Creating a simple network consisting a server and 15 computers

[vin447]

Sorry to bother you all on this holiday season, but unfortunately i have to create a network connection in my office. I've got a server computer running on windows server 2012 datacenter edition and about 15 computers running on windows 7 and xp. I am still new to this networking stuff, so please help me. My first question is how to connect these computers with the server computer? I missed most of the basics, so i still don't understand with the networking terms. Anyways, thank you for your attention.

(i connect these computers with a LAN cable, and also i am unfamiliar with tcp/ip network configuration)

 

[vin447]

You are correct for the IP address, all the workstations will start with 192.168.0.100 and go up from there, DHCP will assign each computer on the network all the information it will need to access the network/internet such as IP address, subnet mask, default gateway, and DNS. When you create you address pool for DHCP on your server, you will also want to set the lease time for each address to about 24 hours, it might be set to eight days. Before you setup DHCP on the server, make sure you can get on the internet from the server, and that you have the correct default gateway and DNS set on its network interface.

On the computers you are trying to connect to the domain can you please enter the command prompt and type in ipconfig /all and post the output. If you are running windows 7 just type in CMD in the search box in the start menu, or type in CMD in the run box for XP.

Hello again jeff-j, thanks again for answering my question. Can you please explain to me how to configure DHCP pool in the server? And then for the internet connection, the internet first must connect to the server computer, then the server computer will redistribute the internet connection to the client computers, am i correct? Please correct me if i am wrong.

Best regards, vin447.

 

[vin447]

Please ignore this one, it was my mistake. Hehehe.

 

[choucove]

I would highly recommend finding some guides or videos online for the steps to go through and create a simple virtual machine within Windows Hyper-V for Server 2012. These guides or videos will be able to explain the entire process and purposes of each selection much better than I can walk through it here in this forum, and with screen shots or actual video it will make more sense anyways.

Basically, the first step is to create your virtual machine. There is a wizard which walks you through the whole process, including naming it, setting up the virtual network adapter, the virtual hard drive, and then you can customize all of the other settings including the amount of RAM to assign to it, additional virtual hardware (such as DVD drive) etc. You will then point to an installation media for your Windows Server 2012 Datacenter (whether you have it on disk, or an ISO file, etc.) and start up your virtual machine, installing WS 2012 Datacenter on the virtual machine. Once that's done you can then access and control your virtual machine just like any other computer and set up your services (install your domain controller, file server, etc. here.)

 

[vin447]

I would highly recommend finding some guides or videos online for the steps to go through and create a simple virtual machine within Windows Hyper-V for Server 2012. These guides or videos will be able to explain the entire process and purposes of each selection much better than I can walk through it here in this forum, and with screen shots or actual video it will make more sense anyways.

Basically, the first step is to create your virtual machine. There is a wizard which walks you through the whole process, including naming it, setting up the virtual network adapter, the virtual hard drive, and then you can customize all of the other settings including the amount of RAM to assign to it, additional virtual hardware (such as DVD drive) etc. You will then point to an installation media for your Windows Server 2012 Datacenter (whether you have it on disk, or an ISO file, etc.) and start up your virtual machine, installing WS 2012 Datacenter on the virtual machine. Once that's done you can then access and control your virtual machine just like any other computer and set up your services (install your domain controller, file server, etc. here.)

Hello choucove, thank you again for answering my question. I am still seraching about the guidelines about hyper v, so i will ask you other stuffs first then.

The main task that my boss give me is to create a private network for my office, and then combine all files into the network, so that my boss can view the whole computer's file right from his desk. The employees are also given their domain account so that they can view some of the files through their own account, for example, accounting staffs are given access only to accounting stuffs, and etc. Is it enough only to configure the server to become a domain controller only? Or is there any other setup that i have to go through?

Best Regards, vin447.

 

[choucove]

This set up is pretty straight forward and simple. The best thing to do first is create your domain controller and create all the necessary user accounts. Then you join your end workstations to the domain so that they are members, connecting to and using the proper user accounts from the domain controller to log in. These user accounts are what verify credentials for people to have access to certain things on the server, the network, or even their own computer.

