windows server 2003 setup

Aznboy · Post by **Aznboy** » Tue May 23, 2006 9:40 pm

I need help with my windows server 2003 setup. I am trying to do this

Cable modem->Win 2k3 Server->Switch-> Home Workstations.

However, I have never worked with server. I have read alot within the past few weeks. I have a dual port nic on the server. And I have an ethernet cable going to the cable modem and one going to the swtich. However, I can't get the pc to recognize the internet through the cable modem. I can easily pick up the internet via a router, for example. But directly to the pc, its not working for me. What static ip settings do i need to put down if I have an SB5100?

I tried putting 192.168.100.1 for the gateway and 192.168.0.1 for the pc ip address. This doesnt work. I dont quite get it. Anyone understand my problem?

Further, I need help with creating an active directory and, before that, making the other pcs recognize the switch.

koldchillah · Post by **koldchillah** » Tue May 23, 2006 10:07 pm

What do you want to use the server for? FTP? IIS? or just file sharing on the LAN?

You COULD setup RRAS (Routing and Remote Access Service) on the server and configure the server to act as a basic router (gateway mode) but I wouldn't let your server hang out on the public IP like that unless you are running ISA server or something to prevent intrusion on the server's public interface.

You would be much better off behind a decent external NAT device such as a basic hardware router, then just setup your server and workstations together on the LAN side, especially if you are new to the Server 2003 environment and you want to install Active Directory and setup a domain.

Basically it would look like something like this:

Cable modem > router w/ built-in switch > all workstations & server

Then you could setup your server with an internal static IP such as 192.168.1.10 and then you would be on your way to adding services to the server, such as DHCP, which can be disabled on the router and setup on the server instead. Then you could move on to DNS and Active Directory accordingly but for simplicity sake, I'd stick with one step at a time.

Aznboy · Post by **Aznboy** » Tue May 23, 2006 10:23 pm

its gonna be a file server/exchange server. I was thinking about running ISA also. I already have an 8 port gigabit switch, cat 6 wiring, and a router. How could I best do this so as to make it as simple as possible and yet, MOST IMPORTANTLY, be able to efficiently and speedily run a domain controller/active directory. The main reasons for this server are, from most important to least

1. manage all users on the server, all users logon to their usernames via the server.
2. Files server
3. Exchange/Mail server. Essentially, I am trying to centralize thing in are home network onto the server that matters. Thanks.

I had recently tried to setup the domain controller on just a router, with all the workstations and the server all connected to that router. It did not work for me. It was, however, just a plain netgear home router.

At my disposal is a netgear gigabit 8 port switch, a netgera 5 port home router, a sb 5100 modem, and a wireless g AP. (and of course tons of Cat 6 wiring and gigabit adapters)

FunK · Post by **FunK** » Tue May 23, 2006 10:35 pm

Your NIC facing the cable modem should be using DHCP.
That way it gets the IP from your ISP (much the same way as your router does).

You would set the other (LAN) NIC on your private address (static) and ensure it's on the same subnet as all your workstations.

Then you would have to bridge the two with ICS or whatever software 2003 has for doing such things.

P.S. I'm in agreement with kold on most points. It's fun to learn these things but you'd be taking out the security of NAT to expose a microsoft product that you're not totally familiar with to all the bugs on the internet.

It would even be better to do CM - Router - Server - Switch - workstations

If your goal is to get workstations working through the server. That way, you're LAN as a whole would still be protected.

Aznboy · Post by **Aznboy** » Tue May 23, 2006 11:04 pm

I could do that... put it all behind a router. What firewall do you recommend for this type of application(i.e. not a home router) I need as much hardware protection as possible. The main reason I am doing this is because of viruses on spyware and a hacker that got hold of my network in the first place.

Second, I still don't get how to get the workstations to recognize the ip of the server. I tried this and it doesnt work. They can't find an ip when they are all connected to the switch. Could some one say explicitly what ips should be in what boxes in the dual nic?

koldchillah · Post by **koldchillah** » Tue May 23, 2006 11:55 pm

Aznboy wrote:I had recently tried to setup the domain controller on just a router, with all the workstations and the server all connected to that router. It did not work for me. It was, however, just a plain netgear home router.

At my disposal is a netgear gigabit 8 port switch, a netgera 5 port home router, a sb 5100 modem, and a wireless g AP. (and of course tons of Cat 6 wiring and gigabit adapters)

Whats the model number of this "netgear 5 port home router"?

A basic home router, while not the most powerful, should still provide you with adequate protection and connectivity on a basic broadband connection. I would suspect the problem is with the configuration or some other network issue before I would suspect the router itself.

