Old Bodge-Up: Where to Start

G

Guest

I am not experienced with setting up networks, and I am trying to do
something with a non-functioning one that I have inherited in a very
small organisation without the resources to get someone in.

It is currently a peer-to-peer network, mixture of XP Home and XP Pro,
connected by a BTInternet router which acts as four-socket hub and DHCP
server. There are three main issues to address.

1) It doesn't work. This may simply be bypassed by making the other
changes, but it's worth noting. Some PCs can access the Internet, but
some can't. Some PCs can browse others, but some can see icons for
shared areas on other PCs, but can't browse them (error messages very
vague, mentioning permissions, lack of resources etc, but there must be
some general problem). Some can't even see icons for the others. DHCP
assignment of IP addresses in the same range as the router seems not to
work a lot of the time, but even when manually assigned in the same
range, the problems are the same.

2) There aren't enough sockets, so I want to add a five-socket Netgear
switch I've got. But here I am a bit confused about the uplink
situation. The Netgear switch has an uplink button, and I assume I
would need to use that or a crossover cable to extend the network, but
at the same time, the Internet router is just another network device,
which I wouldn't expect to treat as an uplink, so I am not sure of the
configuration when it doubles as a hub.

3) I want to add in an old server, on which Windows 2000 Server will be
installed, to provide a proper shared area that everyone can browse and
a domain for proper security. So there's a number of questions here.
Firstly, where should I plug this into whatever switch/router
configuration I end up with? Should I try to use the server as the
DHCP server for the domain I want to create? Should I just abandon
DHCP (if the BT router will allow that)?

If it comes to it, I assume that BT will advise on the router settings,
but won't support anything else, which generally means refusing to
answer questions, so any advice will be very gratefully received before
I waste too much time on the phone to them.
 
C

Charlie Tame

If the router has a firewall use it, that reduces the risk of invasion when
you relax security settings on other machines (or if the settings are
screwed up anyway).

You could use the new (old) server for this if you want to go right to the
shared folders you'll be using.

Concentrate on getting the router info (What it can do and what it can't) if
you can find it. Then get one PC up and running through it, I suggest you
sign in as Admin and come up with a decent password (you know 8+ characters,
caps numbers and # or similar) and then go to the shared files and make sure
that sharing and NTFS permissions will give that user access. You "Should"
change the name from Administrator so do that and reboot first if you like.
Since it's 2000 server you may find the DHCP and DNS and WINS server
services running by default. Stop them for now and see if the router will do
it. (I am assuming that settings info for the router will be harder to find
than 2000 server stuff :) Don't stop the clients.

Strictly speaking it should have a fixed IP but you can always try automatic
settings in the interface properties if you have trouble, then fix the
settings at whatever the router gave you.

Next insert the switch and see that all still works with regards to internet
access etc. If it does check for security updates right away.

Now set up the same admin user name and password on another machine. Check
the interface properties and set to automatic IP and DNS. If the server
worked this should work. See if you can see the shares on the server. If you
can then you should get all the others up and running by following similar
procedure. Try through the switch and both in the router if you have
problems, that will help narrow down the problem area if there is one.

As you get a machine up and running start it doing updates at the Windows /
Microsoft Update sites, that will save a bit of time.

PLEASE NOTE:-

I am sure this is "Not" the official or proper way to go about this because
it takes little account of security but I am assuming a couple of things
from your post.

1. You want to see if the hardware is going to work for you.
2. You don't want to take a lot of time only to find it has to be done over
if machines you are unfamiliar with have their own problems.
3. It is likely that there are already security problems but you don't want
to reinstall 4 machines at the same time so we don't have that much to lose.
4. That the network did work in the past.
5. There is a risk that one infected machine may infect others - the broken
network may have been a good thing in that sense - if you can do Antivirus
check first by all means do so.

To be honest I think much of your trouble will be resolved when you have the
common Admin user to begin with and then work through and set up users
properly with the right access... as far as internet access is concerned if
the procedure gets one machine working then problems with other machines
will give you the clue that it's the machine rather than the network.

As for the hardware I'm not familiar with it but I would think if there's an
outlet on the switch marked uplink use it, if they are not marked
differently use any, and no crossover cable should be necessary unless the
manual says so.

Then you might want to come back and get more technical advice on security
from the real network experts here. I'm not but I have been in your
situation a couple of times :)

Charlie
 
G

Guest

Charlie said:
If the router has a firewall use it, that reduces the risk of invasion when
you relax security settings on other machines (or if the settings are
screwed up anyway).

You could use the new (old) server for this if you want to go right to the
shared folders you'll be using.

