Windows 2000 Server Advice

[eskimo2]

My situation,

I am the computer teacher at a K-8 Catholic school.  I am also the network administrator, website administrator, technology fix-it guy, etc.  I have no formal computer training; I’ve learned a lot about Windows, MS Office, website construction, networks, etc.  Our server and network were built and installed by a local company in 2002 right after I was hired.  Students and teachers have accounts that let them access their files from any of the school’s 75 computers.  The server runs Windows 2000 Server.

The more I learn about our network design, login protocol and data storage protocols, the more I realize how screwed up it is.  There have been a number of problems from day one, that won’t go away until it is redesigned.  I want to redo much of it over the summer.  I don’t have a clue how to write scripts that determine where and how specific users’ data is stored, login scripts, etc.  (I’m not even sure that “script” is the correct term.)  

My question is this, what would be the best way to go about learning what I need to know?

Could I learn what I want to know in a single specific college course?

Is there a specific website that describes how to do the kinds of things that I need to know (that does not assume that I already know much about server administration)?

Would I be better off being trained one on one by someone who has such knowledge?

Thanks,

eskimo

[LePaul]

Check around Amazon.Com and the sort for Windows 2000 Server Administrator type books.  Guides on Networking Essentials is good too.

Are you looking to badge up into a MSCE rating too?  

I don't beleive anyone that claims to be an expert in this stuff.  It just changes too damn quick

[eskimo2]

Originally posted by LePaul
Check around Amazon.Com and the sort for Windows 2000 Server Administrator type books.  Guides on Networking Essentials is good too.

Are you looking to badge up into a MSCE rating too?  

I don't beleive anyone that claims to be an expert in this stuff.  It just changes too damn quick

I actually have about six Microsoft technical manuals that might cover this stuff, I think.  Someone left them; I think that they were pretty spendy.  The problem is that they are thicker than phone books.  I’m leery of anything by Microsoft simply because their help files suck.  I can’t recall the last time I solved a problem with MS Help; they seem like they are written by the government.  These books look just as dry.  I guess that I should at least look at them again.

Is there anything not written by MS that is worthwhile?

I could care less about a ratings or badges; I just want to be able to fix a few specific things.

eskimo

[Nashwan]

Do you want to modify particular aspects of the existing network, or recreate it all from scratch?

The school networks I've seen can mostly be described as "screwy", partly because of all the seurity that has been built into them (you do not want kids having free access, they will delete anything they can, in my experience)

Can you give an idea of what exactly you want to change?

[AKS\/\/ulfe]

I took a Windows 2K server course a year ago, it was essentially the same as being MCSP certified in Win2K server. My professor had his MCSE, and wanted us to know W2K. So, you can learn W2K server in a single college course - with hands on experience in the course.

BUT, There are a lot of other things that come into play. Is the server the only server, or will there be one or two. IE: Domain Controller (where people login to, and sets the topography for the domain - servers that do what and login to the domain), DHCP server to assign IPs, storage area, mail server, etc.

Except for the mail server, they can be the same box - just need the power and HDD space for the things you need to do.

There's also network security and a lot of other stuff you really need to know well and get covered - beyond W2K server. Firewalls, anti-virus at all systems and servers, and a lot of other problems you need to prevent before they can ever happen.

If you are going for a complete redesign and implementation of the network, you need a lot. If you are looking to just remedy a few key problems and leave the rest intact, you only need to know and be able to work on that.
-SW

[rabbidrabbit]

get this:

http://azureus.sourceforge.net/

Then go here:

http://www.bitme.org.


Good hunting!


What you are doing is way to involved to handle via this message board.  It's time you bone up and take on one battle at a time.  if you can talk them into paying for training then go for it.  If not, refer to the above.http://azureus.sourceforge.net/ www.bitme.org.

[eskimo2]

Originally posted by Nashwan
Do you want to modify particular aspects of the existing network, or recreate it all from scratch?

The school networks I've seen can mostly be described as "screwy", partly because of all the seurity that has been built into them (you do not want kids having free access, they will delete anything they can, in my experience)

Can you give an idea of what exactly you want to change?

I want to modify what is existing.  We have one server that does everything, holds all data from all accounts, handles login, email, website, grading program, Semantic anti virus, etc.  It’s a dual 60 GB; (has 2 parallel 60 GB HDs in case one fails).  

