Recommended setup to filter all internet traffic through Server 2003
Hello. Thank you for your help in advance.
I currently have a server (with 2003 Standard) hosting a domain. Once I have joined all the workstations onto this domain, I'd like all internet requests processed through this server so that I may track usage and limit access to certain sites. I'd also like this server to run DHCP.
I believe I need to setup a DNS role on this machine? If so, can you please provide me some information on how to set this up (as far as the settings I should configure it with, I am familiar on how to run setup etc) . The DNS service will only be used within the local network.
^ If I have this wrong, what is the recommended setup to achieve this goal? I know I can limit sites in the router itself but tracking and logging usage is very important.
** I will also add a VPN Server role on this machine once I have the above clarified **
Any recommendations on a typical setup and information to other resources is much appreciated.
Thanks.
I currently have a server (with 2003 Standard) hosting a domain. Once I have joined all the workstations onto this domain, I'd like all internet requests processed through this server so that I may track usage and limit access to certain sites. I'd also like this server to run DHCP.
I believe I need to setup a DNS role on this machine? If so, can you please provide me some information on how to set this up (as far as the settings I should configure it with, I am familiar on how to run setup etc) . The DNS service will only be used within the local network.
^ If I have this wrong, what is the recommended setup to achieve this goal? I know I can limit sites in the router itself but tracking and logging usage is very important.
** I will also add a VPN Server role on this machine once I have the above clarified **
Any recommendations on a typical setup and information to other resources is much appreciated.
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you could give up some things as you are administering a small network with only about 15 PCs, you may still have a MS solution without using ISA. to use ICS instead. it is NOT recommended by MS as it has no domain based security.
ICS stands on Internet Connection Sharing, which allows you "to use Windows Server 2003 to connect a small office network or home network over the Internet. ICS provides Network Address Translation (NAT), IP addressing, and name resolution services for all the computers on a small network". briefly, to share your internet connection for a small network, hence its name.
ICS works with ICF (Internet Connection Firewall) to protect your internal network against the internet.
you may simply put an ICS/ICF enabled W2K3 computer between your external router and internal network, where the ISA server is located in my last post, because the ICS/ICF computer has the same role as ISA server, but with VERY limited functions. you cannot use AD to authenticate users to access the internet, but you can log everything as you expect because ICF is considered a "stateful" firewall.
the log is text based, and in a limited size you specify. you may track the internet usage by analyzing the log with some utilities such as Log Parser 2.2 from MS. to be honest, using this way to track usage might be a pain because a lot of manual procedures are involved. but it is free, and from MS. :-))
you may also consider using other 3rd party log analyzers. do a google search on "log analyzer" for more options.
the following step-by-step article describes how to install ICS on a Windows Server 2003-based computer.
How To Set Up Internet Connection Sharing in Windows Server 2003
http://support.microsoft.com/kb/324286
you may download Log Parser 2.2 from MS download site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07
hope it helps and you enjoy EE as well.
cheers,
bbao
ICS stands on Internet Connection Sharing, which allows you "to use Windows Server 2003 to connect a small office network or home network over the Internet. ICS provides Network Address Translation (NAT), IP addressing, and name resolution services for all the computers on a small network". briefly, to share your internet connection for a small network, hence its name.
ICS works with ICF (Internet Connection Firewall) to protect your internal network against the internet.
you may simply put an ICS/ICF enabled W2K3 computer between your external router and internal network, where the ISA server is located in my last post, because the ICS/ICF computer has the same role as ISA server, but with VERY limited functions. you cannot use AD to authenticate users to access the internet, but you can log everything as you expect because ICF is considered a "stateful" firewall.
the log is text based, and in a limited size you specify. you may track the internet usage by analyzing the log with some utilities such as Log Parser 2.2 from MS. to be honest, using this way to track usage might be a pain because a lot of manual procedures are involved. but it is free, and from MS. :-))
you may also consider using other 3rd party log analyzers. do a google search on "log analyzer" for more options.
the following step-by-step article describes how to install ICS on a Windows Server 2003-based computer.
How To Set Up Internet Connection Sharing in Windows Server 2003
http://support.microsoft.com/kb/324286
you may download Log Parser 2.2 from MS download site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07
hope it helps and you enjoy EE as well.
cheers,
bbao
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help everyone. All the info was very useful , all I needed was an arrow to the right direction.
Best of luck with your project.. glad we could help!
FE
FE
ASKER
I will award the points to Bbao as he/she provided a more detailed explanation or split pending on response to my above question. I'm a new EE user, this is a great community. Thanks again.