Concentrate on getting the router info (What it can do and what it can't) if
you can find it. Then get one PC up and running through it, I suggest you
sign in as Admin and come up with a decent password (you know 8+ characters,
caps numbers and # or similar) and then go to the shared files and make sure
that sharing and NTFS permissions will give that user access. You "Should"
change the name from Administrator so do that and reboot first if you like.
Since it's 2000 server you may find the DHCP and DNS and WINS server
services running by default. Stop them for now and see if the router will do
it. (I am assuming that settings info for the router will be harder to find
than 2000 server stuff :) Don't stop the clients.

Strictly speaking it should have a fixed IP but you can always try automatic
settings in the interface properties if you have trouble, then fix the
settings at whatever the router gave you.

Next insert the switch and see that all still works with regards to internet
access etc. If it does check for security updates right away.

Now set up the same admin user name and password on another machine. Check
the interface properties and set to automatic IP and DNS. If the server
worked this should work. See if you can see the shares on the server. If you
can then you should get all the others up and running by following similar
procedure. Try through the switch and both in the router if you have
problems, that will help narrow down the problem area if there is one.

As you get a machine up and running start it doing updates at the Windows /
Microsoft Update sites, that will save a bit of time.

PLEASE NOTE:-

I am sure this is "Not" the official or proper way to go about this because
it takes little account of security but I am assuming a couple of things
from your post.

1. You want to see if the hardware is going to work for you.
2. You don't want to take a lot of time only to find it has to be done over
if machines you are unfamiliar with have their own problems.
3. It is likely that there are already security problems but you don't want
to reinstall 4 machines at the same time so we don't have that much to lose.
4. That the network did work in the past.
5. There is a risk that one infected machine may infect others - the broken
network may have been a good thing in that sense - if you can do Antivirus
check first by all means do so.

To be honest I think much of your trouble will be resolved when you have the
common Admin user to begin with and then work through and set up users
properly with the right access... as far as internet access is concerned if
the procedure gets one machine working then problems with other machines
will give you the clue that it's the machine rather than the network.

As for the hardware I'm not familiar with it but I would think if there's an
outlet on the switch marked uplink use it, if they are not marked
differently use any, and no crossover cable should be necessary unless the
manual says so.

Then you might want to come back and get more technical advice on security
from the real network experts here. I'm not but I have been in your
situation a couple of times :)

Charlie
Click to expand...


Thank you for these suggestions. Just to clarify; yes, the router has
got a firewall, and I really would rather leave that in place than rely
on the users to keep the correct firewall settings.

It's also quite likely that the problems may stem from PCs being
riddled with worms. The Antivirus situation seems to have been
haphazard, so even if the firewall is preventing harmful stuff going
out, it could still be eating up resources internally.

So I think what I will do (note: this is what I am proposing to do, in
order to be shot down, in case anyone glancing at this in the archive
thinks it's advice from an expert), without disconnecting the few who
can, is

1) Install Windows 2000 on the old (new) server

2) Get appropriate antivirus for the server (I guess Netshield for a
server, but might any do?)

3) Get info from BT in the meantime about the router and how to log in
and change settings.

3) Plug the server into the router and see it will connect, perhaps
trying DHCP and then giving it the same IP address as fixed.

4) Adjust the router settings as necessary.

5) Get some consistent virus protection for the PCs and clean out any
worms.

6) Somehow get files on to the server first, in case PCs need to be
rebuilt (may not be practical).

7) Add a couple of PCs to the domain I've created on the server (all
kinds of complication in the meantime, eg will they be able to connect
to the Internet or the server?).

8) Add in the Netgear switch in various configurations .... well, who
knows what this may lead to.

Incidentally, I am not sure whether to use the Netgear switch as the
main one, ie plug the server into that and have router as a separate
device giving Internet access, or whether to use the router as the
central switch (with the server in it) and extend it using the Netgear.

Also, when I plugged a PC into the Netgear switch, and the switch into
the router using normal cable with uplink button pressed in, I
initially got Internet access, but then it was cut off. Unplugging and
replugging the cable restored Internet access, which was then cut off
again, and the same repeatedly. For the time being I've plugged that
PC back into router directly.

Phew. I hate computers.
 
C

Charlie Tame

Thank you for these suggestions. Just to clarify; yes, the router has
got a firewall, and I really would rather leave that in place than rely
on the users to keep the correct firewall settings.
Click to expand...


Advice with all new OS installs from MS is not even connect to the internet
before applying service packs etc... I had W2003 hijacked in no time despite
firewall (No problem I do that for entertainment mostly) so it is a valid
methodolgy and no mistake.

