Classic company small LAN server setup Solution

With the increasing popularity of computers, computer network has become an increasingly urgent issue. Most enterprises and institutions usually have Star LAN networks around one hundred points. Generally, they do not have professional network administrators, the installation of server software and permission settings are directly related to the security and stability of the network. The following uses the LAN of Sinopec Group's Wuhan Petrochemical Plant Design Institute (hereinafter referred to as the design institute) as an example to briefly introduce server software installation and permission settings.
There are a total of 153 information points in the LAN of the Design Institute. In actual use, 86 points and four 3Com 3c16980 M switches are stacked on two sides, with cascade connections in the middle. Two HP lh3 servers are used, one with Dual CPU, 9.1 MB memory, four gb scsi hard disks (named server1), and the other with single CPU and MB memory, A 9.1 gb scsi hard disk (named server2 ). The personal files of the designers and the internal homepage of the Design Institute are stored on Server 1, and Microsoft Exchange 5.5 and SQL Server 7.0 are installed on Server 2 (because SQL Server 7.0 is only used to establish an internal drawing file management system, ). The entire network uses the TCP/IP protocol to enable the 192.168.0.0 Class c url. The subnet mask is 255.255.255.0. 192.168.0.31-192.168.0.50 is used for internal web, FTP, and other sites; 192.168.0.51-192.168.0.200 is used for the Client IP address; 192.168.0.241-192.168.0.254 is used for switch management.

Windows 2000 Server is installed on both servers. The following functions are required:

1. Each designer has a personal space of 50 MB on the server and must not exceed the limit. In some special cases, you can apply for additional space.

2. Create an internal homepage. Each professional room is responsible for maintaining its own content.

3. Establish an internal news discussion group.

4. Create an internal email system.

5. The entire system should be safe and reliable. When a server fails, it should ensure that the entire network is still available.

The following describes how to install the server software and how to set permissions for the above purpose.

I. Network Operating System Installation

1. Install Windows 2000 on Server 1 and Server 2 according to the typical installation (IIS is not installed on Server 2). All disk partitions on the server are converted to the NTFS format.

2. on Server 1, choose Settings> Control Panel> network and dial-up connections> local connections> Properties> Internet Protocol (TCP/IP)> properties, set the IP address to 192.168.0.1 and the subnet mask to 255.255.255.0-> advanced. Add the following IP addresses: 192.168.0.31, 192.168.0.32, and 192.168.0.33. Set the IP address of Server 2 to 192.168.0.2 and add the following IP address on Server 2: 192.168.0.41.

3. On server1, start->Program-> Administrative Tools-> configuration server-> Active Directory, upgrade to the domain controller, and create a new Windows 2000 Domain (because the LAN does not have a Windows NT 4.0 Domain Controller, you do not need to use compatibility ), the domain name is design. local, NetBIOS Domain Name: Wuhan Petrochemical Design Institute (Windows 9. X domain name upon login), the system will automatically install the DNS service.

4. Upgrade server2 to a domain controller and add it to design. Local. The system automatically copies the domain control information to server2.

5. start-> Settings-> Control Panel-> Add/delete programs-> Add/delete Windows Components-> network services, and install DHCP and WINS services on server1 and server2, install the DNS service on Server 2.

6. Choose "start"> "program"> "Management Tools"> "wins"> "server1"> "Copy partner"> "Create a copy partner"> "select" server2. Similarly, select server1 as the replication partner on server2.

7. on server1, choose Programs> Administrative Tools> DNS> server1> Search for a forward region> right-click design. local-> Create a host and add the following hosts:

WWW 192.168.0.31

FTP 192.168.0.32

News 192.168.0.33

Mail 192.168.0.41

8. on server1, choose Programs> Administrative Tools> DHCP> right-click server1> Create a scope with the IP address 192.168.0.51-192.168.0.150, add the configurations of DNS, wins (the IP addresses of DNS and wins are (192.168.0.1, 192.168.0.2), and node type (using H nodes. Create a secondary scope on Server 2 with the IP address 192.168.0.151-192.168.0.200. Add the same DNS, wins, and node type configurations.

9. Use Step 2 to add the dns ip addresses 192.168.0.1 (master), 192.168.0.2 (secondary) to server1 and server2)

Note: according to the above system installation method, when any server fails, the network can still achieve account logon, DNS resolution, Dynamic Allocation of IP addresses and WINS services, ensuring network reliability.

10. server1 mainly servesCompositionServer, one hard disk is used to install the system (drive C), and the other three are used as RAID 5 (drive D) to store the personal files of the designers and the internal homepage of the Design Institute. In resource manager, right-click drive C-> properties-> Security-> Add Administrator group, and grant the NTFS permission under full control to delete other groups or accounts. The same applies to drive D, this is also true for server2. In this way, even if some users can access the data center and log on to the server, the limited permissions will not damage the data on the server.