For example, let's you have three employees that work in the accounting department that need access to a specific shared folder on the server (again for simplicity lets call it Accounting) but don't want anyone else to have access to it. The best thing to do would be to create a new "Accounting" group in your active directory (very similar to creating a new user) and then assign those three employees to the Accounting group. Next you create a new folder on your server (the location of which is going to depend upon how you physically have the server set up, but really anywhere should work, and name it "Accounting" or whatever you want your shared folder to be called. In the folder properties, share the folder and set permissions for "everyone" to nothing, and "Accounting" group to all full control. Now those specific users will have access to connect to the server and that specific share.

 

[MartinWilson]

Sorry, haven't read through the answers so someone has likely already answered correctly for you, but if you want something cheap and cheerful, just go for an unmanaged Gigabit switch.

I'd recommend a Netgear or something of similar ilk, perhaps a 24 port switch for expansion possibilities

 

[vin447]

This set up is pretty straight forward and simple. The best thing to do first is create your domain controller and create all the necessary user accounts. Then you join your end workstations to the domain so that they are members, connecting to and using the proper user accounts from the domain controller to log in. These user accounts are what verify credentials for people to have access to certain things on the server, the network, or even their own computer.

For example, let's you have three employees that work in the accounting department that need access to a specific shared folder on the server (again for simplicity lets call it Accounting) but don't want anyone else to have access to it. The best thing to do would be to create a new "Accounting" group in your active directory (very similar to creating a new user) and then assign those three employees to the Accounting group. Next you create a new folder on your server (the location of which is going to depend upon how you physically have the server set up, but really anywhere should work, and name it "Accounting" or whatever you want your shared folder to be called. In the folder properties, share the folder and set permissions for "everyone" to nothing, and "Accounting" group to all full control. Now those specific users will have access to connect to the server and that specific share.

Hello chouove, thank you again for answering my question. Now i've got more questions.

First, i am about to connect the network into the internet. What should i do?(at first these 15 client computers are connected to the internet with the help of crossover cable).

Second, is it possible for people at the far places to access the network? Can you give me some clue? Is the answer to this question related to VPN service?

Sorry for asking you with many questions. Thank you again for your help choucove.

Best Regards, vin447.

 

[choucove]

Connecting your computers to the network and then to the internet is pretty simple once you have your settings done. Your internet will come in to a modem or router, usually provided by your internet service provider. This is your gateway, the first device in the "chain" so to speak. Connected to this will either be your own router, firewall, or a switch depending upon what type of services you need. Ideally you would set up a firewall device at this point to give you all of your routing capabilities plus additional protection and features such as monitoring and controlling network access. Many business-class routers are also able to perform these tasks.

Connected to your router will then be a switch which all of your other devices (servers, computers, printers, etc.) will all connect to. You don't need to use crossover cables at this point.

Remote access to your network from somewhere outside of your office can be done with several different things, depending upon the functionality that you want. One general way is to use VPN. This is a virtual network connection from any remote user or location back to your office, and generally allows the computer to operate as if it was plugged directly into your network at your office, so you have access to the same shared folders, network printers, etc.

VPN can be complex to get set up and working properly, though, and requires specific software or hardware to do. Another alternative is remote desktop. The Professional versions of Windows have Remote Desktop built in as a service that you just have to set up and allow certain ports through your firewall using NAT. Again, there are many great walkthrough steps and videos depending upon what device you have for a router. There are also programs such as TeamViewer or Logmein which can allow for remote desktop control without having to set up any rules in your router or firewall. Just install the software and set up an account.

 

[vin447]

Connecting your computers to the network and then to the internet is pretty simple once you have your settings done. Your internet will come in to a modem or router, usually provided by your internet service provider. This is your gateway, the first device in the "chain" so to speak. Connected to this will either be your own router, firewall, or a switch depending upon what type of services you need. Ideally you would set up a firewall device at this point to give you all of your routing capabilities plus additional protection and features such as monitoring and controlling network access. Many business-class routers are also able to perform these tasks.