It's also quite likely that the problems may stem from PCs being
riddled with worms. The Antivirus situation seems to have been
haphazard, so even if the firewall is preventing harmful stuff going
out, it could still be eating up resources internally.
Click to expand...


That is what I was thinking, like I said BTDT :)

So I think what I will do (note: this is what I am proposing to do, in
order to be shot down, in case anyone glancing at this in the archive
thinks it's advice from an expert), without disconnecting the few who
can, is

1) Install Windows 2000 on the old (new) server

2) Get appropriate antivirus for the server (I guess Netshield for a
server, but might any do?)
Click to expand...


Have tried many of the free ones and home versions and most will no longer
run on server versions though they often will on XP Pro and I haven't yet
found much you can't serve up on XP pro :)

3) Get info from BT in the meantime about the router and how to log in
and change settings.
Click to expand...


Good luck, try google with model numbers etc, you never know...

3) Plug the server into the router and see it will connect, perhaps
trying DHCP and then giving it the same IP address as fixed.
Click to expand...


Well server will gripe about auro address during setup but you can go with
it... but as soon as you get up and running stop the servers like DHCP DNS
WINS, WEB, FTP, NNTP, SMTP and anything else you installed - some of them
are options and you probably dont want to even install - I install
everything so I can see if I can break it :)


4) Adjust the router settings as necessary.

5) Get some consistent virus protection for the PCs and clean out any
worms.
Click to expand...


Well (Overtime maybe) pull the pugs for everything except the server until
you get service packs and updates all done. You will be much safer then.

6) Somehow get files on to the server first, in case PCs need to be
rebuilt (may not be practical).
Click to expand...


Hmm, I guess you could diable MS networking and do that with the 2000 FTP
server - that would stop any MS specific worms I guess but enable you to
upload stuff... dunno if this is worthwhile or not due to the extra labor of
having to set up FTP. There again no MS Networking could be a good idea.

7) Add a couple of PCs to the domain I've created on the server (all
kinds of complication in the meantime, eg will they be able to connect
to the Internet or the server?).
Click to expand...


Well I guess you will have to have a user with credentials to join the
domain on each - I am no domain expert by any means so you could try a
question in the server groups...


8) Add in the Netgear switch in various configurations .... well, who
knows what this may lead to.
Click to expand...


I think that will work well, biggest PITA is going to be sorting out what's
on those PCs I reckon. First thing you can put on the FTP site (if that's
what you opt for) is archives of Antispyware and AV stuff.

I mean if the PCs with net access don't have AV software I guess that would
be a good first step, and antispyware. Of course there's licensing issues
but my guess is you want to try before you buy and some may be reformatted
anyway.

Incidentally, I am not sure whether to use the Netgear switch as the
main one, ie plug the server into that and have router as a separate
device giving Internet access, or whether to use the router as the
central switch (with the server in it) and extend it using the Netgear.
Click to expand...


Actually two routers is a security measure that's recognised - with just the
server behind it, but the switch won't protect you either way (unless I've
missed something - always possible) so I don't think it matters.

Also, when I plugged a PC into the Netgear switch, and the switch into
the router using normal cable with uplink button pressed in, I
initially got Internet access, but then it was cut off. Unplugging and
replugging the cable restored Internet access, which was then cut off
again, and the same repeatedly. For the time being I've plugged that
PC back into router directly.

Phew. I hate computers.
Click to expand...


Well it's not cable trouble then, else it wouldn't work at all. This link
makes me think the uplink button is an alternative to crossover cable.

http://www.cdromshop.com/cdshop/desc/p.606449000818.html

My el cheapo thing is fully automatic - just been doing this stuff at work
and if only pulling 200 feet of cable through underground conduit was that
simple :)


How long was "Repeatedly" by the way? The time might ring a bell with
someone here. Did the PC have a fixed IP or not?

Anyway, good luck.

Charlie
 
G

Guest

Charlie said:
Advice with all new OS installs from MS is not even connect to the internet
before applying service packs etc... I had W2003 hijacked in no time despite
firewall (No problem I do that for entertainment mostly) so it is a valid
methodolgy and no mistake.




That is what I was thinking, like I said BTDT :)




Have tried many of the free ones and home versions and most will no longer
run on server versions though they often will on XP Pro and I haven't yet
found much you can't serve up on XP pro :)




Good luck, try google with model numbers etc, you never know...




Well server will gripe about auro address during setup but you can go with
it... but as soon as you get up and running stop the servers like DHCP DNS
WINS, WEB, FTP, NNTP, SMTP and anything else you installed - some of them
are options and you probably dont want to even install - I install
everything so I can see if I can break it :)





Well (Overtime maybe) pull the pugs for everything except the server until
you get service packs and updates all done. You will be much safer then.




