Lecture: Setting up a workstation on a local network. Setting up information security tools

To connect a computer to local network you need a computer with network card, corresponding to this local network.

Networks can be:

I. by speed:

- 10 Megabit/s completed coaxial cable or " twisted pair".

- 100 Megabit/s fulfilled only " twisted pair".

II. by configuration:

1. One rank local networks that do not contain a server can be:

- linear; in them when using coaxial cables, all computers are connected to the network using special coaxial cables tees. On the first and latest computers to prevent the formation standing waves special plugs are inserted into unused tee sockets" terminators". When using " twisted pair"all computers are connected through special hubs HUB s or SWITCH And.

- ring networks are used only using coaxial cable.

2. Networks with a dedicated server can be:

- simple networks with highlighted server when using coaxial cables can be made in a linear or ring pattern. The connection requirements are the same as in one rank networks. When using "twisted pair» networks can be implemented in a linear or radial pattern.

- complex networks and branched networks with hierarchical structure containing several servers. They can only be used " twisted pair".

To connect a computer ( workstation ) to a one-rank network it is necessary:

NetBEUI;

Assign a computer name;

Enter the name of the working group in the appropriate window;

After reboot, an input window will appear network password where you must enter your username and password. After this, you need to establish access to your computer’s files and printers. To do this, you need to launch Explorer, right-click on logical drive or folder, select " Access" in the drop-down menu. In the window that opens, select the option to access disks and folders (" Read only", "Full", "Defined by password") and set an access password if necessary.

To connect a network drive, right-click on the icon " My computer" or " Network environment ", select item " Connect network drive ", indicate Name disk, and path to him by mask:

\\computer_name\network_drive

For example:

To connect a workstation to a local network with a server, you must:

Install network card to the computer;

Install the network card driver;

Install and configure network protocol TCP/IP;

Enter unique IP address, if the server does not have a dynamic address assignment system installed ( DNS server). If the network has DNS server must be selected " Get an IP address automatically";

Connect network card computer with a network;

Assign a computer name;

Enter the name of the working group or domain, if the network has domains;

Set the binding to the network protocol;

Install the File and Printer Sharing service.

Lesson 20

If your computer is equipped with a network Ethernet card, then after setting it up (see section 2.4.3.3) a special system folder Network environment. Opening it double click, we get the window shown in Fig. 12. Trying to open the icon Entire network in this window, we get the result shown in Fig. 13. This indicates that there is no access to the local network and the reason for this, most likely, is that the workstation is not configured to work on the network.

The procedure for setting up the network is as follows.

right-click on the folder Network environment call context menu and select a team Properties Another way: Start - Programs - Settings - Control Panel - Network.;

· in the window that opens Net(Fig. 14) on the tab Configuration check what devices and protocols are installed on this workstation. If the computer is from network devices has only a network card. If the computer is also equipped with a modem, then the window may contain additional lines For remote access, but it is preferable to configure remote access in a different way (see below)., then the tab should contain one line corresponding to this device, one line corresponding to the TCP/IP protocol, and a line corresponding to the client program for working on the Microsoft network. Additionally, this may contain the line: File and Printer Sharing Service for Microsoft Networks. If this line is not present, then press the button Access to files and printers and in the window that opens (Fig. 15), check the boxes responsible for ensuring that the files and printers of this workstation are accessible to other computers on the network;

· for customization network addresses allocated network administrator , highlight the line TCP/IP and press the button Properties. In the window that opens TCP/IP Properties(Fig. 16) there are several tabs. If this network doesn't have DHCP server, which automatically allocates addresses to workstations, then on the tab IP address(Fig. 16) fill in the IP address and subnet mask fields. If addresses on the network are allocated automatically, then you need to install the appropriate selector;

· on the tab Gateway(Fig. 17) fill in the address field of the server acting as a gateway and click the button Add There may be several gateways;

· on the tab DNS configuration(Fig. 18) turn on the selector Enable DNS, record the names of the workstation and domain recognized by the DNS server, as well as the IP address of the server DNS DNS servers there can also be more than one. and close the window TCP/IP Properties;

· on the tab Identification windows Net(Fig. 19) fill in the fields Computer name, Working group And Description of the computer. Computer name- this is the network name of the computer, that is, the name under which this workstation will be visible on the network. Working group is an association of workstations belonging to one division of the organization. Description of the computer- this is a comment that will allow you to determine the ownership of the workstation if the network name is not informative enough;

Configuring TCP/IP protocol settings for IPv4

Setting up TCP/IPv4

1. Open the Network Connections component. To do this, click the Start button and select Control Panel. In the search box, type adapter and then under Network and Sharing Center, select Show network connections.