11. create a folder named "User personal folder" on the D Drive of server1, right-click Properties-> share-> permission, and select the Everyone group to have full control of sharing permissions-> Security, add the Everyone group with the NTFS permission for reading and column directories under this directory.

12. in resource manager, right-click disk D-> properties-> quota-> enable quota management-> refuse to grant disk space to users who exceed the quota-> set the restricted space to 50 MB, the alarm space is 45 mb. Events are recorded when the quota is exceeded. To adjust the restricted space for individual accounts, click the quota item.

13. Enable Active Directory users and computers, establish organizational units, such as the process room and equipment room, and create an organizational unit named "Network Management" for LAN Management. Create a network management account in the "Network Management" organizational unit and add it to the Administrator local group.

14. Create a model account in the organizational unit, right-click the model account, choose Properties> Configuration File> Master File> connection, and enter \ server1 \ User personal folder \ % username %. Copy the sample account. You only need to change the account name and initial password. The system automatically creates a folder named after the user account in the user's personal folder directory of server1. The NTFS permission is automatically set to administrator and the user has full control permissions.

Ii. installation and configuration of IIS 5.0

1. web site creation

). Start-> Program-> Administrative Tools-> Internet Server Management-> right-click server1-> New-> Web site-> enter the home name-> point the web address to 192.168.0.31 (WWW host) -> enter the path to the main Directory D: \ homepage-> select the default option below.

In resource manager, right-click D: \ homepage-> properties-> Security-> Add iusr_server1 account, and grant the read, column directory, and running NTFS permissions.

2. Create an FTP site

The purpose of creating an FTP site is to modify the Web homepage. Create a folder for each professional room under D: \ homepage to store their files and direct them to the internal homepage of the Design Institute.

1) start-> Program-> Administrative Tools-> Internet Server Management-> right-click server1-> New-> FTP site-> enter the FTP site name-> point the FTP address to 192.168.0.32 (that is FTP host) -> enter the path of the main Directory D: \ homepage-> allow reading and writing.

2) In Internet server management, open the properties of the FTP site just created. On the security account tab, check that anonymous connections are allowed and anonymous logon is not allowed.

3) Use Active Directory users and computers to create a global security group named "Web Management Group" in the "Network Management" organizational unit and add user accounts that require web site management.

4) In resource manager, right-click D: \ homepage-> properties-> Security-> Add web management group, and grant the read and column directory permissions. The folders in each specialized room in its subdirectories are used to grant the NTFS permission for reading, column directory, running, writing, and modification to the relevant account.

5) Start-> Program-> Administrative Tools-> Domain Controller security policies-> Security Settings-> Local Policies-> User permission assignment, add the Web Management Group to the policies of disabling the system and logging on to the local device.

3. Create a news discussion group

1) use the resource manager to create two folders newsys and news on the d disk of server1.

2) start> program> Administrative Tools> Internet Server Management> right-click server1> New> NNTP Virtual Server> enter NNTP site name> direct the NNTP address to 192.168.0.33 (news host ), the TCP port is 119-> enter the file storage path of the newsgroup server to D: \ newsys-> select the file system-> enter the news content storage path to D: \ news, and start the newsgroup.

3) In Internet server management, click the created newsgroup, right-click the newsgroup, and choose create> newsgroup. Then, enter relevant information. Note: The newsgroup name cannot be Chinese characters.

4) Open the resource manager and you will find that there are multiple folders in the News folder. This is the news group we just created and set the NTFS permission (mainly write permission) for it) you can allow some accounts to post posts, and some accounts are read-only.

3. Establishment of internal email system

1. Install Microsoft Exchange 5.5 On server2.

2. Start-> Program-> Exchange Server-> Exchange server management tool to create a mailbox in the receiver, which corresponds to the corresponding nt account. You can also create different distribution groups (such as the process room) in the receiver to put the corresponding mailbox, so that when you need to send a mail to the process room owner, you only need to send a mail to the Distribution Group.

3. Install Microsoft Outlook 97 in Microsoft Office 97 on the client. Choose "start"> "Settings"> "Control Panel"> "email"> "add"> "Microsoft Exchange Server", enter server2 in the server entry, and enter the corresponding mailbox name in the mailbox.

Iv. Precautions for installing Windows 9.x Client

1. Windows 2000 uses the Active Directory technology, so the Active Directory Client patch must be installed on Windows 9. x. After patches are installed on some computers with the second version of Win98, the Windows 2000 Server cannot be seen in the network neighbors for a long time. This problem does not exist in the first version of Win98, the reason is that you may not be enlightened.

2. for acceptance of newsgroups, use Outlook Express provided by windows. For security reasons, it is best to use a secure password to verify logon. Note: There are two outlook in the client. If the Exchange Server installs the Internet protocol, Microsoft Outlook 97 is not installed. However, from the perspective of functionality, scalability and security, I personally think it is still so good.