Hmm, I guess you could diable MS networking and do that with the 2000 FTP
server - that would stop any MS specific worms I guess but enable you to
upload stuff... dunno if this is worthwhile or not due to the extra labor of
having to set up FTP. There again no MS Networking could be a good idea.




Well I guess you will have to have a user with credentials to join the
domain on each - I am no domain expert by any means so you could try a
question in the server groups...





I think that will work well, biggest PITA is going to be sorting out what's
on those PCs I reckon. First thing you can put on the FTP site (if that's
what you opt for) is archives of Antispyware and AV stuff.

I mean if the PCs with net access don't have AV software I guess that would
be a good first step, and antispyware. Of course there's licensing issues
but my guess is you want to try before you buy and some may be reformatted
anyway.




Actually two routers is a security measure that's recognised - with just the
server behind it, but the switch won't protect you either way (unless I've
missed something - always possible) so I don't think it matters.




Well it's not cable trouble then, else it wouldn't work at all. This link
makes me think the uplink button is an alternative to crossover cable.

http://www.cdromshop.com/cdshop/desc/p.606449000818.html

My el cheapo thing is fully automatic - just been doing this stuff at work
and if only pulling 200 feet of cable through underground conduit was that
simple :)


How long was "Repeatedly" by the way? The time might ring a bell with
someone here. Did the PC have a fixed IP or not?

Anyway, good luck.

Charlie
Click to expand...


The one in the link looks very similar to mine, but one less socket.
I've been toying with another order of events, ie set up the server and
a couple of (scrubbed) PCs with the Netgear switch, to set up that
domain etc, and THEN plug into the Internet router.

It's difficult to get the updates without connecting to the Internet of
course, so it might be, install server, connect server to Internet,
download updates, disconnect from Internet, set up local domain,
reconnect to the Internet ...

Oh well, thank you for all your knowledge and advice. I suspect that
there are going to be unforeseen frustrations whatever I do, but the
key is to clean up all the PCs and ensure that there is proper antvirus
and antispyware.
 
C

Charlie Tame

Oh well, thank you for all your knowledge and advice. I suspect that
there are going to be unforeseen frustrations whatever I do, but the
key is to clean up all the PCs and ensure that there is proper antvirus
and antispyware.
Click to expand...


I'm not at all sure that knowledge and experience are the same thing, I know
a few people with plenty of experience - of doing it all wrong for many
years :)

If you have time to sort out two of the non functional PCs and the server
concurrently that's great - I can't help any with domain settings though
since I don't have knowledge or experience there, that'll be the server
groups I should think.

Maybe you can post back with your findings, it is possible it may just be
timed right to help someone else. I suspect you have really inherited a
fairly common scenario.

Don't recall whether your 2K server was up to date or not but I'd at least
download SP4 in advance before hooking it up to the rest if it's not.

Good luck again

Where in the UK are you BTW? I am from the Coventry area originally, getting
the snow gear ready for another Iowa winter now though :)

Charlie
 
G

Guest

Charlie said:
I'm not at all sure that knowledge and experience are the same thing, I know
a few people with plenty of experience - of doing it all wrong for many
years :)

If you have time to sort out two of the non functional PCs and the server
concurrently that's great - I can't help any with domain settings though
since I don't have knowledge or experience there, that'll be the server
groups I should think.

Maybe you can post back with your findings, it is possible it may just be
timed right to help someone else. I suspect you have really inherited a
fairly common scenario.

Don't recall whether your 2K server was up to date or not but I'd at least
download SP4 in advance before hooking it up to the rest if it's not.

Good luck again

Where in the UK are you BTW? I am from the Coventry area originally, getting
the snow gear ready for another Iowa winter now though :)

Charlie
Click to expand...


Good point about SP4. Will certainly download that first and get it on
to something removable.

I am in London. The skiing here isn't as good as in Coventry ...

Thanks again.
 
C

Charlie Tame

Good point about SP4. Will certainly download that first and get it on
to something removable.

I am in London. The skiing here isn't as good as in Coventry ...

Thanks again.
Click to expand...


The skiing in Iowa's not that good, too flat, but it's not lack of snow
that's the problem :)

Charlie
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

win2k dhcp issues two types of ip 2
no Authentication 1
New network 1
Some workstations can not join domain 0
Connecting two switches with auto-uplinks? 3
What is the difference between "WAN" and "LAN" ports on a router 2
Pondering... Home Network Setup... 6
Windows 2000 DHCP 9

Top