2. Click right click mice changeable connection and then select Properties. If you are prompted to enter or confirm an administrator password, enter the password or provide confirmation.

3. Go to the Network tab. Under Components Used by This Connection, click Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6), and then click Properties.

Properties Dialog Box network connection»

4. To configure IPv4 IP address settings, do one of the following:

· For automatic settings IP settings using DHCP, click Obtain an IP address automatically, and then click OK.

· To set the IP address manually, click Use the following IP address, then in the IP Address, Subnet Mask, and Default Gateway fields, enter the IP address settings.

5. To configure IPv6 IP address settings, do one of the following:

· To automatically configure IP settings using DHCP, click Obtain an IPv6 address automatically and click OK.

· To manually set the IP address, click Use the following IPv6 address, then in the IPv6 Address, Subnet Prefix Length, and Default Gateway fields, enter the IP address settings.

6. To specify the DNS server address parameters, do one of the following:

· For automatic receipt DNS server addresses using DHCP, select Obtain a DNS server address automatically, and then click OK.

· To manually set the DNS server address, click Use the following DNS server addresses, then enter the primary and secondary DNS server addresses in the Preferred DNS server and Alternate DNS server fields.

Internet Protocol Version 4 (TCP/IPv4) Properties Dialog Box

7. To change additional options DNS, WINS and IP, click Advanced

Configuring TCP/IP protocol settings for IPv6

Configuring TCP/IPv6

In order to configure Internet Protocol version 6 (TCP/IPv6) - in the network connection properties, click on the Internet Protocol version 6 (TCP/IPv6) component and click the Properties button. Check the boxes Obtain an IPv6 address automatically and Obtain a DNS server address automatically. In 99% of cases this will be quite enough. If you want to use some alternative DNS server instead of the provider's server, you need to check the box Use the following DNS server addresses, and enter the addresses there:

For example, you can use Google DNS servers: 2001:4860:4860::8888 2001:4860:4860::8844

You can also register the addresses of DNS servers

Yandex: Basic:

Main - 2a02:6b8::feed:0ff

Additional - 2a02:6b8:0:1:feed::0ff

Safe: Basic - 2a02:6b8::feed:bad

Additional - 2a02:6b8:0:1::feed:bad

Family: Main - 2a02:6b8::feed:a11

Tutorial

Good afternoon everyone. I would like to talk about installation and configuration Windows Server 2012 R2 Essentials. This article is not a call for widespread Windows installation or propaganda Microsoft products. I would just like to tell you about an interesting product and maybe someone this product will be of interest and useful in work. I tried to write the article for an unprepared reader, so there is a minimum of terminology and a maximum of generalization of some concepts.

A little about the Essentials edition

Windows Server 2012 R2 Essentials is one of the server editions operating system from Microsoft. However, it has many differences from the Standard and Datacenter editions. What Essentials can do:

Authorization and authentication of users on your network (domain controller directory services Active Directory)
File storage (file server role)
Remote access to corporate network(VPN and DirectAccess server)
Remote access to file storage via the Web interface (configured for this IIS)
Remote access to desktops of client machines (Remote Desktop Gateway)
Backing up client machines (windows backup)
Backing up the server itself (windows backup)
Integration with cloud technologies Microsoft (Office 365, Azure backup, etc.)
Essentials unified configuration console, which will allow you to configure the features described above even for an untrained system administrator.

