bvmittal
asked on
Folder Sharing Right Approach
We have a network (LAN) of around 100 PCs connceted together under a same WorkGroup . Many times PCs user are required to Share their Folders with their other departmental users . To share Folders earlier we allowed the users to Share Folders using NetBui protocol . But this resulted into following problems :
a) Netwrok Traffic increased very high . While analysing the Network Traffic we found there was huge network traffic for UDP data pacakets .
b) If we run netwatch command on PC then found that many users are connected to the individual desktop
c) It also created Virus related issues . Although we had installed Trend-Micro officescan on the Desktop .
Looking into these we had stopped Folder Sharing .
Kindly guide us that what is the right method for Sharing the folders .As it is very much required to our users .
Rgds
B Mittal
a) Netwrok Traffic increased very high . While analysing the Network Traffic we found there was huge network traffic for UDP data pacakets .
b) If we run netwatch command on PC then found that many users are connected to the individual desktop
c) It also created Virus related issues . Although we had installed Trend-Micro officescan on the Desktop .
Looking into these we had stopped Folder Sharing .
Kindly guide us that what is the right method for Sharing the folders .As it is very much required to our users .
Rgds
B Mittal
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks rmrustice for the nice recommendation .
My problem is that I have never configured Active Directory / DNS /DHCP and File Server . May I request you to please suggest the guideline for doing this else suggest me some good text book to refer please .
Regards
B Mittal
My problem is that I have never configured Active Directory / DNS /DHCP and File Server . May I request you to please suggest the guideline for doing this else suggest me some good text book to refer please .
Regards
B Mittal
You are welcome.
Well, its not such an hard task, but its recommended to have some official Windows classes (Microsoft Official Curriculum). But I'll try to give you the general guidelines:
1. Plan your DNS and DHCP beforehand.
Make sure that your network setup is fine and that your clients can receive automatic IP address with the correct options (which you setup inside DHCP Manager), like Default Gateway, DNS Servers addresses and Domain name (DNS domain name). Make sure yours servers have static IP Addresses (non DHCP).
for DNS, never setup a top level domain, like "mydomain", but choose a regular domain like "mydomain.corp" or "mydomain.com". Create a foward (name to IP) and a reverse zone (ip to name). Enable automatic update of DNS records. From prompt, test your configuration with NSLOOKUP utility.
2. Run DCPROMO at server
Now that your network infrastructure is fine, you can promote your regular server to an Active Directory model. Run DCPROMO from command prompt or Start/Run and follow the wizard. Choose all settings that tell "New". New domain, new forest, new everything. On the domain name, write your DNS domain name "mydomain.com". Complete the wizard and reboot. Now, you have an AD.
4. Create users and groups
On your new AD server, open Active Directory Users and Computers and create users and groups. You can create them on the folder "Users". Later, you'll find another interesting concepts like OUs and so on. But now, do the simple.
4. Join your computers do domain
Log in as a local administrator. Right click "My Computer" and go to the computer identification. Change from a Workgroup to Domain and type your full DNS domain name "mydomain.com". Give the username to your users and let him log on to the new domain. You must change the combo box in the login screen to match your domain name.
5. Copy sensitive data to the server
Now that everything is up and running, start copying user data to the file server and setting up the apropriate permissions to users and groups.
That's the general guidelines. You can look for those terms in google or just come on here and ask up in each step. It you be a pleasure to help.
Best regards.
Well, its not such an hard task, but its recommended to have some official Windows classes (Microsoft Official Curriculum). But I'll try to give you the general guidelines:
1. Plan your DNS and DHCP beforehand.
Make sure that your network setup is fine and that your clients can receive automatic IP address with the correct options (which you setup inside DHCP Manager), like Default Gateway, DNS Servers addresses and Domain name (DNS domain name). Make sure yours servers have static IP Addresses (non DHCP).
for DNS, never setup a top level domain, like "mydomain", but choose a regular domain like "mydomain.corp" or "mydomain.com". Create a foward (name to IP) and a reverse zone (ip to name). Enable automatic update of DNS records. From prompt, test your configuration with NSLOOKUP utility.
2. Run DCPROMO at server
Now that your network infrastructure is fine, you can promote your regular server to an Active Directory model. Run DCPROMO from command prompt or Start/Run and follow the wizard. Choose all settings that tell "New". New domain, new forest, new everything. On the domain name, write your DNS domain name "mydomain.com". Complete the wizard and reboot. Now, you have an AD.
4. Create users and groups
On your new AD server, open Active Directory Users and Computers and create users and groups. You can create them on the folder "Users". Later, you'll find another interesting concepts like OUs and so on. But now, do the simple.
4. Join your computers do domain
Log in as a local administrator. Right click "My Computer" and go to the computer identification. Change from a Workgroup to Domain and type your full DNS domain name "mydomain.com". Give the username to your users and let him log on to the new domain. You must change the combo box in the login screen to match your domain name.
