Windows Server 2003 for Home Network [msce tests] [wireless router]
Q: I am an MSCE some tests later this summer and wanted a Server 2003 network to build my house. I have a PC and I have a copy (6 months trial) Windows install. Now, what I was curious and curious about the ideal method for setting the ideal network safety. I had a similar setup already working with Linux, but you want the ins and outs of learning MS.
I currently have a wireless router like most people DHCP, firewall, etc and handles other functions. Would be more and more an ideal network of the Server 2003 machine handle these functions have to deal with? Would it be better to simply plug the server into the router and let the router use these features?
My is to make the server machine for most of the networks to work and plug my cable connection in a network card. The server would handle firewall (maybe try to get some better firewall software to install and here), DHCP, DNS, and all those other things. Then a second network using Internet Connection Sharing would feed into the wireless router, which would have, and now the DHCP functions unnessecary off. This option would make more sense? Could this be a negative impact on the router? I plan to still leaving the router or firewall enabled for the security.
Re:Originally posted by: guy
Originally posted by: guy
guy is much more qualified than I am.LOL. If only that was true. 
You are too kind I'm a former bicycle mechanic, the unfortunate custodian of a WinNT 4.0 / Exchange 5.5 setup, and self-trained in what little I do know, so I think it's probably correct as stated 
Re:Your idea of having a single, permanent, Wndows Server and then virtualizing the rest should work just fine. I recommend using two NICs in the hardware server, connecting one to your hardware router and connecting the second to a switch, where all the rest of your PCs (both real and virtual) connect. This allows your main Server to control all Internet traffic, allowing ISA to fully function.
The only disadvantage to using a "real" server is that if you screw up the configuration (which you probably will several times in your learning process, your PCs will be off the Internet until you fix the problem, or until you rewire. When you use virtual servers, you just get one working like you want (DC, DNS, DHCP, etc. all functional), then copy the .VHD file. If you mess up your virtual server beyond repair, you just delete the messed-up .VHD file and use the good-as-new copy.
Regarding an external hardware router, you can keep it if you want. You just port foward any needed ports to the Server's IP address. The Server (or ISA) won't know the difference, as long as you forward all needed ports to your Server.
Re:Originally posted by: guy
guy is much more qualified than I am.LOL. If only that was true.
All of the comments here are good advice and answer some of your questions that I didn't address.
Re:That's what I figured. But as you said, I might need more than one server so I might as well try to mix and match. I can have my domain on the dedicated box and the rest going from virtualized servers. Man, this whole virtualization thing is really cool. Really revolutionizing things.
Originally posted by: guy
As for the connecting the Server 2003 box directly to the Internet – I figure this would be a good idea (after everything is configured like you said) so I could install a network firewall (perhaps ISA if there is evaluation versions) across the board similiar to what I was doing previously with a Clark Connect server. I'm guessing there are network firewall alternatives to ISA? So by your suggestion, its a better idea to just plug the Server into the router and just let the router handle firewall? Is there any way I can get the best of both worlds?
So what is your recomendation on this? Thanks again for the great info – I can go back into my hole after I figure out this last thing.
Re:Originally posted by: guy
About virtualization – the question I was wondering and that was also holding me back – it may seem kind of silly. If I were to setup a virtual server on this XP machine for example and I wanted to a have a domain created on my virtual server. Let's say I reboot my machine that is hosting the guest server OS and I then want to logon onto my domain – won't the virtual OS be down until I can actually log back into Windows and start it up? No, you won't be able to join a virtual Domain that's on your own XP box. You can only use your local XP computer as a workstation on your virtual Domain. That's why you'll probably want to just create a virtual XP window. THAT one can join your virtual Domain.
You can't start Virtual PC (and its virtual servers) until AFTER you've logged into your host XP computer.
Re:Originally posted by: guy
From what he described, I thought he had another PC to use for this, although I also suggest using a virtual OS app (VMWare Server, VM Player, etc)Yeah, but to work on an MCSE, one Windows Server won't be enough. Many of the exercises in the MS Certification texts, for instance, require two servers PLUS an XP client. So you STILL need some virtual servers, unless you want to have two or three extra computers laying around. It's SO much easier when you go virtual.
My Virtual PC 2004 right now has two Server 2003 virtual servers (180-day trial editions), one Server 2000 virtual server, one Windows 98, and one XP Professional. The problem with XP is that you can only use it for 30 days without activating it or re-installing it. Or you can just dedicate an XP license to a virtual machine and go ahead and activate it. You can always use your own XP box as a client to your virtual servers.