Right now every user has a profile folder and a document folder.  The profiles are the big problem.  When users login, everything in their profile is sent to their PC.  The profiles have all kinds of crap in them; all programs that they use keep settings in their profiles.  A few classroom teachers installed Hotbars on their classroom PCs, Hotbar can dump several MB of junk into students’ profiles, Sun (Java?) is another bad one and can also dump in several MB of unnecessary data.  Internet Explorer keeps its cookies and favorites in the profiles, I don’t mind this because its never that big, but if a student resets their desktop background in IE, it gets stored in their IE profile folder as a dang bitmap, I’ve seen them push 4 MB.  Students can’t reset their desktop backgrounds by right clicking on the desktop; they get a message that they don’t have permission to change properties, but they can in IE.  Desktops are also stored in their profiles.  I have a rule that they can only have shortcuts on their desktops, but if they have a folder or file its hard for me to tell.  Temp and auto recover files are also stored in their profiles.  The profiles become a problem when I have a class (24 to 30 students) log in at once, the server sends them all of their profiles.  It can send about one MB a second (or better); so it can take a few minutes to get everyone logged in.  Many of my classes are only 30 minutes, so several minutes is pretty unacceptable (especially for BS unnecessary data).  Other users in the school who have an open file (like a MS Word doc) will experience a freeze while a class logs in.  I’d like to get the login data per student well under 1 MB each.  I would like all of the BS non-essential data to be stored on the student’s PC in a temporary user folder, not on the server.  All 400+ student account folders are stored in on “student” folder; I’d like to have them in sub folders by grade level, possibly with different permissions and limits per grade.  Some accounts are screwed up and all files are stored in their profiles.  Others have permission issues and are inconsistent with the bulk of the students; I can’t access these folders or even tell how big they are without taking ownership and screwing things up.

Permissions and security are the areas that work pretty well.  There is a common drive that only teachers have permissions to write to, student can read only.  I have an Intranet site on this drive that has hundreds of my web page lessons and rubrics (what to do assignment check lists).  A few classroom teachers also have their own pages and there is a common picture and sounds folder for all to access.  There is a common drive that all can read and write to, this is where I have students turn in their assignments.  It’s the one thing that they can screw up that’s not their own, but they seldom do.  

Really, my concern is with the student accounts, I need to trim the fat and make them consistent.  

eskimo

[eskimo2]

Originally posted by AKS\/\/ulfe
I took a Windows 2K server course a year ago, it was essentially the same as being MCSP certified in Win2K server. My professor had his MCSE, and wanted us to know W2K. So, you can learn W2K server in a single college course - with hands on experience in the course.

BUT, There are a lot of other things that come into play. Is the server the only server, or will there be one or two. IE: Domain Controller (where people login to, and sets the topography for the domain - servers that do what and login to the domain), DHCP server to assign IPs, storage area, mail server, etc.

Except for the mail server, they can be the same box - just need the power and HDD space for the things you need to do.

There's also network security and a lot of other stuff you really need to know well and get covered - beyond W2K server. Firewalls, anti-virus at all systems and servers, and a lot of other problems you need to prevent before they can ever happen.

If you are going for a complete redesign and implementation of the network, you need a lot. If you are looking to just remedy a few key problems and leave the rest intact, you only need to know and be able to work on that.
-SW

After reading what I wrote above, do you think I will be able to learn what I want in one Windows 200 server course?

eskimo

[eskimo2]

Originally posted by rabbidrabbit
get this:

http://azureus.sourceforge.net/

Then go here:

http://www.bitme.org.


Good hunting!


What you are doing is way to involved to handle via this message board.  It's time you bone up and take on one battle at a time.  if you can talk them into paying for training then go for it.  If not, refer to the above.http://azureus.sourceforge.net/ www.bitme.org.

I’m not sure what these links have to do with what I’m asking?

The bitme thing requires a password and is by invite only; I don’t even know what it is.

My principal would most likely pay for a course, my question is: is that the best way of going about learning what I want to know?

eskimo

[Heater]

Get a hold of the Windows 2000 Server resource kit  and use TechNet it will give you many examples and in a lot of cases the "how to"

what it sounds like,  you are describing are roaming profiles...

from a course stand point,

you need to look at the following to start with

Implementing Microsoft Windows 2000 Professional and Server (5 days)

http://www.microsoft.com/learning/syllabi/en-us/2152cfinal.mspx

Microsoft Windows 2000 Network and Operating System Essentials (3 Days)
http://www.microsoft.com/learning/syllabi/en-us/2151bfinal.mspx

Designing a Microsoft Windows 2000 Directory Services Infrastructure (3 Days)

http://www.microsoft.com/learning/syllabi/en-us/1561Bfinal.mspx

Cheers

[Seeker]

Eskimo;

you need a program called "VM ware"  .

What it is; is an virtualisation/emulation program. Let me explain a bit further: You install the program onto a WIndows machine. It then offersw up virtual hardware; such as motherboard; chip; RAM and so forth; to which you install an operative system; such as Windows, Mac, Linux what ever. Once you've built this virtual machine; you then have your practise/test envioroment.

In my own case (I'm a system administrator for Copenhagen city hall); I have an IBM portable with 1 gig RAM. On this portable; using VM ware; I've got a domain controller; a file/print server and two XP pro clients all running on virtual machines. In this way I have a complete model of my working enviroment; and can experiment to my hearts content with AD set up; user admin; scripting; group policies; MSI development or what ever.

I can really recommend it.

[rabbidrabbit]

Azureus is a bitttorrent client.  If you sign up at bitme.org, which is a elearning bittorrent site you can find all of the classes you can think of.  Thats the cheap way out of getting the education you need to do the job.


The other recommendations are good too but I must warn you about messing with things without a backup.  For that matter do you guys backup this server daily?  Sounds like your majorly screwed if not.

