Jump to content
Forum²

mmthomas

Members
  • Posts

    214
  • Joined

  • Last visited

  • Days Won

    6

Everything posted by mmthomas

  1. Your DHCP server should not be giving out 127.0.0.1 as the DNS server. DHCP should be giving 169.254.59.1 as the DNS server. If clients get 127.0.0.1 as the DNS server, they won't be able to resolve names to ip addresses. The gateway should be 169.254.59.246. If you have your server and the router in the same subnet, the gateway MUST be the device that connects to the outside networks -- in this case, your router. If you want everything to go through the server, then you are going to need 2 NICs in the server -- one connected to the router and one connected to the rest of the network. Then you'll have to set up RRAS to do the routing for that.
  2. Here is a good overview of ways to protect the administrator account. You can also configure lockouts so that the account is locked out after X bad password attempts.
  3. mmthomas

    Hello

    Welcome to the forum! -Matt
  4. Create a group policy on your Servers OU. In that policy, modify Computer configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Allow log on locally. Add the Server Support Team group to that policy.
  5. You can restrict the ability to "log on locally" and "log on through terminal services" through group policy. You can either do this through the Local Security Policy on each server (Local Security Policy > Local Policies > User Rights Assignment & configure the "Allow log on locally" and "Allow log on through terminal terminal services" policies), or you can create a group policy an OU if you have all of those servers in their own OU. (If you know something about group policies, you could also create the policy somewhere else, put all of those servers in a security group, and then security filter your policy by that group.)
  6. You're looking for what Microsoft calls "auditing" rather than logging or recording. If you google for auditing account logon events, you will find more information. Unfortunately for your reporting, this logs more than just logging on to a computer and then logging off for the day. It also logs every time a user is authenticated -- using a network share, connecting to a network resource, etc. Also, it just throws it all into the Events log which isn't so easy to run reports from. This old thread here also has a vbscript for pulling out logon events. You can also purchase something like GFI EventsManager which has a number of reports available.
  7. See if this thread over herehelps. Though this thread may be a little old, it looks like some versions of Mac OS had trouble with the smb signing defaults for 2008. Some got around it by removing smb signing on the server, others by changing the mac-side authentication to 128-bit instead of 40-bit.
  8. Try running a disk check. I haven't seen it in 2008, but I've seen disk errors cause weird problems like this before. Another option/workaround, can you get inside the folder but just not rename it? If so, I'd make a new subfolder, move everything over to it, and then delete the old one or remove all permissions to it.
  9. It may sound like a silly question, but is the backup actually finished in the morning when the tape is ejected? If the backup has filled up the tape, it will eject it and ask for another. So it could be filling the first tape and then continuing onto the next tape and ejecting it when the backup is finally complete.
  10. Is your test hardware old? My personal preference is to use redundant RAID when it is available even if another option would offer faster performance. Even if it's for testing purposes, you can lose a lot of time and work if a disk fails. You don't say what your total number of disks is, but I would do the whole thing as a raid 5 if I were running vmware as the host. If you have plenty of disks, either two RAID 5s or a mirrored set and then a raid 5. Your configuration may depend on what your live environment is like and what exactly you want to test in your test environment. If your hardware is relatively new (i.e. not old and slow), then I don't see a benefit of squeezing out the extra storage performance unless you are testing to use that sort of setup in your live environment -- which I wouldn't recommend anyway as redundancy is usually better.
  11. Do you have full control on Folder A as well?
  12. Even though you are the owner, you can still not have permission to make changes. However, if you are the owner, you should be able to give yourself permissions to make the change. So, check the NTFS permissions on the folder and give the administrator account full control and then try your change again. Also, if you are not logged onto the machine to make the change and are going through a share, then your ability to rename the folder can be affected by the sharing permissions on folder A as well.
  13. Hi, Redbanit. Welcome to the forum!
  14. Windows Server 2008 Inside Out by William R. Stanek is good for a single book. The MCITP Self-Paced Training Kit for Windows Server 2008 Core is not bad if you really want to learn some in-depth information about administering Server 2008, but it comes at price in both money and time. It also included evaluation software for windows Server 2008 if you don't have it already.
  15. Hello and welcome! -Matt
