networking with server 2000

I am a high school web design teacher in desperate need of networking advice. I just transfered to a new school that has an overworked tech specialist who really doesn't understand working with Server 2000. My lab has 34 computer stations with Windows 2000 Professional. It also has two server computers with Windows 2000 Server. One server is set up as, I believe, a proxy server. It is the gateway out to the Internet. The other one is used to hold commonly shared folders for the students to keep work in and the teacher to leave daily instructions in.

The lab needs a complete reghosting. Last year's teacher apparently let the students run amok and everything is ******* up. I have basic networking skills and ran a Windows 4.0 NT server a few years ago and I have a personal peer to peer home network with Windows XP. I need to reset up, after ghosting everything, the network. I need to have two domains; one for students and one for me. I teach web design and really don't have time for all of the studying I need to do to properly get things set up. I really need help with the following:

How do I set up the one server to act as the gateway to the Internet when it is on?

Is there a control in Windows 2000 Server that allows me to close the Internet gateway without having to shut down that server?

When everything is reghosted will the computers automatically recognize each other or do I have to do something to get them to communicate?

Is there a magic combination of permission settings needed on Windows 2000 Professional to allow students without admin control to execute an application on a computer when they log in as a student? (This question is because Photoshop will not fully open when logged in as a student but will as an administrator. I receive an error messages that some permissions may not be authorized. I have looked at the student domain permissions on the program folder and everyone refering to reading and/or executing is checked. In addition the traverse folder is also checked.) Last year the teacher just gave all of the students the administrator password so they could use the program.

I really would appreciate any help given. The network was originally set up by a student who has graduated and lives elsewhere. No one else seems to know what to do.

Thank you so much!!

 

sarat - welcome to the forum. Sounds like you were left quite a mess.

A bit of information and some clarifications before we plunge into this thing.

I need to reset up, after ghosting everything, the network.
Do you mean specifically Norton Ghost and that you have a proper ghost load for the student workstations?

I need to have two domains; one for students and one for me.
Would you rephrase this one without using the word domain. I need to be sure what your needs are and my guess is that in this context, you mean one thing by a domain while us networking weenies would mean another.

How do I set up the one server to act as the gateway to the Internet when it is on?
Depends entirely on what sort of internet connection your overall system (the entire school?) has. Probably best to ask your tech and then post the info here.

Is there a control in Windows 2000 Server that allows me to close the Internet gateway without having to shut down that server?
What, exactly, do you want to do? Deny student access, deny student access at specific times, something else?

When everything is reghosted will the computers automatically recognize each other or do I have to do something to get them to communicate?
If the ghost load is well done and your system is using an auto-network-config feature like DHCP, yes. Otherwise it may need to be either done by hand or at least tweaked.

To allow for that, best to save a complete picture of the network settings that work now. Also would help to give you a complete answer to see this same information. Please do the following and post the contents of the resulting text file with the other information. Do one from your workstation and one from a student machine that is connecting to the network now.
start~run~cmd
ipconfig /all > c:\ipconfig.txt (note the space before and after the >)

 

Networking server 2000

Thank you for replying. Below I will try to more specifically clarify my needs.

1. We use Norton ghost. Next week we are expecting to receive the rest of the software we need for the student stations. When we get it we are going to completely reconfigure one of them, from scratch, and then use the image on the other stations. All of the stations are identical, hardware wise.

2. Domains. I want to have a group of users called students. Then I would like to create a username and password for each student of mine. I want to have the students in a group so I can assign permissions to the whole group. Of course there will ba another group called adminstrator, which I plan to be a member of.

3. I think I figured out the Internet Server issue. I found in the Control Panal a "Services" icon and in the list was a free proxy server. I now know I can shut down the students Internet access by turning that service off. I want to be able to control their Interent access. A log of Internet traffic from all of the schools' servers is keep by the main IT office, downtown. I want to be able to turn off the Interent during some projects that don't require Internet access. I don't need to shut the Interent down individually, although if that is possible I would love to know how so I can use it to "punish" kids who abuse their Internet priviledges.

