Learn how to a build a cloud-first strategyRegister Now


Windows 2000 security

Posted on 2006-04-18
Medium Priority
Last Modified: 2013-12-04
Presently we have a workgroup enviornment with 25 systems on win2k proff and win xp proff.A Linux firewall is setup for
interent access with Iptables and nating.Hence all the users have internet access.Some policy changes are needed and I want do a setup with the following groups and the security features needed are as below.



1)No group should be able to access the resources of each other ,except the users in its respective group.

2)Internet access only for support and mktg.
3)Other groups to have mail access only ,but no internet access(How should i go about this ,was thinking of installing
Mdaemon mail server)
4)Each group will probably have its own file server
5)A person from one group may have permission to access resources of other groups(if such an option is possible)
6)VPN access (client access) to connect to vpn server.
7)CAn i go in for a firewall based router which will have also have a VPn module at the internet gateway.

I had thought of 2 solutions ,one pertaining to creating a single windows 2000/2003 domain enviornment and second using
Vlan.I m not sure which one will work,hence kindly go thru and let me know if any other method is avialble to achieve the

If i go in for a vlan enviornment ,and use a single Layer 3 switching device ,is it possible for me to access a particular
group if required .But i will need to install windows 2000 on each of the groups as a domain.A they will be in different
subnets ,will it be possible for me to coonect the domains if required.

If i go in for a single windows 2000/2003 domain enviornment ,where i will create ous .Is it possible for me to prevent the
users of say Support Ou to access the computers of say Development OU.

I have a diagram ,which will expalin it clearly ,but how do i add it here?

Question by:wintechie
LVL 38

Accepted Solution

Rich Rumble earned 200 total points
ID: 16479367
You can't add the diagram here, however you could put it on a link to a webserver you have or a publicly viewable location like that.  I don't think it's necessary.
You could certainly ease your setup quite a bit with a nice firewall/router with VPN capabilities, you can also do all this on linux, however you may need to open another question on the linux security and or networking TA's

To keep others from accessing oneanothers files you would use group memberships within NTFS, and if your shares are on a 2003 server running SP1 you can even lock it down further

You don't need seperate Vlan's or even subnets for that matter to limit access. You can go that route however. You can use IPSEC rules to keep users from accessing certain resources on the network, or trying to access the internet. IPSEC filters however apply only to that machine they are installed/configured on, no matter who log's in, unless you have Active Directory installed, then you cna assign the ipsec filters to certain users accounts and they can move from workstation to workstation and have the same rules applied to them, while someone else will have different rules apply to them where ever they log in.

Expert Comment

ID: 16512714
If you want to add a diagram, this is the best procedure:

You can use the system at http://www.ee-stuff.com; log in and then click on the Expert Page tab. It works, and we're not going anywhere so you can be assured that the diagram will remain a part of the question.

From here:


Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
OfficeMate Freezes on login or does not load after login credentials are input.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question