What part didn't work? Internet access? installing Active Directory?

Did you make all the cables yourself or buy pre-mades?

Post by **YeOldeStonecat** » Wed May 24, 2006 6:43 am

Is this Small Business Server? (I figure it is since you mention Exchange and ISA)

When you first build your server..and are at desktop....take your two NICs..and in your Network Properties...rename each of the LAN connections. Rename one "LAN" and rename one "WAN".

Now...take your WAN connection...and make the IP address fall in the range of your broadband router. If you have a Nutgear...those are usually 192.168.0.xxx...so assign the WAN connection an IP like 192.168.0.11, 255.255.255.0

It's more desirable to have your WAN static.

Take your LAN connection...give it a different IP range..something like 192.168.10.11, 255.255.255.0

That's all you need for now...you don't need to fill in gateway, DNS, etc. Now...you can complete your server..running dcpromo, installing the rest of the stuff, service packs, etc. If you installed all that already, no problem...now it's time to run the ICW..Internet Connection Wizard..which does all of the appropriate stuff. It holds your hand through the step by step process..with a very good help section to guide you through each decision.

The end result, will be something like
WAN
IP 192.168.0.11/255.255.255.0
Gtwy..192.168.0.1...your router
DNS...192.168.10.11...your LAN connection..the internal...since DNS is bound to it. Remember..always use your DCs DNS.
WINS..disabled since we're not network browsing on the WAN
netbios over tcp disabled..again since we're not network browsing on the WAN

LAN
IP 192.168.10.11/255.255.255.0
Gtwy if you're running ISA...you leave this blank, if you're running secure NAT..you put 192.168.10.11
DNS 192.168.10.11..again..server looks at itself, or another DC that's part of your active directory . Never at your ISPs DNS
WINS 192.168.10.11 if you're running WINS on this box..which by default on SBS you are

Workstations should have an IP in the range of 192.168.10.100 - 200 or so, gateway of 192.168.10.11, DNS of 192.168.10.11, WINS of 192.168.10.11

Read==> http://www.speedguide.net/read_articles.php?id=1660

WAN properties..only TCP/IP checked
LAN properties...all checked..
Advanced settings..check provider order..LAN should be first.

Aznboy · Post by **Aznboy** » Sat May 27, 2006 9:34 pm

so how do i get the server to broadcast the dhcp and dns's so that the workstations are assigned them? I so far can't get the pcs to see the server and connect. I have it this way.

Internet-CABLE MODEM-ROUTER(may replace with better firewall)-SERVER PC WAN in-SERVER PC LAN out-NETGEAR 8 PORT GIGABIT SWITCH-GIGABIT WORKSTATIONS.

I cant get the workstations to recognize the server. Furthermore i cant get the server pc's lan out to work without disconnecting the wan internet from the server pc. THanks Guys

Post by **YeOldeStonecat** » Sun May 28, 2006 9:28 am

Is this Small Business Server? Or vanilla server?

Aznboy · Post by **Aznboy** » Mon May 29, 2006 6:20 am

i have windows server 2003 small buisness server edition if thats wut u mean. I want it to act like a small buisness server. I just need help in the hardware part mostly FIRST. When that is working, I need to get all the workstations to be able to recognize the server that has all ready been setup as a DHCP, DNS, FILE and DOMAIN Server. I also need help tweaking the settings on these servers if the router ip is 192.168.0.1 and the server ip is 192.168.0.2 and i also need to figure out how exactly to put the server out ip as something different with out conflicting with the server in ip and stopping my internet connection, (like it usually does when I setup the server out ip)

Thanks. I am grateful for your help

Post by **YeOldeStonecat** » Mon May 29, 2006 12:07 pm

If it's SBS...follow what I mentioned up above a couple of posts...set your NICs with those IP addresses..and run the internet connection wizard. It will setup all the appropriate services on the correct NICs.

If you LAN NIC plugs into a switch..and from that switch you have your other workstations..they'll pickup the DHCP from the server.. and be handed all the correct info. Then you take your workstations, and "join the domain". Or...run the "setup workstation" wizard from the SBS.

Aznboy · Post by **Aznboy** » Wed Jun 14, 2006 1:48 am

I decided to switch. I will no longer run internet through the server. Instead ther server and the workstations will all connect via the switch which is protected by firewall. How then do i setup the ips so that the server recognizes them? They are all connected to the internet, via the switch, but I cant get the workstations to connect to my domain "chen.com" i put chen.com in for the domain and the workstations dont recognize. Also I am a bit confused with setting up users on the server pc. I tried making these users, but the accounts keep saying that I can't "login interactively." Whats wrong?

