?
Solved

Domain/Workgroup setup

Posted on 2012-09-04
25
Medium Priority
?
1,175 Views
Last Modified: 2012-09-16
I need some advice on setting up a small network within my office. I want to setup a server, I have Win Server 2003 SBS, I would like to give some of my systems access to the server, so I'm thinking Domain.... but then I want to be able to have some of the systems that are not joined to the domain, but can access shares on the server and the internet, or shares on some of the workstations which are part of the domain.  
   Is this even an option?  If so, what particulars do I need to setup?
0
Comment
Question by:Jeff Perkins
  • 11
  • 6
  • 5
  • +1
25 Comments
 
LVL 17

Accepted Solution

by:
bigeven2002 earned 1000 total points
ID: 38366166
Hello,

SBS 2003 creates an AD domain and DHCP as part of its setup so non-domain isn't really an option without some complex tweaking.  Turning it into a File server is quite simple with the Configure your Server wizard that starts up with it.   Make sure your DHCP scope is setup to point the workstations to the right gateway and DNS so they can access the internet.

Some of the workstations can still be off the domain although it makes accessing shares slightly more difficult.  In order for workstations to join a domain, they have to be a "pro/business" or "ultimate" version or Windows.

For workstations that are not on the domain, in order for them to access shares on the server and other workstations, they have to connect to those shares with a username and password that exists on the server or the domain workstations.  The login is usually in the form of :

domain\username
password

This link explains the login a bit more in depth:

http://serverfault.com/questions/258808/is-it-possible-to-provide-access-to-a-domain-resource-to-a-non-domain-user


Permissions to these shares will need to be set in two places, in the Share tab and the Security tab.  This link explains those permissions:

http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml

Internet access should work regardless of domain connection or not as long as the workstation gets a DHCP address from the SBS server or has the connection settings setup manually.

My recommendation is if all Windows OSes involved are pro or ultimate versions, and your SBS license allows for enough Client Access Licenses, then join all the workstations to the domain.  That way, you can manage user accounts from one location and the server can assign IPs accordingly.  For shares on other workstations, the link below covers windows 2000 server share, but the same steps should apply to workstation shares:

http://support.microsoft.com/kb/301198
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38366257
Part of the reason for not wanting all systems on domain, is I have client computers that come in, that I need to access various resources on my network, hence the shares that I want to access via the network, these systems run the gamut from xp home, mce, vista all flavors to win7 all flavors.... so joinng the domain is not even an option at times....
So do I have to let my sbs be the dhcp server, or can I use the router/firewall for that?  Also, how about dns, I know that in a domain/AD situation the AD server is the dns server for the workstations.... what is best route in this case?
0
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 500 total points
ID: 38366292
SBS works REALLY REALLY WELL... WHEN you use the wizards.  The wizards REQUIRE that SBS runs DHCP.

Active Directory - by it's very nature - REQUIRES DNS services.  If you don't make the clients use the AD DNS, they could have issues finding network resources.  Since the SBS server would provide DNS to the workstations on the domain, there's really no point in having another DNS server specified... (Can you think of a reason?)

Keep licensing in mind.  Each HUMAN BEING accessing the server requires a license.  Doesn't matter if they are connecting from a workstation on the domain or not.  And licensing is not for concurrent connections, so it's not going to make a difference if you have 5 CALs and never have more than 5 people using the server while you have 25 different human users.
0
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

 
LVL 17

Expert Comment

by:bigeven2002
ID: 38366750
Ok that makes sense that outside client computers are involved.  Like leew said, use DHCP on SBS instead of your router.

As for DNS, same as with domain workstations, DHCP will assign the SBS DNS server to non-domain computers when they are connected.  This is needed if you plan to access shares by host name instead of IP address.

Since SBS is running all the vital services, make sure it has some protection from failure such as using RAID for your disks and twin Network cards in teaming mode and very strong virus and malware protection.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 38367749
Considering that SBS 2003 is decade-old technology, you may want to spring for SBS 2011 Essentials.  Since you have not stated that you are looking to use SBS 2003's Exchange Server, this would be a much better option and much simpler to administer.

Additionally, SBS 2011 Essentials allows all of your current client OS's to join the domain (including HOME versions).  The server license is less than $400, and you can run it on fairly simple server hardware.  Furthermore, it allows up to 25 users with NO CAL requirements.