[AKS\/\/ulfe]

If you are looking to trim the user accounts, a W2K class really won't help. It will allow you to better control the network and to do things via Windows 2000 server, but the accounts are something you have to log into manually and clean up.

If I were you, since this is the end of the school year, it would probably make sense to start fresh and delete the student accounts. Keep one, just so you have a template for how to do the rest.

A W2K server class should teach you everything straight from the MCSE training kit for W2K... from installation to advanced administration. If it doesn't teach you from that book, it's not worth taking.

You could pick up the MCSE MS W2K server and look through it. If you feel you need a class, it can't hurt to take it.
-SW

[Nashwan]

Right now every user has a profile folder and a document folder. The profiles are the big problem. When users login, everything in their profile is sent to their PC. The profiles have all kinds of crap in them; all programs that they use keep settings in their profiles. A few classroom teachers installed Hotbars on their classroom PCs, Hotbar can dump several MB of junk into students’ profiles, Sun (Java?) is another bad one and can also dump in several MB of unnecessary data. Internet Explorer keeps its cookies and favorites in the profiles, I don’t mind this because its never that big, but if a student resets their desktop background in IE, it gets stored in their IE profile folder as a dang bitmap, I’ve seen them push 4 MB. Students can’t reset their desktop backgrounds by right clicking on the desktop; they get a message that they don’t have permission to change properties, but they can in IE. Desktops are also stored in their profiles. I have a rule that they can only have shortcuts on their desktops, but if they have a folder or file its hard for me to tell. Temp and auto recover files are also stored in their profiles. The profiles become a problem when I have a class (24 to 30 students) log in at once, the server sends them all of their profiles. It can send about one MB a second (or better); so it can take a few minutes to get everyone logged in. Many of my classes are only 30 minutes, so several minutes is pretty unacceptable (especially for BS unnecessary data). Other users in the school who have an open file (like a MS Word doc) will experience a freeze while a class logs in. I’d like to get the login data per student well under 1 MB each.

Have you thought about mandatory profiles?

A mandatory means the user can't change it. You can set up a single mandatory profile for all the users, it doesn't write the temp data etc back up to the server, meaning each user gets exactly the same profile each time they log in, and any changes they make are lost.

Saves a lot of hassle in my experience.

It also stops people saving stuff to the desktop. If they do, it's simply lost. (Teach them to save data in their network folder)

I would like all of the BS non-essential data to be stored on the student’s PC in a temporary user folder, not on the server.

Mandatory profiles will acomplish this. You won't get down to 1mb per student with roaming profiles, though, the most basic profile is still over 3mb. But I've seen this system working in a school with 200+ computers, and it doesn't result in long delays. However, that's on a 100 Mb network, and it sounds like yours is 10 Mb. If so, that's the first thing you should upgrade.

Also look at getting a second server (even if it's just another pc acting as a server). A second domain controller will spread the load at logon, even if it isn't storing users home folders.

It doesn't even really need any redundancy in the second server. If it's just a domain controller, you don't lose much if it dies.

All 400+ student account folders are stored in on “student” folder; I’d like to have them in sub folders by grade level, possibly with different permissions and limits per grade.

That means either writing a script to modify them, or doing them by hand. Scripting is the way to go in a school, because you have a lot of new accouts to create every year.

Some accounts are screwed up and all files are stored in their profiles.

A mandatory profile will cure this, but you are going to have to sort out where the data is and move it, or the student/teacher will lose things.

But when you've got a mandatory profile in place, you no longer need to worry about stuff like this. Any changes the user makes to the desktop or settings will dissapear when they log off.

Others have permission issues and are inconsistent with the bulk of the students; I can’t access these folders or even tell how big they are without taking ownership and screwing things up.

If you can't access them as administrator, you have 2 options, take ownership of them, give yourself access, then let the students take ownership back, or log on as the student, grant admin access, then stop the student changing permissions again (students shouldn't have full control permissions over their own folders/shares)


You don't have to worry too much about setting up new profiles, because it's something you can do on a per user basis. Set up a new account to test the profile, apply it to a few users to test when you think it's ready, roll it out to everyone when you're sure it's ready.

As to training, in my experience it's usually too general, and gives you an overview of everything, whereas you need more in depth knowledge of profiles and active directory scripting. The profiles shouldln't be too hard, scripting can be.

[rabbidrabbit]

good advice Nashwan but I think you are mistaken on the domain controller issue.  I agree having a second one is a good idea and he could use a utility to automatically backup critical folders to it as well for redundancy sake.

"Also look at getting a second server (even if it's just another pc acting as a server). A second domain controller will spread the load at logon, even if it isn't storing users home folders.

It doesn't even really need any redundancy in the second server. If it's just a domain controller, you don't lose much if it dies. "

Win2k handles domain controllers just like nt4 did.  You have a primary and a backup.  In win2k you can have a bunch of backups but thats a potential CF when the primary goes down.  Also, win2k does not use the terms primary and secondary but it functions just the same.  You can have as many secondary domain controllers as you want but they will share no load.  Only one machine at a time handles the domain load and it handles it exclusively.  Worse yet, if the primary goes down hard it will not fail over.  then you have no domain controller until you get the primary up and running again.  So, just watch out for the pitfalls.