Connected to your router will then be a switch which all of your other devices (servers, computers, printers, etc.) will all connect to. You don't need to use crossover cables at this point.

Remote access to your network from somewhere outside of your office can be done with several different things, depending upon the functionality that you want. One general way is to use VPN. This is a virtual network connection from any remote user or location back to your office, and generally allows the computer to operate as if it was plugged directly into your network at your office, so you have access to the same shared folders, network printers, etc.

VPN can be complex to get set up and working properly, though, and requires specific software or hardware to do. Another alternative is remote desktop. The Professional versions of Windows have Remote Desktop built in as a service that you just have to set up and allow certain ports through your firewall using NAT. Again, there are many great walkthrough steps and videos depending upon what device you have for a router. There are also programs such as TeamViewer or Logmein which can allow for remote desktop control without having to set up any rules in your router or firewall. Just install the software and set up an account.

Hello choucove, sorry for taking it too long to reply your answer, and also thank you for answering my question. Anyway, in these past 5 days i've been experimenting with the server 2012 , and i found out that it is not really hard to set up internet access for the whole network.Yesterday i chatted with my boss and he said that he would like to have another group of computers, consisting of about 10-20 client computers to be dummy computers. What he meant with the dummy computer is that these computer doesn't really do work from their own processor, but only the server's processor that works to process the applications. Just now i googled for these stuff and found some articles that says it is possible for server 2012 to do this by using the remote desktop service installation. Now i've got some questions regarding to this matter.

First, let's say that it is possible to create virtual desktop and show these virtual desktops into many separate monitors. I've read through some articles about these matter, and they mention about thin client and zero client. What is the difference between those two hardware?

Second, i have caught the gist in creating the virtual desktops in the windows server 2012, and i think it will not pose me problem while creating the virtual desktop. But the question is that how to connect the thin client and zero client with the server 2012. I've got no idea on this.

Third, what will these virtual desktop be based on? Can i choose their own os separately? Or must they be the same? Also for the licensing, will each virtual desktop need their own separate licenses?

Fourth, what specification of server will be required to run these virtual desktops smoothly? We plan to use these virtual desktops just for word, excel, and presentations(not really heavy duty stuffs).

Fifth, after i create these virtual desktops, can these virtual desktops join the domain i have created before?

I think these questions will be sufficient for me now. Thank you for your attention choucove.

Best Regards, vin447.

 

[vin447]

I apologize for my DHCP explanation. DHCP needs a router for it to populate ip addresses. 😀

Hello adrian, can you please look at my questions above? It's quite a lot, please give your opinion regarding to those questions. Thank you for your attention.

Best Regards, vin447.

 

[choucove]

I'll try to go into some answers for your questions, but first things first my recommendations: I would highly recommend putting a hold on planning to do anything with virtual desktops or remote desktop session hosts at this point. It can get very complex and expensive, and if you are just starting with networking and a server environment, you are starting to make things too complex all at once.

There are two ways of doing remote desktop environments off of a server with Server 2012. The first, traditional, method is session-based access to a single virtual machine, called Remote Desktop Session Host. With this method, end users use Windows Remote Desktop to connect to a single virtual machine on the server which will give them access to a desktop with the programs that are installed on that VM, such as web browser, word processors, a database program, etc. Not ALL programs will work right in a RDSH virtual machine environment! Each user that logs into the RDSH server will be given an identical desktop and user experience, all sharing the resources assigned to that virtual machine, but it doesn't actually create separate machines for each of them to work on. This means that any changes made while they are logged in do not save when they log out or the session ends. For some situations this is ideal because everyone gets the exact same desktop, programs, and user experience, and once they log out all changes are lost and reverts back to the same settings and configuration it was originally configured with.