@bigeven2002:  teaming NICs on SBS 2003 is not really an option unless you want to break all of the configuration wizards

Jeff
TechSoEasy
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38369876
Wow, lot's of info.  Ok, TechSoEasy,  not springing for 2011, even though I have a macpac subscription and don't have to pay for server, I would have to pay for additional hardware, as 2011 won't run on my older server.
   I'm not really in need of any of the additional bells and whistles that come with 2011, not until the budget is overflowing with hardware upgrade money anyway.  
  I am also intending to setup the EXchange 2003, which is going to be the main purpose of my sbs server, I have never played with it before, and want to set it up and learn how to use, configure, and maintain it.  The use of the server to host a few file shares is the only other thing it's going to be used for.  
   I do have dual nic cards in the box, but one of them evidently is disabled at the bios level, I have't explored that yet, but it's not showing up in dev mgr.  
   That was going to be one of my questions on how to use that best?  
   
  LeeW, I'm not much on wizards, been geeking for 20 years and prefer to do it the hard way, although at times a wizard may make it more efficient or easier, I don't learn as much that way, which is why I do most of what I do like this.  
  I don't intend for the server to be the backbone of my network, as it typically is.  I have a small shop with 2 users besides myself, security isn't the issue, it's very much a landing place for things that don't get taken care of on site.  I want tosetup exchange to become familiar with it, but dind't want the server to have to be running for my network to function,, with the exception of my email obviously.  
 
  I do occasionally see a  Linux box, or a Mac box that will require at least internet access on my network.  And I run a wireless router for the testing of those as well.  I don't think this comes into play in this scenario, but wanted to throw that out there just in case.  I'm quite green on the server side of things, but can peer to peer and workgroup with tcp/ip, ipx, and even netbui, with the old hands....

The server has a raid 10 setup, for both performance and redundancy.  Drives are cheap now days. No scsi, but I'm not a very large network with big needs either....
    Ok, so I setup the domain on the server, and then part off the drive and have a section that I setup shares for access even for those systems that are not on the domain?  I setup dhcp on the server which in turn lets me setup my domain clients with 'obtain auto' and no need to specify the dns?  
  And the non domain clients will get dhcp from the server and have access to internet, and how do i setup the shares that are accessible to all on my network?  Can I do this without having the stray boxes on a particular workgroup?  or do I have to join them to workgroup to access shares?  
   
 For virus, I use ESET Nod32 endpoint, and Malwarebytes for antimalware.
0
 
LVL 17

Assisted Solution

by:bigeven2002
bigeven2002 earned 1000 total points
ID: 38370780
Sounds like the 2nd NIC is disabled in the BIOS.  As far as teaming, I did have an SBS server setup a while back that ran on an HP Proliant server and I teamed both NICs and did not have any issues, but perhaps I was lucky.  Also, I tweaked it to be a member server of an existing domain rather than a controller itself.

As for your question on domain clients being setup to auto obtain IP and DNS, correct, no need to specify DNS as DHCP will provide it.

For shares to be accessible by domain and non-domain clients, the permissions of the shared folders will have to be set to allow the Domain Users group for domain clients, and a specific account for non-domain clients.  

Here is where it can get tricky, first, will all shares be from either the server or domain clients?  Or are there going to be any shares on non-domain clients?  If all shares are on domain only clients, then this simplifies things.

In that respect, the specific account for non-domain clients can be a shared domain account that you setup, e.g. a username like shareduser with password share123.

For non-domain clients to connect to shares, they would reference that account when connecting to the share.  This is probably easiest with a script to temporarily map a network drive to the share:

net use X: \\sharehost\sharedfolder /u:domain\shareduser share123 /persistent:no

Open in new window


If not using a script, then when a non-domain client attempts to connect to \\sharedhost\sharefolder, then it should prompt for login where the user would key in domain\shareduser for username and share123 for password.  They will have to re-authenticate periodically.
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 38370830
LeeW, I'm not much on wizards, been geeking for 20 years and prefer to do it the hard way, although at times a wizard may make it more efficient or easier, I don't learn as much that way, which is why I do most of what I do like this.  

