mmthomas

Hello and good luck with your studies. Most small to mid-sized businesses will have more a generalist or two who over see all of the server roles. In most of these situations you will need to know: Active Directory with Group Policy - How and why to make new OUs. - How to make and apply group policies especially for -- password complexity -- folder redirection -- various Internet Explorer settings -- server security [*] - How to make effective groups both for the business management and for managing network access (they aren't always the same) [*] - Understanding replication [*] - Sites DNS -- you can't have AD without it. - issues of split DNS vs single DNS - AD integrated vs separate DNS - forwarding - replication - adding hosts to external DNS - mx priority DHCP - basic configuration is sufficient for most small/med businesses. Understand how DHCP works, APIPA, and how reservations work. - larger networks may need DHCP forwarding/relay or multiple DHCP servers and scopes. File Services - Know how to create shares and properly apply both Share and NTFS permissions and how the two interact - how to map drives through command line, scripts, group policy Print Services - How to install and share a printer (includes permissions) - How to map printers to clients - how to upgrade drivers on printers and clients - how to migrate printers to a new server Those are the very basics that just about every company that has a Windows AD domain is going to be using. Web servers are also very common. Terminal servers a bit less so, but still common. If you get all of the above down, you'll have a good idea of what else you want or need to know.

Yes

Hmm, I'm not sure why that link doesn't work. Cutting and pasting the link into the browser seems to work: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01802766 (Edit: Okay, I found the problem with the link. For some reason it shows above with a lowercase d in "document.jsp". When you paste the link into a browser, change the lowercase d to a capital D and it should work.) HP SUPPORT COMMUNICATION - CUSTOMER ADVISORY Document ID: c01802766 Version: 6 Advisory: (Revision) Integrated Lights-Out 2 (iLO 2) Firmware Version 1.81 (Or Earlier) And iLO 2 Management Controller Driver Version 1.11.1.0 (Or Earlier) - ProLiant Server May Unexpectedly Reboot And Display Event ID 57 Error Messages Release Date: 2010-05-05 Last Updated: 2010-05-05

Try looking at your HP Integrated Management log. You may have an ASR or driver issue and need to upgrade (or downgrade) the ILO firmware and drivers. I've seen several reports of similar issues around the web. There is a thread on the HP boards and an HP advisory notice on unexpected reboots. Though, of course, your issue could be unrelated.

Active Directory requires DNS, so if you got a domain controller installed you have DNS somewhere. If you didn't have DNS before, then it will be installed on your domain controller by default during the active directory installation. If your DHCP is giving out addresses, but no gateway, then go to the Administrative Tools and DHCP tool. Expand your server, expand IPv4, expand your scope, then click on scope options. The gateway scope option is "003 Router." If you don't see it in the right window with the DNS server, then right-click on Scope Options and select "Configure Options." In the General tab under available options, find and check "003 Router." When you click the check box the bottom of the window will change to allow you to put in the gateway. You can ignore the "Server name" text box and skip down to "IP address" and put your router IP address there.

Start with using gpresult.exe or rsop.msc on one of the machines and see if your policy is listed as being applied. Also, check your event logs for errors when the machine is trying to process the policy.

You don't have to have your DC running DHCP, but it does make some things easier. If you want to keep running DHCP on your router, the most important setting is to make sure that the DNS server IP address it gives out is your internal DNS server. DNS is critical to proper AD functioning, but as long as the client know where to go for your domain's DNS you should be fine. That said, running DHCP on your domain controller or other server is not overly complicated. There is a basic step-by-step guide through this link. While DHCP options can get very detailed and obscure, for most small networks you are only going to need the bare minimum settings that that link shows: a range of IP addresses to give out with netmask, and IP addresses to give out for the gateway and the DNS server. You can't run two dhcp servers on the same network (for nitpickers read that as "shouldn't until you really know what you're doing"). So you'll have to turn off DHCP on your router and then turn it on on your server. You will know it is working if your clients are receiving a DHCP address, dns server and gateway when they start up. If it isn't working, you will end up with APIPA addresses instead. Those are in the 169.x.x.x network.

If you need automatic failing over to the backup, then search for "failover clustering" or "SQL server failover clustering." If you are going to manually fail over or can't afford clustering, then search for "SQL log shipping."

Yes, this is very possible. In Active Directory Users & Computers, open the user's properties. Go to the Account tab. Click the "Logon Hours" button. Select the times they are allowed to logon. For pictures, look at this page. For your second question, home folders are on the Profile tab of the above.

Right -- a 2008 server can only be a domain controller on a domain that has had the 2008 active directory updates done.

If you want the 2008 server to be a backup domain controller, there is no choice but to go through all of the hassle of upgrading the domain. If you want the 2008 server to only be a member server, then you don't need to do anything because there will be no active directory components on the 2008 server. But if the 2008 server is a member server, and the 2003 DC dies, then you will be creating your domain from scratch on the 2008 server. Unfortunately, there is not an option for "Make my 2008 server a domain controller on the 2003 domain without upgrading the active directory structure to 2008."