Aznboy · Post by **Aznboy** » Wed Jun 14, 2006 4:15 am

I just realized the problem there. And Finally figured out how to connect the workstations, by changin the settings in Computer Name System Properties. However, now, after creating a folder for the user profile, which I named "J," it recognizes the server and tries to logon, but says that it has to create a temporary account, as if there is no profile in the folder i specified. How can i get the profile I want to be the profile for "J"

Post by **YeOldeStonecat** » Wed Jun 14, 2006 7:07 am

Aznboy wrote:I decided to switch. I will no longer run internet through the server. Instead ther server and the workstations will all connect via the switch which is protected by firewall. How then do i setup the ips so that the server recognizes them? They are all connected to the internet, via the switch, but I cant get the workstations to connect to my domain "chen.com" i put chen.com in for the domain and the workstations dont recognize. Also I am a bit confused with setting up users on the server pc. I tried making these users, but the accounts keep saying that I can't "login interactively." Whats wrong?

Follow that guide I linked above...your problem is in DNS. If you run the computers behind a router, I'll bet you're using your router for DHCP..so it's handing out your ISPs DNS servers..which will not work when you run active directory.

Aznboy · Post by **Aznboy** » Wed Jun 14, 2006 9:06 am

i got it to work, however i cant get ther profiles to work the way i want them to. Here is what I want to do:

I want to create a profile on the server that is a roaming profile of "workstation1." When the "workstation 1" logs into the server it syncs off that profile and still can edit the profile.

I was able to create a profile on the server that the workstation could not edit.In otherwords, all the settings on the proifle were read-only, and I couldnt change it from read-only to non-readonly.

Another question I have is if I create accounts "Violet" "Jonathan" and "Steve" on the server do they have to be domain controller members or domain user members? My Doamin Controllers PCS are all members of "domain users."

As you can see I am a bit confused. Could someone walk me through creating JUST 1 account from the server all the way to logging in on the workstation?

Thanks

Post by **YeOldeStonecat** » Wed Jun 14, 2006 9:24 am

Aznboy wrote:

As you can see I am a bit confused. Could someone walk me through creating JUST 1 account from the server all the way to logging in on the workstation?

Thanks

To try to keep things simple...

On the server, you'll have what's called ADUC, the Active Directory Users and Computers. This is basically the domain users MMC component...where you keep your domain users/groups, and you'll see computers that have been joined to the directory.

Create a new domain user..lets call it "Sally". This account, when created, is a member of the domain users group. This is normally all you need on a small network. In larger networks..you'll find it easier to manage your users and shares 'n stuff...by creating "groups". You can have a group called "accounting", a group called "administrative", a group called "sales"..etc etc. This way, when you create shares..you can give access via a single AD object..the group..instead of giving access to many many individual user accounts.

But back to keeping things simple on the small scale. So you've created your new domain user, "Sally". Now...go over to the workstation she'll work on. You have the computer named as you wish...so now you join the domain. As long as this workstation is using the domain controllers IP address as its DNS server..you can join the domain . When doing so...it will ask you for domain admin credentials...so fill in a domain admin account, in this case, lets keep it simple, and use the Administrator account you have on your server. Once you click "OK"...it will pause...then you'll see the network activity light up for a few seconds, and the workstations hard drive will do a few hits...as the SID files are passed to the workstation..then you should see a "Welcome to blahblahblah domain". Now..what I do, is reboot...and log into the workstation using the Domain Administrator account. You'll see when you reboot that you now have a 3rd line in the ctrl+alt+del screen...you can toggle it from the local computer name (which you will not use anymore)...or the domain name (which you'll use from now on). Log in as Administrator, enter the password, the computer will take a few extra seconds as it builds this new profile. Now...I usually make my users members of the local administrator group. Else..by default, if I logged in as Sally...she has a restricted account on this workstation...she cannot install software and various things. So...I need to add her account to the local administrator group. In the MMC on the workstation..under users and groups...groups...Administrators, I add the "domain users" group. Now..any domain user that logs into this workstation has local admin rights. Totally different from domain admin rights.

While you're here...make sure the local Administrator account on the workstation has a password on it. Main point..that it is not left <blank>. not only for security reasons, but to keep some malware and viruses off of it..because a lot of them help themselves to creating trouble assuming the local Admin account is left unpassworded.

Now that the domain users group is added to the local Administrator group...log off..and log in as Sally. It will take a few extra seconds as it creates her new profile..customize it..and you're done.