4. How do I know if my classroom lab uses a DNCP connection?

5. Since I posted my first posting, our school's "tech specialist" requested downtown's IT staff to reghost the two servers in the room. Apparently on Thursday one of them crashed the school network because it was "checking for IP addresses throughout the network." I have no idea how to handle that problem and nor does my tech specialist. So, we figured if the harddrives were wipped out and server 2000 was reloaded we could start from scratch.

6. While I have your attention I was wondereing if their was some magical combination of permissions needed to make sure software properly worked on the machines. At this moment, if you were to log onto a student station as a student and tried to open up Photoshop 7.0 you would receive an error message that you don't have permission to certain files. Now, if you log on as an admistrator, you can fully exectute Photoshop. I looked at the Photoshop folder permissions and all that related to reading the files were checked for the student group. The tranversing the folders option was also checked for them. (This problem is one reason why things are such a mess in the lab. The teacher gave out the administrator password so the kids could use Photoshop, instead of asking for help. The administrator password for the student stations is the same as the one for the two servers.)

Thank you again for your help!!

Sara

 

I'll take these slightly out of order.

5. You really and badly need a new tech specialist or more network training for the one you now have.

4. DHCP - this is a feature provided by a server of some sort that auto-assigns network card values such as IP address, subnet mask, gateway, and potentially quite a few others whenever they PC is booted up or otherwise tries to connect to the network.

If your school is using DHCP for this purpose, your ghost load will work perfectly fine for network setup. But if you use static addresses (manually entered and constant for a specific PC) you will have a problem since IP addresses cannot be duplicated and all machines loaded from your Ghost would have the same static addressing information. Easy to check by looking at the ipconfig /all information which is one reason I asked you to post it.

2. Domains - another reason for wanting the Ipconfig was to try and guess if you are already in a Domain enviornment or not. But the tech should be able to tell you. If not, you will need a domain controller (Win2K Server can do that, Win2K Workstation cannot).

I imagine you already are and in that case, each username is registered. That means that all you will need is a group for the students with a unique domain/global group name and a similar group for teacher/admins with another unique group name.

Then on the machine you set up as the master for the Ghost load, add the student global group to the local Users group and the teacher global group to the local administrator group.

With that done someone with domain admin rights can put users into the proper group and take them out when needed. You never need to mess with the individual rights on any of the PCs.

3. Simple enough to block access from a PC to the internet. But can't give you a specific how-to without (yup, you guessed it. The ipconfig data). If you are on a flat network (no routers to connect segments of your internal school network) you can simply remove the gateway address from the network settings which you can do as an admin and the students cannot undo as users. If you want to be able to do it from your desk, take a look at Description of the Netset.exe Tool from the Windows 2000 Resource Kit.

6. Easiest to create another global group for the students. Then (and again, do this to the ghost master PC) go to the folder containing the application and in security, add that global group to the folder with read/write/modify/execute access. They will pretty much have control of that folder but not to the remainder of the PC. Alternative would be to give them only read/write/execute to that folder and place all their work in another folder to which they had full access.

You will need the new group even though it will probably be a duplicate of the original "student" group since the security on 2K will use the most restrictive access permissions it finds so that if the "student" group was in Users and in Power Users, they would have only User rights.

 

Server 2000

Thank you for all of your help. I will put these solutions into play just as soon as the computers are ghosted. As for tech specialists; our school district will not set aside the money needed for true techies. Many of them got their job because the school's administration was "wowed" by their knowledge of PowerPoint or because they knew how to install software and hook up peripherals. The last school I was at had a former PE teacher as the tech specialist and this new school has a former chemistry teacher who also runs the media center.

The first school I was at actually had a very good one. He came from the techie environment and went into teaching, which later lead to his tech specialist position. He did leave that finally after being frustrated with all of the non-technical chores given to him which kept him from doing his job. He is now back in the classroom.

Believe it or not, I am considered a network guru by my principal - really scary, isn't it.

Sara

 

If you teach web design you are for sure a guru in some phases of this computing lark. And way ahead of anywhere I'll ever be with that segment of it.

Hope things work out well for you and feel very free to post back with any other things where someone here might be able to help you out. And your tech person should do the same if he/she wants to.

I was in pretty much the same position over 10 years ago. Handed a job I didn't know nearly enough about along with some computers to set up that used an operating system and networking style I'd never seen. Some fun - not.

In fact, why not check back from time to time since we often have webish questions posted in some of the other sections.