There's a second way of doing remote desktop on a server, and that is with VDI. Virtual Desktop Infrastructure creates individual virtual machines on the server for users to have access to, instead of just granting them a session on the same virtual machine. These virtual desktop VMs thus can have changes saved to them and can be individually customized to fit the need of the end user. For instance, you can have a mixture of Windows 7/8, or even linux environments that a user is directed to when they are logged in depending upon settings on their user profile and your Connection Broker, a component or role on the server which helps direct where people are logged in with a VDI solution.

VDI requires more performance overall to implement because you are running more individual virtual machines than through a traditional terminal server or RDSH server. However, it offers more flexibility and the ability to have changes and environments saved, customized, and modified by end users. Either way you go, there are additional licensing cost. And besides the additional complexity, the additional cost is why I would highly recommend you holding off doing anything with remote desktop on your server for right now.

For a small office environment, especially with what you are describing, almost every time it ends up being more costly and less effective to purchase the RDSH server licensing, the additional hardware necessary on your server, the thin clients, etc. to connect up to remote desktop than it costs to just purchase individual desktops which give you even better performance capabilities.

So thin client vs. zero client. A thin client is a very basic computer. It has limited performance capabilities and a very stripped down operating system designed to run only the most crucial services. I'm not expert with thin clients, but the Windows Embedded 7 ones that I have worked with are incredibly easy to navigate and use because the operating system is basically a very stripped down Windows 7 that is very familiar and easy for people to use. The primary usage of the thin client is to give users remote desktop access to a terminal server so they can use that for running their shared primary software, but a thin client may also have some additional lightweight software installed, such as web browsers or word processors. In contrast a zero client has pretty much no local hardware resources. It has an integrated processing chip which is only used to create a remote desktop connection back to another server. There's no other programs or usage for the zero client besides this. Zero clients can be handy, but are only usable in very specific implementations of VDI utilizing the right software and configuration.

Again, implementing virtual desktop on your server becomes a very complex (and can be very expensive) undertaking. If you are just starting with your network and server environment, I would not recommend doing all of this at once. Get things up and going efficiently first with your domain and storage needs, ensure that you can handle managing that. Then look into evaluating the cost difference between running virtual desktop against the cost of just running individual desktops. In my experience for most small businesses, it just doesn't end up being cost effective to do virtual desktop over having individual desktops which offer greater performance options as it is.

 

[vin447]

I'll try to go into some answers for your questions, but first things first my recommendations: I would highly recommend putting a hold on planning to do anything with virtual desktops or remote desktop session hosts at this point. It can get very complex and expensive, and if you are just starting with networking and a server environment, you are starting to make things too complex all at once.

There are two ways of doing remote desktop environments off of a server with Server 2012. The first, traditional, method is session-based access to a single virtual machine, called Remote Desktop Session Host. With this method, end users use Windows Remote Desktop to connect to a single virtual machine on the server which will give them access to a desktop with the programs that are installed on that VM, such as web browser, word processors, a database program, etc. Not ALL programs will work right in a RDSH virtual machine environment! Each user that logs into the RDSH server will be given an identical desktop and user experience, all sharing the resources assigned to that virtual machine, but it doesn't actually create separate machines for each of them to work on. This means that any changes made while they are logged in do not save when they log out or the session ends. For some situations this is ideal because everyone gets the exact same desktop, programs, and user experience, and once they log out all changes are lost and reverts back to the same settings and configuration it was originally configured with.

There's a second way of doing remote desktop on a server, and that is with VDI. Virtual Desktop Infrastructure creates individual virtual machines on the server for users to have access to, instead of just granting them a session on the same virtual machine. These virtual desktop VMs thus can have changes saved to them and can be individually customized to fit the need of the end user. For instance, you can have a mixture of Windows 7/8, or even linux environments that a user is directed to when they are logged in depending upon settings on their user profile and your Connection Broker, a component or role on the server which helps direct where people are logged in with a VDI solution.