Now you can go fiddle with your roaming profiles..(which I can't stand)

Aznboy · Post by **Aznboy** » Wed Jun 14, 2006 11:53 am

U ROCK DUDE!!! i might have more quesitons but ur the MAN

DjSin · Post by **DjSin** » Tue Dec 12, 2006 2:19 pm

I know this topic is a few months old, but I am in a similar boat to what Aznboy was going through. I found this via a google search, and I registered here at the forums to mainly post a thank you to everyone here. The information provided is top notch, and the guide linked in one of the posts is very well written. I can't wait to get home from work and setup a server 2003 network.

I am going to use the following setup:

DSL Modem --> Router w/ Built-In Switch --> Workstations & Server

I have Windows Server 2003 Small Business and I have it installed on a spare computer I wasn't using. I have my main PC and my wife's PC that will be connecting to the network. My main problem before is that my PCs were not seeing the server similar to what was happening to Aznboy. The information here has clarified some things that might lead me to fixing the problem (I ended up giving up on the network setup, and just went back to my router handling DHCP).

Any extra advice or new information you guys would be greatly appreciated. I plan on trying this as soon as I get home from work, and the information that I read here will be a tremendous help.

One last thing. I have an X-Box 360 that I run through the router also to do X-Box live games and downloads. Will having DHCP controlled by my server PC cause any problems with the X-Box connecting to the net? And what would be the best way to set the X-Box up on the network itself?

Thanks in advance.

Dj Sin

koldchillah · Post by **koldchillah** » Tue Dec 12, 2006 3:00 pm

DjSin wrote:One last thing. I have an X-Box 360 that I run through the router also to do X-Box live games and downloads. Will having DHCP controlled by my server PC cause any problems with the X-Box connecting to the net? And what would be the best way to set the X-Box up on the network itself?

Thanks in advance.

Dj Sin

Welcome to SpeedGuide!

The Xbox should receive it's IP just fine from the server's DHCP service. In fact, you will see the lease within' the DHCP snap-in and then you can take the MAC address for the Xbox and create an address reservation in DHCP so that it receives the same IP every time, OR you can just give it a static IP outside of the DHCP scope but within' the same subnet as the gateway IP sot that it can still get out fine.

Good luck to you.

DjSin · Post by **DjSin** » Wed Dec 13, 2006 8:16 am

Well guys, I tried setting up the home home network last night. I will start out by saying it was interesting. I ran into more problems than I thought I could ever run into. Most were simple to fix though.

I finally got the server setup as a Domain Controller with DHCP & DNS along with AD working. The server also had internet as I was able to surf webpages with it. My main problems came from my Linsys router and getting it to play nice. I started out working with my wife's computer to get it to connect. At first, her computer would not see the domain at all. I tried to ping the server and the router and neither could be reached. So finally, I gave them a static IP in the same subnet as the server and it saw it, and joined it right off the bat. However, once it joined and I logged on with her domain account, I couldn't get it to see the internet. This hurdle I never ended up figuring out.

So, then I moved on to my computer hoping I would have better luck. But, luck was not in my cards for my computer. I couldn't even get it to give me the chance to join the domain. Whenever I would bring up the computer properties, the Network ID button would be grayed out, and it would not even give me the option to change from a Workgroup to a Domain. After researching this some, I found out that it is something that isn't easily fixed, but I could not find any information on how to fix it.

Oh well, at least I got the domain server up, running, and a computer to join it (even if the computer could not access the internet). That is much farther than I have gotten in the past!

Post by **YeOldeStonecat** » Wed Dec 13, 2006 8:35 am

Is DHCP disabled on the router?
If you run an IPCONFIG /ALL from the workstations..what info do they get?

DjSin · Post by **DjSin** » Wed Dec 13, 2006 10:01 am

Yeah, I made sure DHCP was off on the router (I got the sense from reading the forums here that it causes a lot of problems, so it was one of the first things I did). I will get an exact print out of what '/ipconfig all' shows tonight when I get home. I do remember that it was showing some weird IP that was nowhere in my designated IP range if I left the computer to try to obtain its own IP address from the server. That was when it wouldn't ping the server or router at all. But, once I set a manual IP on the system, it connected to the domain fine (but still would not go out to the internet).

koldchillah · Post by **koldchillah** » Wed Dec 13, 2006 3:32 pm

Did you "authorize" your dhcp server from within the snap-in? If you didn't then it won't hand out IP addresses and your computers will receive a private Microsoft address of 169.x.x.x

OR, if you authorized your dhcp server before disabling it in the router, the server may automatically de-authorize itself if it detects the dhcp service coming from the router, even if it was only for a brief moment.

