addresses to you. Talking with them should clear that up, and router suppliers will be happy to assist you in configuring their products to accomplish what you need to do.
When you assign addresses leave yourself some wiggle room. I use the internal private range of 168.192.x.x generally, and most networking components I've used come preconfigured to work in that range. Assign one company to 168.192.0.0 and the other to 168.192.1.0 and you'll each have room for 254 hosts eventually. Have a plan, too, as you design it. I find it helpful to have a standard way of doing things that makes future changes easier. For example, assign individual PCs addresses beginning at .100, Servers at .010, and the router at .001. If you're planning on having network printers save a block for them, say .050 - .099. With such a scheme it's a lot easier later to locate remote resources when you have a problem.
I hope that's a little bit helpful. Have fun!
"Another day done - All targets met; all systems fully operational; all customers satisfied; all staff keen and well motivated; all pigs fed and ready to fly" - Jennie A.
|
|
|
|
|
Roger Wright wrote:
My primary PC is a Win2K Server system, for reasons that made sense at the time, and it cost me less than $1800 to build from scratch including a 5-user OS.
Cost ~AUD$2000 for Windows Server 2003 5 userpack a couple of months ago for a client. Sure would be nice to get things at US prices over here.
Roger Wright wrote:
Each office should be assigned a different IP address segment, and all the hosts in each connected to a hub or switch - those are cheap (< $100). Each hub is then connected to the router that handles the T1 connection. The router should be configured to sort out incoming packets from the Internet and send them to the proper hub. This is where I get fuzzy; I don't know for sure that your ISP will assign multiple addresses to you. Talking with them should clear that up, and router suppliers will be happy to assist you in configuring their products to accomplish what you need to do.
With the IP Address range being as flooded as it is at the moment I doubt they would get more than a couple. Have them set up on the external side of the router and then NAT or PAT working to get them talking through to the internal addesses.
Roger Wright wrote:
When you assign addresses leave yourself some wiggle room. I use the internal private range of 168.192.x.x generally, and most networking components I've used come preconfigured to work in that range. Assign one company to 168.192.0.0 and the other to 168.192.1.0 and you'll each have room for 254 hosts eventually. Have a plan, too, as you design it. I find it helpful to have a standard way of doing things that makes future changes easier. For example, assign individual PCs addresses beginning at .100, Servers at .010, and the router at .001. If you're planning on having network printers save a block for them, say .050 - .099. With such a scheme it's a lot easier later to locate remote resources when you have a problem.
Do you mean 192.168.0.x and 192.168.1.x?
Michael Martin
Australia
"I suspect I will be impressed though, I am easy."
- Paul Watson 21/09/2003
|
|
|
|
|
Michael Martin wrote:
AUD$2000 for Windows Server 2003 5 userpack
Ouch! I think I paid $739.;P
Michael Martin wrote:
I doubt they would get more than a couple.
You can get whatever you're willing to pay for, for 4 should be sufficient - 1 network, 1 broadcast, and 1 each per company.
Michael Martin wrote:
Do you mean 192.168.0.x and 192.168.1.x?
I don't know how they refer to such things there, but here I most often see this phrased as a reference to the network number. I like your notation best, and frequently use it, but it seems to rub some officious people the wrong way when I do. Go figure...
As long as you're here, Michael, have you ever run across the message "Unable to initialize Windows Sockets interface - error code 0" on a WinXP machine? This PC is infected by teenagers, and IE6 can no longer resolve any address. System Restore doesn't respond at all when I click Next, yet NAV scans report it free of viruses. I suspect a trojan installed via KaZaa (which I removed), or some kind of persistent spyware that NAV can't find.
"Another day done - All targets met; all systems fully operational; all customers satisfied; all staff keen and well motivated; all pigs fed and ready to fly" - Jennie A.
|
|
|
|
|
Roger Wright wrote:
You can get whatever you're willing to pay for, for 4 should be sufficient - 1 network, 1 broadcast, and 1 each per company.
From what I have been reading the number of available addresses out there is getting very low and that the official handling bodies are only handing what you can present a good case for as opposed to how much you can pay. The article could easily have had an agenda to say as much so I could be way off the mark.
Roger Wright wrote:
I don't know how they refer to such things there, but here I most often see this phrased as a reference to the network number. I like your notation best, and frequently use it, but it seems to rub some officious people the wrong way when I do. Go figure...
192.168.x.x is a Class C range that is set aside for internal use only, will not be forwarded to the internet. That is why I thought you had the first 2 number mixed when I saw it.