5. Copy sensitive data to the server
Now that everything is up and running, start copying user data to the file server and setting up the apropriate permissions to users and groups.
That's the general guidelines. You can look for those terms in google or just come on here and ask up in each step. It you be a pleasure to help.
Best regards.
I realize this was to be general general but don't forget to share the folders you've copied to the server and set permisisons on the shares. When it comes to that let's say you have a C: and D: drive on your server. On the D: drive create a folder called \SHARED Copy the files/ folders to be shared to the \SHARED folder. While there are many ways to structure your shares, here's an example
D:\SHARED
D:\SHARED\ACCOUNTING
D:\SHARED\NEWBUSINESS
Then you can create a login script called LOGIN.BAT (or any name you'd like) and it's contents would be:
@echo off
net use S: \\<SERVERNAME>\SHARED
Then in each Active Diretory user profile make sure you put "LOGIN.BAT" in their PROFILE tab where it says "Login script"
Then each user would have an S: drive (S for shared!) and on that they would see many folders. You would set up permissions on each folder under \SHARED that you want to restrict access to. For \SHARED itself I would leave the permission open so a user could create a new folder on their S: drive.
Alternately you could share just \ACCOUNTING and have that mapped for the Accounting dept, share \HR and map that just for the HR dept, but if that as the case your directory structure should look like:
D:\SHARED <------- share this - everyone gets this mapped, i,e. S:
D:\HR <------- share this - only HR gets this mapping, i,e. R:
D:\ACCOUNTING <-------- share this - only accounting gets this mapping, i,e. T:
The reason not to keep \HR and \ACCOUNTING under \SHARED is everyone wll see the \HR and \ACCOUNTING folders even if they don't have access to it (you can actally *hide* them but that effort gets complex and tough to troubleshoot later), if it's not under \SHARED then only the mapped departments will even know those folders exist. The reason I have HR and Acccounting examples as different drives you never know if someone might need both R: and T: mapped, so a division president might have R: S: and T: drives, while a mere accountant would have just S: and T:
Another convention I use is having a D:\INSTALL folder and I map users' I: drive (I for Install) so I now have a central installion point to copy installation CD's to it (MS Office, Acrobat Reader, etc). For I: you give users Read Only.
For users' home directories I assign the letter H: (for home). This can be set at each users' Active Directory profile or the login script.
How you initially set up your directory structure and shares will have a huge effect on how much effort it takes to administer the shares later.
D:\SHARED
D:\SHARED\ACCOUNTING
D:\SHARED\NEWBUSINESS
Then you can create a login script called LOGIN.BAT (or any name you'd like) and it's contents would be:
@echo off
net use S: \\<SERVERNAME>\SHARED
Then in each Active Diretory user profile make sure you put "LOGIN.BAT" in their PROFILE tab where it says "Login script"
Then each user would have an S: drive (S for shared!) and on that they would see many folders. You would set up permissions on each folder under \SHARED that you want to restrict access to. For \SHARED itself I would leave the permission open so a user could create a new folder on their S: drive.
Alternately you could share just \ACCOUNTING and have that mapped for the Accounting dept, share \HR and map that just for the HR dept, but if that as the case your directory structure should look like:
D:\SHARED <------- share this - everyone gets this mapped, i,e. S:
D:\HR <------- share this - only HR gets this mapping, i,e. R:
D:\ACCOUNTING <-------- share this - only accounting gets this mapping, i,e. T:
The reason not to keep \HR and \ACCOUNTING under \SHARED is everyone wll see the \HR and \ACCOUNTING folders even if they don't have access to it (you can actally *hide* them but that effort gets complex and tough to troubleshoot later), if it's not under \SHARED then only the mapped departments will even know those folders exist. The reason I have HR and Acccounting examples as different drives you never know if someone might need both R: and T: mapped, so a division president might have R: S: and T: drives, while a mere accountant would have just S: and T:
Another convention I use is having a D:\INSTALL folder and I map users' I: drive (I for Install) so I now have a central installion point to copy installation CD's to it (MS Office, Acrobat Reader, etc). For I: you give users Read Only.
For users' home directories I assign the letter H: (for home). This can be set at each users' Active Directory profile or the login script.
How you initially set up your directory structure and shares will have a huge effect on how much effort it takes to administer the shares later.
Any update on this?
If you go this route the File & Print server should not just be a desktop but a proper server: drives with RAID 5 (hot swappable). Raid 5 allows a drive to die without any data loss/down time.
To save money on hardware/software you can get by with two servers - on as the domain controller / DHCP server the other can be the other domain controller as well as the file/print server, (this would save you the hardware for it and the $500 or so for a Windows 2003 Server license). Of course then you need to set up / have someone set up Active Directory, DNS and DHCP for you but in the long run you will save an immense amount of time as all your shares and files will be in once place for administration and easse of backup.
Also sharing from the server will prevent anyone from accidentlaly sharing their desktop or other unintended share.