Re:That is some great information there. Thanks for the tips! I was thinking about the virtualization route but I figure, what the hell, I might as well put the extra PC to use.
About virtualization – the question I was wondering and that was also holding me back – it may seem kind of silly. If I were to setup a virtual server on this XP machine for example and I wanted to a have a domain created on my virtual server. Let's say I reboot my machine that is hosting the guest server OS and I then want to logon onto my domain – won't the virtual OS be down until I can actually log back into Windows and start it up? Or do virtualized OSes run seperately from the host OS – ie, they would both simulatenously but seperately and I would therefore be able to logon to my server domain (the guest OS) from my client machine (the host of the guest OS) if I were to reboot my machine or whatever? Sorry if this sounds confusing but I hope someone is following what I am saying. 
As for the connecting the Server 2003 box directly to the Internet – I figure this would be a good idea (after everything is configured like you said) so I could install a network firewall (perhaps ISA if there is evaluation versions) across the board similiar to what I was doing previously with a Clark Connect server. I'm guessing there are network firewall alternatives to ISA? So by your suggestion, its a better idea to just plug the Server into the router and just let the router handle firewall? Is there any way I can get the best of both worlds?
Re:guy is much more qualified than I am, but I'll throw some ideas out there for critique anyway
To start with, I wouldn't plug WS2003 right into the Internet unless you know what you're doing. Having the server sit between your PCs and the Internet is what ISA Server (http://www.microsoft.com/isaserver/evaluation/overview/default.mspx) is for.
If you do actually install onto a real server, then it would make sense to install WS2003 while the computer is fully un-networked, no wired, no wireless. Then patch it to SP1 level offline using the full SP1 installer (), and switch on the Windows Firewall with no exceptions allowed, to start you off somewhat secure. Key concept: don't expose the darn thing to potential sources of attack until you're good and ready, and be as ready as practical when you finally do.
Now hook it up to the router, update antivirus & reboot, update Windows & reboot, and if possible, make an Automated System Recovery backup onto a spare HDD that has nothing else on it at all (assuming you don't have a tape drive).
After that, burn it all down 
by reformatting the boot drive, and then see if you can recover from the ASR backup Key concept: in the real world, a recovery plan has to work, so learn how.
Once you got that skill down, now run the Configure Your Server Wizard that keeps hassling you at bootup, and make it into a domain controller, file server, DHCP server and the stuff that comes along with those roles. After that's done, run the Security Configuration Wizard to batten the hatches, and then make another ASR backup and begin goofing around and trying the stuff in your training materials.
Also slap WSUS on there and learn how to use it. Make some Group Policies and practice deploying, redeploying, removing and configuring software with them, as well as Windows and its components. Practice your backup & recovery. Break stuff, figure it out, burn it down, do an ASR recovery while you have pizza, try it again
Also (duh) follow your training coursework step-by-step.
Re:From what he described, I thought he had another PC to use for this, although I also suggest using a virtual OS app (VMWare Server, VM Player, etc)
Id turn off the DHCP on the router, and setup the server to do DNS and DHCP in the least, esp if your going to be learning and active directory lives on DNS, might as well have it running my 2003 so its integraated.
- leave the router to do the firewall function, just make the router a static IP and in the DHCP in the server, make sure to enter the routers IP in the settings so everything on the LAN gets the correct IP of the router (gateway)
Re:First, if you are studying for MCSE, buy or download a trial copy of either Virtual PC 2004 (which is what I've been using), or Virtual Server 2005 (free).
Then, load trial versions of Windows Server 2003 into multiple Virtual PC windows. This will allow you to set up virtual networks, with multiple servers, on your desktop PC. It's MUCH easier and faster than building real servers, and behaves identically. The only thing you can't do is multiple-server clusters.
Install Microsoft's Loopback Adaper on your local PC. This allows you to create virtual network cards within Virtual PC that allow the various virtual PCs to talk to each other without interfering with your real network. You can add up to 3 virtual network cards for each virtual PC.
If you actually want a Virtual Server to be on your network (maybe connected to your router), you can do that by using a "real" NIC on your PC within Virtual PC. It'll have a different IP address than your "real" PC and can function on your home network just like another PC.
Related posts
Tags: msce tests, wireless router