Roger Wright wrote:
As long as you're here, Michael, have you ever run across the message "Unable to initialize Windows Sockets interface - error code 0" on a WinXP machine? This PC is infected by teenagers, and IE6 can no longer resolve any address. System Restore doesn't respond at all when I click Next, yet NAV scans report it free of viruses. I suspect a trojan installed via KaZaa (which I removed), or some kind of persistent spyware that NAV can't find.
No I haven't, but I must say that I run Adaware[^] and Spybot Search & Destroy[^] on all machines that teenagers and KaZaA have had a chance to f*** up. If you can't get any access to the net from the infected machine you can get Adaware and it's newest reference file reflist.ref from the homepage on another machine and transport the files there via floppy, CD or whatever and still attack it with the latest definitions.
Michael Martin
Australia
"I suspect I will be impressed though, I am easy."
- Paul Watson 21/09/2003
|
|
|
|
|
Michael Martin wrote:
192.168.x.x is a Class C range
Of course you're right... that's what I get for posting at the crack of dawn on little sleep and no coffee. Sheesh... A good thing all I had to do today was pull a couple of 60A/240V lines about 150' through a stuffed conduit. It might have been something dangerous.
And yeah, AdAware is on a CD here that I didn't think to take with me. Of course the MS site is completely useless, as always, and finds nothing related to this message. I'm thinking something has hijacked a critical bit for its own use and won't allow Windows access. If the utterly useless error message had any info about what program it's having trouble with I could use Whoslocking to locate the culprit. If something is merely damaged I'll have to reinstall WinXP, which the customer doesn't want to do but is willing to as a last resort. Poor guy - he's already spent hours on the phone with Gateway support but could barely understand a word the techs had to say. Gateway uses the same country as Dell for that. They had him uninstall IE, then gave up and told him they can't solve it.
"Another day done - All targets met; all systems fully operational; all customers satisfied; all staff keen and well motivated; all pigs fed and ready to fly" - Jennie A.
|
|
|
|
|
|
That's helpful - at least it identifies which file is causing the problem. That assumes, of course, that XP uses the same filename.There is a dialup connection defined, though unused - the current connection is DSL via a USB interface. But I can start by deleting the DUN connection, then removing DUN from the control panel. Rather than messing with the Registry (at first) I should be able to remove all networking components in Add/Remove Programs, then reinstall them. Good clues, Michael - thanks!
"Another day done - All targets met; all systems fully operational; all customers satisfied; all staff keen and well motivated; all pigs fed and ready to fly" - Jennie A.
|
|
|
|
|
A followup on the damaged XP PC: After cleaning the thing up and restoring its normal speed I still couldn't make the connection to the DSL router. Everything I could find pointed to something bolluxed up by the phone company. The customer called them and sure enough, their line was screwed up. It took them two days to do repairs on their own gear, and they sent him a new router (it was damaged by whatever did in the line) but he still couldn't get it working and called me back out. I found a WinsockXPFix.exe program on their website and ran it to clear any corruption of the TCP/IP stack, and it worked perfectly in a few minutes.
He then had me set up restricted accounts for the kids and password protect his admin account. His teenage daughter hates me now...
Heard in Bullhead City - "You haven't lost your girl - you've just lost your turn..." [sigh] So true...
|
|
|
|
|
|
Thanks for your help - things are becoming much clearer now!
Roger Wright wrote:
Given the difference in needs, you've got quite a deal going to split the T1 cost 50/50 - nice work!
Yeah! Actually, there's a lot more "business" behind this decision, but I really only care about the network. I just let the important folks puchase all the toys for me to play with!
Roger Wright wrote:
Let's start here. Internet packets don't arrive willy-nilly looking for port 80. Each is tagged with a port number, an IP address, and a protocol. You don't have to worry about redirecting them, as each host on the network will have a different IP address. Only the server with the correct IP address will respond to a packet, and then only if it has a service listening on the same port and watching for the same protocol as matches that of the incoming packet. No worries there.
As I said, most of my knowledge comes from my little home network and D-Link router, which only allows a port to be forwarded to one internal address, regardless of external IP address. I guess more sophisticated routers allow different port 80 requests to go to the correct IP internal IP address.
Roger Wright wrote:
Your preferred approach - separate servers and domains - would be my choice, as well. I've worked with workgroups (though never two interconnected ones) and found them to be a pain to administer. Having a domain and a domain controller just makes life nicer, and admin costs are lower. A server for your needs ( and the other company's ) needn't be a large expense. My primary PC is a Win2K Server system, for reasons that made sense at the time, and it cost me less than $1800 to build from scratch including a 5-user OS.
