wintechie
asked on
Windows 2000 security
Presently we have a workgroup enviornment with 25 systems on win2k proff and win xp proff.A Linux firewall is setup for
interent access with Iptables and nating.Hence all the users have internet access.Some policy changes are needed and I want do a setup with the following groups and the security features needed are as below.
Groups
Research
Development
Support
Mktg
Finance
1)No group should be able to access the resources of each other ,except the users in its respective group.
2)Internet access only for support and mktg.
3)Other groups to have mail access only ,but no internet access(How should i go about this ,was thinking of installing
Mdaemon mail server)
4)Each group will probably have its own file server
5)A person from one group may have permission to access resources of other groups(if such an option is possible)
6)VPN access (client access) to connect to vpn server.
7)CAn i go in for a firewall based router which will have also have a VPn module at the internet gateway.
I had thought of 2 solutions ,one pertaining to creating a single windows 2000/2003 domain enviornment and second using
Vlan.I m not sure which one will work,hence kindly go thru and let me know if any other method is avialble to achieve the
following.
If i go in for a vlan enviornment ,and use a single Layer 3 switching device ,is it possible for me to access a particular
group if required .But i will need to install windows 2000 on each of the groups as a domain.A they will be in different
subnets ,will it be possible for me to coonect the domains if required.
If i go in for a single windows 2000/2003 domain enviornment ,where i will create ous .Is it possible for me to prevent the
users of say Support Ou to access the computers of say Development OU.
I have a diagram ,which will expalin it clearly ,but how do i add it here?
interent access with Iptables and nating.Hence all the users have internet access.Some policy changes are needed and I want do a setup with the following groups and the security features needed are as below.
Groups
Research
Development
Support
Mktg
Finance
1)No group should be able to access the resources of each other ,except the users in its respective group.
2)Internet access only for support and mktg.
3)Other groups to have mail access only ,but no internet access(How should i go about this ,was thinking of installing
Mdaemon mail server)
4)Each group will probably have its own file server
5)A person from one group may have permission to access resources of other groups(if such an option is possible)
6)VPN access (client access) to connect to vpn server.
7)CAn i go in for a firewall based router which will have also have a VPn module at the internet gateway.
I had thought of 2 solutions ,one pertaining to creating a single windows 2000/2003 domain enviornment and second using
Vlan.I m not sure which one will work,hence kindly go thru and let me know if any other method is avialble to achieve the
following.
If i go in for a vlan enviornment ,and use a single Layer 3 switching device ,is it possible for me to access a particular
group if required .But i will need to install windows 2000 on each of the groups as a domain.A they will be in different
subnets ,will it be possible for me to coonect the domains if required.
If i go in for a single windows 2000/2003 domain enviornment ,where i will create ous .Is it possible for me to prevent the
users of say Support Ou to access the computers of say Development OU.
I have a diagram ,which will expalin it clearly ,but how do i add it here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can use the system at http://www.ee-stuff.com; log in and then click on the Expert Page tab. It works, and we're not going anywhere so you can be assured that the diagram will remain a part of the question.
From here:
https://www.experts-exchange.com/questions/21817620/Please-let-us-insert-images-into-the-posts.html#16508782