  16. You may have installed an early version of Server 2008. It's creation of the administrator account was a little different. If you are seeing the "Other User" button at the end of the install, try putting in "administrator" for the user id and leave the password blank. If that lets you in, you can change the password once you are logged in.
  17. Are you saying that you can't login or that create a new user? If you are trying to set a password, it looks like the first password should work, but the other two that you list wouldn't. Part of the complexity requirement is that you can't have two consecutive characters the same in the password as in the account's full name and it looks like you have VM in common for some of those. But you shouldn't get an "incorrect password" error if you just are trying to set the password, you would get a "this password does not meet complexity requirements" message. -Matt
  18. Here is a pretty good set of instructions for installing and setting us IIS on Server 2008. Are you behind a router or firewall? If you are, after you get IIS and your website working on the server, you will need to configure your router or firewall to pass port 80 traffic through and forward it to your server.
  19. You can do that on Windows 2008 or Linux/Unix, but most of what you are asking for is not built-in to either operating system and will require specialized web application programming to accomplish. Just hosting DNS services is built in to both Windows 2008 and Linux/Unix, but generating, creating and registering domain names will all require custom programming for the web front end as well as some kind of database on the backend. There may be portions of such a solution that you can purchase off the shelf (such as a billing system, credit card payment system, client info and registration database) but there will still be programming to do to interface all of these correctly. There are not that many companies providing this kind of service, thus there isn't much demand for an off the shelf total solution. So, you may want a novel size answer on why you can't do this yourself, but an answer on how exactly to do it would be even longer than a novel.
  20. Have your router do the NAT or, if you are a business, replace the wifi router with a wifi firewall like a Sonicwall TZ series. It is an additional expense (but only $200-$300 for a low end Sonicwall), but putting your server right on the internet (as you would be doing if it is doing the NAT for the network) is far less secure. Even if you can't afford the firewall, I would still let the router do the NAT so that the firewall on your server can be set to only allow connections from internal machines. Having your server do the NAT for your network needlessly complicates things and for the price of the extra NIC you could have bought a firewall -- unless that server is going to be an ISA server, in which case I would still suggest getting a device firewall instead.
  21. After further investigation, it appears that a number of people have had this same problem installing 2008 R2. They seem to have gotten around the issue by disabling write caching on the drive where active directory is installed, but for others that didn't work and they don't seem to have found a resolution. It could also be some kind of DNS problem. Is the server IP info pointed to itself for DNS? Are any of your NICs set to DHCP?
  22. What does your DHCP configuration look like? What is your IP range?
  23. Aha, you may want this then: Remotely install software using group policy. That says 2003, but at the bottom it shows that it also applies to Server 2008. You may find that, though, that some settings have moved slightly in server 2008. If you open Group Policy Management Editor from Administrative Tools, you'll find software installation under Policies >> Software Settings in either Computer Configuration or User Configuration depending on whether you want to Assign or Publish it. (See the link for the difference.)
  24. I'm going to ask you some questions and give you some places to look for other things. What do you mean by "nothing happens?" It doesn't boot? It doesn't power on? Nothing changes? I don't know what you mean by "IP Crashes." Do they not get an IP address from DHCP? Do they get an address but then they don't work? Something else? It sounds like you want to set up Terminal Services. This is also called Remote Desktop Services in Windows Server 2008. This means that the clients use Remote Desktop to connect to the server. This page has information about RDS and how to set it up in Win2008. Group policy can be complicated and it will take some study to be comfortable with it. In a school environment, when you will have students logging in to the domain controller as a terminal server, you will really want to make sure that you lock things down. Like messing with the registry, you can really cause problems by misconfiguring your policies. If you aren't familiar with group policies, there are a lot of webcasts here with explanations. Here is a decent set of policy info for terminal services under Windows 2003 most of which will still apply with 2008. The National Security Agency actually has some decent guides for group policy and security, but unfortunately they haven't published any Win2008 guidance, yet. You can google a lot of group policy info.
  25. Yes, I think setting up remote desktop and terminal services is easier in 2008 than previously, and it makes most of the necessary changes for you, so I am running out of ideas, but I'll keep trying.
×
×
  • Create New...