VDI requires more performance overall to implement because you are running more individual virtual machines than through a traditional terminal server or RDSH server. However, it offers more flexibility and the ability to have changes and environments saved, customized, and modified by end users. Either way you go, there are additional licensing cost. And besides the additional complexity, the additional cost is why I would highly recommend you holding off doing anything with remote desktop on your server for right now.

For a small office environment, especially with what you are describing, almost every time it ends up being more costly and less effective to purchase the RDSH server licensing, the additional hardware necessary on your server, the thin clients, etc. to connect up to remote desktop than it costs to just purchase individual desktops which give you even better performance capabilities.

So thin client vs. zero client. A thin client is a very basic computer. It has limited performance capabilities and a very stripped down operating system designed to run only the most crucial services. I'm not expert with thin clients, but the Windows Embedded 7 ones that I have worked with are incredibly easy to navigate and use because the operating system is basically a very stripped down Windows 7 that is very familiar and easy for people to use. The primary usage of the thin client is to give users remote desktop access to a terminal server so they can use that for running their shared primary software, but a thin client may also have some additional lightweight software installed, such as web browsers or word processors. In contrast a zero client has pretty much no local hardware resources. It has an integrated processing chip which is only used to create a remote desktop connection back to another server. There's no other programs or usage for the zero client besides this. Zero clients can be handy, but are only usable in very specific implementations of VDI utilizing the right software and configuration.

Again, implementing virtual desktop on your server becomes a very complex (and can be very expensive) undertaking. If you are just starting with your network and server environment, I would not recommend doing all of this at once. Get things up and going efficiently first with your domain and storage needs, ensure that you can handle managing that. Then look into evaluating the cost difference between running virtual desktop against the cost of just running individual desktops. In my experience for most small businesses, it just doesn't end up being cost effective to do virtual desktop over having individual desktops which offer greater performance options as it is.

Hello there choucove, thank you for answering my question.

About those questions, i consulted with my boss, and they said that their original intention on applying the dummy system is that they would like to restrict ability of their employees on manipulating their computer system, for example, to restrict them from installing new software, and also restricting the files that they can take from the network(restricting USB port access.) Is it possible for windows server 2012 to do such things? I heard that it is possible to manage those things from the group policy options. But i couldn't see any thing about restricting user ability in a domain. Can you help me please?

Thank you for your prior warning in applying the dummy system. Thank you very much.

Best Regards, vin447.

 

[choucove]

What users are allowed to do or denied the ability to do is controlled by the Group Policy in a domain environment. This is a core piece or service that was also installed when you set up your domain controller, and allows you to control many aspects of a network from blocking access to the Control Panel to blocking the ability for a user to shut down or restart a computer.

Again, group policy is something I'm not really an expert at. It is incredibly powerful, though, and basically works on this premise. You can create new rules which come in the form of GPO (Group Policy Objects.) These GPO you can then apply to people, groups, or computers in your network. There are so many things that can be set or controlled through GPO that I can't really go into detail on anything here to describe it, but if you look it up on google there's probably instructions for how to do what you want with Group Policy.

Another thing to look into, if you are wanting to have a non-persistent work environment where changes to the computer are just lost or reverted once the computer restarts, is a program that will lock the computer configuration. Deep Freeze and SmartShield by Centurion are two programs that are well known for this sort of thing. You basically install the application and it locks exactly how the computer is. A user can log in, do whatever they need or want, even download files, delete things, or completely garble up the whole system. You just reboot the computer and it is right back to how it was before they logged in. This software itself doesn't restrict what a user can do (they can still install software, for instance) but you can use GPO to do the restricting and leverage the non-persistent applications to revert any changes to the system at reboot.

 

[vin447]

What users are allowed to do or denied the ability to do is controlled by the Group Policy in a domain environment. This is a core piece or service that was also installed when you set up your domain controller, and allows you to control many aspects of a network from blocking access to the Control Panel to blocking the ability for a user to shut down or restart a computer.