I understand that - Before I left to do consulting full time, I worked for a large biomedical research institution that had me always trying to find a solution with the resources I had.  Not always - probably not often even - best practices.  When I went consulting full time, after 10 years managing windows systems and feeling exactly the same way about wizards, I setup my first SBS 2003 server.  I destroyed it.  SBS is NOT just a bundling of Windows Server and Exchange.  It's an INTEGRATED package that REQUIRES the use of the wizards to ensure it runs properly... not to let you manage it easily - that's a side benefit.  If you want to hack around, go buy the full products (that assumes you have money to waste since SBS saves you considerable dollars on a full Server and Exchange license).  Otherwise, trust me - look at my profile - I've YEARS of experience - USE THE WIZARDS!
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 38370887
To add on to what Leew stated above, ALWAYS USE THE WIZARDS with SBS.

EE Member cgaliher posted a great comment a few months ago which spoke to this issue about the best I've ever read:  http:Q_27451559.html#a37149324

Jeff
TechSoEasy
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38373315
Ok, I'm sold, and don't have to read your profile Lee, i'm familiar with your expertise, and don't question it.  The article reaffirms it, but once you told me the way you did, I was convinced. I am just so used to geeks steering non-geeks (wizards are generally great for that), that I tend to automatically steer clear of any sort of wizard. Part of that is having control and knowing what is going on in the background, which helps me to fix it when it breaks.  But the reality of the fact that exchange and dc and everthing else on one box isn't such a great idea, I can see the logic in using the wizards to keep it all together.  Thanks for the advice, and I will follow it.
    As for the full blown stuff, I'll play with that later, I just took this server in on a trade and figured I may as well get some use out of it.
   I've been unhappy with my IMAP service on my hosted email, so thought I would see how well exchange works. Should be fun trying anyway.
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 38373530
It probably took me two years and dozens of conflicting comments from Jeff before I finally  was able to look for a "wizard way" of doing things rather than a non-wizard way if the wizards weren't immediately obvious.  If I thought I could change setting x manually vs. re-running the wizard and it SHOULDN'T affect something, I initially wanted to change setting x.  Eventually you realize and learn that, with SBS, ALWAYS look for a wizard - ASK if there's a wizard... and in the end, if there isn't one, THEN change setting x.  

(Coming from an enterprise background, it's annoying as heck... but for a STABLE, reliable system, it's what you have to do).

I'll also add, for other clients, it's absolutely the best thing to do.  When working on client systems, you want to do things by the book as much as possible.  That doesn't mean there won't be occasions where you have to deviate, but it's VERY IMPORTANT that in ANY network, you do things according to standard whenever possible so that, if you get hit by a bus, the guy walking in tomorrow doesn't stand there, otherwise FULLY qualified, and scratch his head, "what the heck did this guy do?"
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 38375758
FYI, if you want to know "what's going on in the background" there are a few great ways to learn about what the wizards do.  First, on the every page of the wizard is a "More Information" button which leads to a help page that describes exactly what that step does.

Second, on the very last page of every wizard at the very bottom is a line which says:
"For detailed information about the tasks, or to print, save, or e-mail the information, click here".  As it says, this is detailed info about what was just modified.

Lastly, there are very detailed logs created every time you run a wizard.  You'll find these in %sbsprogramdir%\Support.  One of the most useful wizards, the Configure Email and Internet Connection Wizard (CEICW) actually creates both an html report as well as a vbs file every time the wizard is run.  If you want to revert to a previous setting you can just run the vbs file and it will reset things according to how the wizard was run that particular time. (These are found in %sbsprogramdir%\Networking\ICW\)

A complete list of log file locations can be found here:
http://blogs.technet.com/b/sbs/archive/2005/11/14/414454.aspx