DjSin · Post by **DjSin** » Wed Dec 13, 2006 4:32 pm

A lot of this is new to me, so I am not sure about some of the terminology. How would I go about checking this, and then making sure that it is authorized? And what exactly do you mean by the 'snap-in'?

koldchillah · Post by **koldchillah** » Wed Dec 13, 2006 5:47 pm

In the DHCP snap-in, right-click the server and there should be an option to "authorize". Also you'll notice a green arrow over the server icon if it's authorized and a red arrow if it's not.

An mmc snap-in is what all those control panels are called. For example, if you right click "My Computer" and select 'manage', you'll be opening a big MMC snap-in called "Computer Management" that has lots of control options for various things including DHCP. Otherwise you can access the DHCP snap-in by going to START>Administrative Tools>DHCP on the server.

DjSin · Post by **DjSin** » Wed Dec 13, 2006 8:11 pm

Ok, I went into the router, turned off DHCP mode. Then I went into the DHCP snap-in on my server, and authorized the DHCP server. I then connected to the domain on my wife's computer (connected in a snap), and proceeded to try the internet. It still would not let me touch anything beyond my router.

I could ping the server with my wife's computer. I could ping the router also, but when I tried to ping anything beyond the router, it would time out. Here is what my /ipconfig all shows on my wife's computer:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\administrator.SINNET>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : homedt-02
Primary Dns Suffix . . . . . . . : sinnet.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sinnet.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter

Physical Address. . . . . . . . . : 00-07-**-**-**-**
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.5.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.5.5
DNS Servers . . . . . . . . . . . : 192.168.5.5
Primary WINS Server . . . . . . . : 192.168.5.5
Lease Obtained. . . . . . . . . . : Wednesday, December 13, 2006 7:56:38
PM
Lease Expires . . . . . . . . . . : Thursday, March 22, 2007 7:56:38 PM

C:\Documents and Settings\administrator.SINNET>

koldchillah · Post by **koldchillah** » Wed Dec 13, 2006 9:32 pm

your missing your router's IP address under "Default Gateway".

1. Go back into the DHCP snap-in and take another look at your scope options, listed under the Scope.

2. Rt-click anywhere out in the blank white space on the right column of the snap-in and you should get a sub-menu with "Configure Options".

3. Add the IP address of your router under available option # 003 - Router

4. Rt-click the root "DHCP" w/ the icon and under "All tasks", select restart.

5. Run the command: ipconfig /release followed by ipconfig /renew on both your workstations.

6. Attempt to connect to internet on workstations.

DjSin · Post by **DjSin** » Wed Dec 13, 2006 9:56 pm

That fixed it. Here I am, logged onto my wife's computer, under an account that is on the domain, and accessing the internet. Thank you very much guys!

One workstation down. Now, I just need to figure out how to get the 'Network ID' button under the Computer Name part of my main to computer to no longer be greyed out so I can add it to the domain.

koldchillah · Post by **koldchillah** » Wed Dec 13, 2006 10:53 pm

DjSin wrote:Now, I just need to figure out how to get the 'Network ID' button under the Computer Name part of my main to computer to no longer be greyed out so I can add it to the domain.

Are you logging into Windows with an administrator account?

Also, you are running Windows XP Pro, not home edition, correct?

DjSin · Post by **DjSin** » Wed Dec 13, 2006 11:24 pm

Actually, my main PC is running Windows XP MCE 2005.

I have my personal account set as an administrator, but I have also tried logging into the default Administrator account. Neither one works.

koldchillah · Post by **koldchillah** » Wed Dec 13, 2006 11:41 pm

DjSin wrote:Actually, my main PC is running Windows XP MCE 2005.

There's your problem.

according to the gospel of Bill: "While you can access network resources on a work network or a domain, you cannot join a Windows XP Media Center Edition 2005 PC to the domain."

http://www.microsoft.com/windowsxp/medi ... n/faq.mspx

DjSin · Post by **DjSin** » Thu Dec 14, 2006 8:15 am

Heh, great. Well, I know what I need to do this weekend then. Time to reformat, and install my old copy of Windows XP Pro.

Thanks for your help. Other than the XP MCE problem, everything else seems to be working fine. Now I just need to play around with administration settings for the computers. Figure out how to remote manage a PC and what kind of restrictions and such I can put on it. I can do this with my wife's computer, so it should be a good learning experience.

willyf · Post by **willyf** » Mon Dec 25, 2006 11:17 am

========================
video applications,
there're people who say
they can see visions
with tarot reading
http://www.tarotcard-psychic.com
i would like to stream that