Again, group policy is something I'm not really an expert at. It is incredibly powerful, though, and basically works on this premise. You can create new rules which come in the form of GPO (Group Policy Objects.) These GPO you can then apply to people, groups, or computers in your network. There are so many things that can be set or controlled through GPO that I can't really go into detail on anything here to describe it, but if you look it up on google there's probably instructions for how to do what you want with Group Policy.

Another thing to look into, if you are wanting to have a non-persistent work environment where changes to the computer are just lost or reverted once the computer restarts, is a program that will lock the computer configuration. Deep Freeze and SmartShield by Centurion are two programs that are well known for this sort of thing. You basically install the application and it locks exactly how the computer is. A user can log in, do whatever they need or want, even download files, delete things, or completely garble up the whole system. You just reboot the computer and it is right back to how it was before they logged in. This software itself doesn't restrict what a user can do (they can still install software, for instance) but you can use GPO to do the restricting and leverage the non-persistent applications to revert any changes to the system at reboot.

Hello choucove, thank you for answering my question.

I've found out how to access the GPO, but i don't understand on how they work. Those settings are still unfamiliar for me. I think i will create another thread specifically for the GPO matter. I will leave this thread for now, but i am sure that problems will come up later on, so i will not close this thread. I will ask you and the others about future problems later on.

Best Regards, vin447.

 

[vin447]

Sorry, i forgot to ask you this question. Is it possible for the server to be an application bank? What i mean from application bank is that the server provide applications (such as microsoft office softwares) for the client computer, so that the client computers needn't have to install more application. Thank you.

 

[choucove]

What you are describing is possible, where the server runs an application for end users instead of on their local machine. This again is all done through Remote Desktop Session Host roles and licensing and can be pretty complex to set up. Not all software is capable of running properly in this way but a good amount will. There may be some more efficient ways of installing certain software as well, such as a single instances on a W7/W8 VM to allow remote desktop than setting up and learning the more complex Remote Desktop Session Host.

 

[vin447]

What you are describing is possible, where the server runs an application for end users instead of on their local machine. This again is all done through Remote Desktop Session Host roles and licensing and can be pretty complex to set up. Not all software is capable of running properly in this way but a good amount will. There may be some more efficient ways of installing certain software as well, such as a single instances on a W7/W8 VM to allow remote desktop than setting up and learning the more complex Remote Desktop Session Host.

Long time no see choucove, thank you for your previous answer to my question.

I've consulted with my boss, and he thought that the server will not serve as the application server, but only data server. Now i would like to ask you, is it possible to limit the internet access for each domain user in windows server 2012? For example user A will be able to access internet with the speed up to 35 kB/s, but for user B he can access internet with the speed up to 50 kB/s. If it is not possible, can you give me suggestion on software that can limit internet access?

Than you for your help, choucove.

Best Regards, vin447.

 

[choucove]

Network priority of service, bandwidth control, quality control, etc. is done at the router of your network not the domain. That I know of, there's not really any effective software that can do this, you need to have a business-class router with features for setting up bandwidth control. This can get pretty complex to set up on some devices, just be prepared. It is possible, and I know that many business routers and firewalls like the Sonicwall firewalls have this capability but it will take some time to get working 100%.

 

[vin447]

Network priority of service, bandwidth control, quality control, etc. is done at the router of your network not the domain. That I know of, there's not really any effective software that can do this, you need to have a business-class router with features for setting up bandwidth control. This can get pretty complex to set up on some devices, just be prepared. It is possible, and I know that many business routers and firewalls like the Sonicwall firewalls have this capability but it will take some time to get working 100%.

Hello there choucove, about my last question, i'll start searching for the business class router then.

Do you have any suggestion on creating history of in and out files? For example, if someone take data from their computer, the server will know when they did it, what files are taken, and also where it is taken. I don't think Windows Server 2012 provides that solution, but it is also possible for me to be wrong. hehehe.

Thank you for your help, choucove.

Best Regards, vin447.

 

[choucove]

Unfortunately on something like that I would have absolutely no clue what to do. I haven't worked with anything like that and don't know of any software or something that would do that sort of cataloging. Is there anyone else here that might have recommendations?