Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Windows Server 2003 Domains and Internet security

vibnik
Member

on ‎01-11-2008 10:56 AM

I have set up a LAN. For security reasons, the Server is not connected to the internet. Thus, the

clients use the Server as the Primary DNS for internal aka LAN address resolution and use the

BT 2-wire 2700 as the secondary DNS for connecting to the internet.

 

Questions:

   

-   Any recommendation for a book or website to increase my Server knowledge and thus domains ?

-  The clients login is into the Server domain. For security, do I have to install Internet Security on all the

clients or is it wiser to install it only on the Server and expose the Server to the internet ?

      - I am concerned of employees bringing in USB sticks and installing software on their own. The company

         software mandates that the users have 'Admin' priviledges. I see no way to prevent them from doing

          System Admin tasks.

 

I appreciate answers to the above or practices followed in your LAN setup.

    

0 Kudos
2 REPLIES 2

Kirok
Master User

on ‎06-11-2008 02:45 PM

Train Signal do some good MS training in this area, it really depends though.

 

Whatever the clients use as their default gateway is what will provide internet to them and what all traffic with go through. I mean there are a couple of options

  1. Stick a 2nd network card in the Server 2003 box and hook that up to the ADSL router then use security on the router and RRASes builtin security (RRAS is Routing and Remote Access, a service on Windows Server used for security and sharing an internet connection)
  2. Hook the clients up to the router directory and just use the server 2003 machine for domain login

I'd avoid using home products, even though its BT business in my opinion that includes them, depending on the particular software product check the manufacturers website.

 

You can give people local admin access and use Group Policy to lockdown what they can do, for example stop the services used for USB sticks and disable the USB subsystem.

vibnik
Member
In response to Kirok

on ‎07-11-2008 11:01 PM

Thanks Kirok! Your comments were very helpful. I like to confirm that you take my words

'internet security' to mean norton internet security that provides anti-virus, spyware ... 

 

(Q1) At present, I am using Option 2 i.e. clients just log into the Server domain. Internet access is through the router. I assume that in this case I have to install norton internet security on

all the clients. Would this be true ?

 

(Q2) If I used Option 1, do I need to install norton at all ?

0 Kudos