You can't get as granular as "Limit account BOB to one connection from one computer" (without access to client machines) but you can limit the total number of simultaneous users on a share. If you go into the Properties of your shared folder, go to the Sharing tab, and then click Advanced Sharing you should see in the middle "Limit the number of simultaneous users to:" and then a box where you can put in the number of users be it 1, 5 or ten thousand. But this may just result in different problems.

Essentially you are upgrading your active directory from 2003 to 2008. That's the only way to get a 2008 domain controller working in your 2003 domain. Without doing all of the upgrade steps for AD, your 2008 server can only be a member server and not a DC. Take a look at this page and follow the steps for "transition." It's not a minor task like adding a second 2003 DC would be.

The way that Share permissions works is that whatever you set on the Share folder is the MAXIMUM permission the group will have anywhere beneath that share. So if the U_Managers groups needs to have full permissions on a subfolder, then you have to give the group full permission on the Share. The way you refine the permissions is then to apply NTFS permissions on the folders. In your case, you would need to set read permission (or whatever level they need) for the U_Managers group on the Security tab of the Raports folder, and then on the Security tab for the subfolders give that group more permission.

This article should have most of what you need.

For just Windows Server 2008 -- without Exchange -- you can set up the SMTP service to serve as a mail relay, but otherwise there is no built-in email functionality: No pop/imap No mailing lists No webmail No junk/virus filtering You need to install Exchange or another email program to get those features. Of course, you can USE webmail with SSL from a server, but a 2008 server can't BE a webmail or email server without other software.

Yes, you can do this in your RRAS policy. It is on the Constraints tab of the policy under "Day and time restrictions." Just set the conditions of the policy to match the user or group to whom you want to apply the time condition.

Where do you have the ISO? Try moving it somewhere else -- like if you have it on a san somewhere, move it to the PC you're running the vCenter console from and attach it as a cdrom drive from there.

The regional settings are per user settings, so you won't be able to change them like that for everyone. If the users don't have the rights to change their own regional settings, then you can either edit their NTUSER.DAT hives to change the setting (Under Control Panel > International > sShortDate and sLongDate keys) or you can try setting a group policy for the server. You couldn't do a group policy on dates prior to Server 2008, but now you can do it under User Configuration > Preferences > Control Panel Settings > Regional Options. Right click the Regional Options and select New > Regional Options. I haven't tried this, so I make no promises.

Using dsquery and dsmod may be the easiest way, if you are talking about doing this on a continuing basis and not just once. A command like: dsquery user "" | dsmod group "" -addmbr For example: dsquery user "ou=Sales,ou=West,dc=MyDomain,dc=com" will return a list of users in the West > Sales OU of mydomain.com Then pipe that list into the dsmod command: DSMOD group "CN=Testing,OU=testou,DC=MyDomain,DC=com" -addmbr which will add all the users returned in the first part to the Testing group in the testou OU. If you want them to be added going forward, you'd have to put it in a script and schedule it to run every day or week or however often you want to keep them up to date. If they had query-based security groups in Windows, it would be easier to do. If you only need to do this once while you are setting up the domain, you can use the commands above, or you can just highlight everything in the OU and add them to the groups you want.

Is your VPN a part of your firewall, or are you running in through RAS on a Windows server? If it is a part of your firewall, you should be able to filter incoming connections and only allow the incoming port 3389 traffic to the rdp server. If you are running the vpn on a windows server, you could move the server to a dmz on your firewall; allow only vpn connections to that server, then only allow rdp from that server into your network.

In that gpo window, you just need to put the server name or ip address of the server in both boxes in the format: http://servername or http://ip.add.r.ess You can also look at this link. It shows pictures of Win2003, but it is the same in 2008.

The c:\ProgramData folder takes the place of the All Users folder of previous windows version. It's a hidden folder. Adding your mmc to the tools folder in your account's user folder should have added it to Administrative Tools folder that appears in your start menu > all programs > admin tools folder. Adding it to the c:\programdata folder will also make it visible for you, but (as with the all users folder) will make the mmc visible to all users who have access to the admin tools.

Do you still have the server plugged into the firewall? Even though you say things are pinging properly, the first thing I'd try is moving the server to one of the switches. It's easy to move the connection and the firewall adds a lot of possible complications as it appears that the zywall's ports are not just a simple switch, but rather configurable as lan/wan/dmz/etc. Additionally, you probably don't want all that server traffic going to your firewall, when it can stay on a local switch. If that is no help, have you run dcdiag on the server? What is the server pointing to for DNS?

Do you have the windows firewall on? If so, it's worth turning it off momentarily to check. If it's not that, I'd run netmon on the interface and see if connection attempts are actually making it to the nic. If you connections to the nic, are there responses out. If there are responses out, are they going to the correct network gateway.