Yes, I think a domain controller + a handful of XP Pro clients would be quite a nice set up too. The concern is that we will become responsible for the other company network and have to add new users, manage profiles, policies, software installation and all that sort of thing. Since the other companies staff only needs to access one website for their entire job (this will probably be locked down somewhere, most likely in in the router), they don't (and apparently never will) use email and their computers really don't need to talk to each other, a peer-to-peer network with no authentication is being suggested as an alternative.
My thought is that since we will be installing a web server for the guy, we might as well use it as a domain controller too. (Of course, we will have to upgrade the clients from XP Home to Pro). I think that a little bit of extra effort now, while we are still planning the network, will pay off in the long run. What do you think?
Roger Wright wrote:
Each office should be assigned a different IP address segment, and all the hosts in each connected to a hub or switch - those are cheap (< $100). Each hub is then connected to the router that handles the T1 connection. The router should be configured to sort out incoming packets from the Internet and send them to the proper hub. This is where I get fuzzy; I don't know for sure that your ISP will assign multiple addresses to you. Talking with them should clear that up, and router suppliers will be happy to assist you in configuring their products to accomplish what you need to do.
I believe we are getting multiple IP addresses, although I cannot say for sure how many. I've also been recommended a couple of routers for ~$300 that should serve very well.
Roger Wright wrote:
Assign one company to 168.192.0.0 and the other to 168.192.1.0 and you'll each have room for 254 hosts eventually
This is an excellent idea! One question though - how will a DHCP server deal with this? Or should I just use static IP addresses?
|
|
|
|
|
Miszou wrote:
how will a DHCP server deal with this? Or should I just use static IP addresses?
In your DHCP server you can set more than one Scope, each with a different address pool, then assign clients to use one scope or the other. Be sure to note Michael's correction to my address range selection - 192.168.x.x, not 168.192.x.x. Never attempt to answer technical questions until after the first cup of coffee.
From that you've added here it sounds like the other company doesn't need a server of their own. Win2K Server w/ IIS 5.0 can host more than one website, each with its own IP address. You can also make them members of your domain so that your PDC is their domain controller also. Keep them in a different Group or Organizational Unit from yours, and use permissions and Policies to keep their fingers out of your machines. You can also give them FTP access to their website so that responsibility for managing and maintaining it is their problem.
Miszou wrote:
What do you think?
I think that every hour spent on planning the network before you build it will save a hundred hours of finding and fixing problems caused by inadequate planning. Good choice.
"Another day done - All targets met; all systems fully operational; all customers satisfied; all staff keen and well motivated; all pigs fed and ready to fly" - Jennie A.
|
|
|
|
|
Roger Wright wrote:
192.168.x.x, not 168.192.x.x
Actually, I didn't even notice until it was pointed out! I use the same numbers for my home network, so I just kind of read them correctly.
Roger Wright wrote:
Win2K Server w/ IIS 5.0 can host more than one website, each with its own IP address. You can also make them members of your domain so that your PDC is their domain controller also. Keep them in a different Group or Organizational Unit from yours, and use permissions and Policies to keep their fingers out of your machines.
This is pretty much what I was thinking. Rather than have 2 domain controllers messing about on the same network, just use one and manage everything ourselves from one location. Create a couple of high-level groups with approporiate permissions and it virtually manages itself. Once they have the correct permissions set up, we shouldn't need to touch their accounts for months at a time (Excepting of course for new employees and things like that). In fact, if they really want "simple", we could just set up one account for his network and have everyone log in with the same account. This way, we wouldn't even need to add/remove employeees. Something about this approach just doesn't seem right though!
Their website only served ~3,000 pages last year, so we really could just host it on our own server. It's not like it's going to hog bandwidth or anything!
Using only one domain controller and hosting 2 websites on it was my original plan. However, we really want to separate the 2 web servers into his problem and our problem, if you see what I mean... As you can probably tell, we're kind of going around in circles at work talking about this!
|
|
|
|
|
Miszou wrote:
Something about this approach just doesn't seem right though!
No, it's not, but maybe there's a way ( I've never looked into it) to grant a user in their office and Group user management privileges for their Group only. Similarly, when you create a site on IIS you also assign an Admin for that site. You can stuff that job on one of theirs. Then the only responsibility you'd have for their website would be to keep your server up and running. I presume that's a fairly high priority for you, as well, so there's no conflict of interest there.
"Another day done - All targets met; all systems fully operational; all customers satisfied; all staff keen and well motivated; all pigs fed and ready to fly" - Jennie A.
|
|
|
|
|
Anyone know of a plug-in for Windows Explorer that would seek verification of drag'n'drop folder movement from the user. Our network suffers from users inadvertantly drag'n'dropping folders into various locations that make finding them a task.
|
|
|
|
|