Jeff
TechSoEasy
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38384034
Ok, ran the eicw or whatever wizard last nite.... and today after restarting a workstation I cannot access the internet?   Since I'm using wizards I'm pretty much lost as to where to go to fix what might be broken?
Any help would be appreciated, but this is what i didn't want, I do not want to join all of these systems to domain to make internet work....
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38384138
if I set a static ip on my workstation, I can get on the internet, but the systems are not getting an ip from the server.... i went looking for dhcp on the server, but cannot find it, and not sure what wizard to look for?
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38384751
Comeon guys, don't leave me hanging out here.
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 38384957
On the server, go to Control Panel > Administrative Tools > DHCP.  Make sure it is set to "Authorized".  Right-click on the server itself under DHCP heading and select Authorize.  It's icon should have a tower with a green arrow pointing up if the scope is active.  Also, under address pool, make sure you have the start and end Ip addresses listed and that scope options are completed for 003 router and 006 dns servers.
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38384969
Well that's what I thought bigeven, but when going to administrative tools> there was no dhcp.  I'm still not a big fan of the wizards.... but I'll say maybe I made some sort of mistake on setup, or maybe it was just a glitch, Lord knows I've seen enough of those in 17+ yrs.... so after further investigation, I discovered that the dhcp service was not even installed....
    I'm not sure if there was some other wizard that I should run, but after not being able to find one, I went to control panel, and added the dhcp server in via windows components.... I did run that wizard, and once that was in, I was able to go and reset my client systems to auto dhcp and am now connected.  
   I've got some configuring to do now, setting up AD users and such, and will report back once i get that done, or run into another BLITCH  I mean GLITCH. <SMILE>  
  PS- Lee if I did this wrong, tell me where the wizard is I should use and I'll go back and do it over.....
J
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 38384995
Sounds good, glad you got it working.  We'll do our best to be here for you.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 38385389
There's no DHCP because you had one running already on your network and SBS detected that so it disabled it's own.  But you really DO want DHCP running on your SBS so make sure you disable the one already there (probably in your router).

Jeff
TechSoEasy
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38386454
Jeff,
You are right, I wondered why it turned off automatically, and I did disable it in the router, before installing it on the server. Then ran the eicw wizard again to get internet up and running. I'm assuming my next task is to setup my users. There are a few questions I'm not positive about in that wizard, for instance I have many computers that I personally use, such as my main desktop and my secondary desktop, my laptop, my netbook, and so on.... when I run the add user wizard in AD it asks me if I want to setup the client computer... how do I handle this with multiple systems?
   Also, we have a desktop called Bones, that we use for mulitple purposes, data recovery, backing up crashed hard drives and such, myself and my techs use it at various times throughout the day, what is the best way to handle this system? Should I put it on the domain? I was thinking of doing it because it will make access to various resources easier... but I'm not sure how to handle it. I obviously don't want to limit it by having each of us have to login every time we walk up to it.... perhaps a general tech login?  
  Thanks for all the help and advice.
If you ever get over to God's country, holler at me, I'll buy you llunch.
Jeff
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 38386880
Since you really have a ton of questions about setting up the server it would be best if I pointed you to what I used when I was learning about SBS 2003.  Harry Brelsford's book, Windows Server 2003 Best Practices (which you can get from Amazon used for about $4.00 including shipping:  http://rdsrc.us/syC09h)

Not only is it a great guide to learn from, but it will help you understand how setting up an SBS is a fairly standardized process.  Unlike standard Windows Servers which can be configured a thousand different ways to server a thousand different purposes, SBS is designed to be used in a specific way -- as the backbone server of a small office network that generally has only one or maybe two servers.

During it's lifespan, I deployed over 125 Small Business Server 2003 networks and I never did so without having that book in front of me, following the same steps each and every time.  The result was that those networks performed wonderfully, and about the only major problems came from faulty hardware.

So my suggestion is that you get your hands on the book, and follow the steps so you'll know what you should configure and how you should do it.  

That being said... the SBS Management Console's front screen is the installation "TO-DO LIST" which lists all of the major steps needed to set up an SBS 2003 based network.

Jeff
TechSoEasy
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38389161
Ok, thank you again, ordered the book, now in the meantime, if I try to add my win7 box using http://<servername>/connectcomputer   I get page not found....
0
 
LVL 15

Author Comment

by:Jeff Perkins
ID: 38389262
Whew, ok, did some digging, found an update for server 2003 that is supposed to fix win7 and vista system compatability on this problem.... installed it, restarted both server and client, still no go...
  Dug further, found a post that indicated IIS web pages were not started... sure enough, the companyweb and the default web site were stopped.... started both of these and bingo, client connects....
 What was wrong that the wizard didn't start these?  How did I manage to miss this?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 38389633
Various Windows updates can cause that type of problem... since SBS 2003 is so old now it's definitely prone to that type of behavior.

Jeff
TechSoEasy
0
 
LVL 15

Author Closing Comment

by:Jeff Perkins
ID: 38403754
Many many thanks to all who contributed, I truly appreciate the help.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question