To summarize, the Essentials edition has the majority Windows roles Server. Some of these roles are configured, some are fully accessible, some, like Hyper-V, have serious limitations. The compensation for all these restrictions is more low price, 25 client licenses included, centralized and easy setup. I would also like to note that the licensing process is seriously different. You can use this edition only for organizations where the number of users does not exceed 25. But again, you do not need to purchase any client licenses.
Therefore, Essentials is very well suited for small organizations that would like to use the most modern solutions to ensure the security of a corporate network, document storage, remote access, possibly postal systems. For those organizations that would not like to spend a lot of money both on the IT infrastructure itself and on the work of highly qualified system administrators.

Installation and initial setup

Installation of this OS is quite standard procedure. If you have ever installed Windows Vista/7/8/8.1, then you can install Essentials without any problems. However, if you have not installed any of the above operating systems or any of latest versions server OS, then I recommend either trusting a professional or at least a second-year student.
The only thing I would recommend during installation, if you have one hard drive, is to split it into two partitions. Those. make sure that after installation there is a second one already formatted in the system hard drive. Of course, this is only a recommendation; you can prepare a second disk later, but you will have to transfer some folders.
After logging into the newly installed OS for the first time, the “Set up Windows Server Essentials” wizard will launch, which will help you perform the initial setup.

In the first step, you need to set the date and time settings.

In the second step you need to fill in English company name. The domain name and server name will be generated automatically in this case, although of course you can change them.

In the next step, you need to fill in the administrator name and set its password.

At the last step, you need to specify the method for updating the operating system and click configure

After this, a process will start that will perform all the necessary initial settings. This will take about 30 minutes and require several reboots. During this time, the OS will have time, in particular, to install the necessary roles and configure the server as a domain controller for the new domain.

Settings

The product is very large and extensive, I would like to talk about the most basic configuration options, such as creating users, setting up remote access, creating folders, connecting clients.
All configuration takes place in the monitoring panel, access to it is from the desktop, panel quick launch and the start screen.

Creating Users

When you launch this panel for the first time, you will see the installation tab, where you can perform a number of tasks to configure the server.
I'll start by adding users. Click the link to add accounts.

Select the level of access to the shared folders that have been created. At the initial stage, there is only one - the Organization. In the future, you can change access permissions both from the user properties and from the folder properties.

Your account has been created. Click close.

You can create multiple accounts in this manner. Of course, you can use the Active Directory Users and Computers interface that is familiar and familiar to you, but in this case you will have to grant access permissions manually.

Adding server folders

To add folders, there is another wizard that will help you both create a folder on disk and general access configure it for it and issue permissions. To launch it, you need to click the corresponding link in the dashboard.

In the wizard window that opens, enter a name. You can change the location and add a description. Click next.

On next page indicate the required permissions. If necessary, we make it unavailable for remote access.

WITH last step Using this wizard, you can launch the Archiving Configuration Wizard. Click close.

Setting up remote access

Probably one of the most difficult stages Windows settings Server 2012R2 Essentials. Configuration also occurs using a wizard. The wizard is traditionally launched from the dashboard.

The first thing you need to configure is your router - the wizard tells you about this. You actually need to configure port forwarding on your router. To do this, the router must have a “white” IP address. It is better to configure a static IP address on the server itself. You need to redirect the following ports 80, 443, 1723, 987 to the IP address of your server. In general, the setup procedure can be performed by the wizard himself if your router supports UPnP. I did the settings manually, so I skipped this step.

After this it opens new master domain name settings. Click next.

The wizard will prompt you to enter the name of the external domain or create a new one. For own domain You will need a certificate, so we will consider here the setup option using the Microsoft domain. Select a different domain name and click next.

Let's consider the option with a Microsoft domain.

Enter the domain name and check availability, click configure.

Well, we figured out the domain name. Let's continue further.

We choose which features will be available.

We select whether remote access will be available to current users.

Well, that’s all, you can try going to wiseguy.remoteweaccess.com.

From this website it is possible to access shared folders and access to user desktops.

Connecting workstations

If we open the monitoring panel this time and go to the computer connection page, we will see only instructions for action there

Following the instructions on the client in the browser, open the page http://<Имя сервера>/connect. Click the download link.

We choose to execute.

We accept the license and wait.

Enter the username and user password of this computer or administrator. I entered the user account.

Reboot the server.

We choose who will use the computer.

Enter a description of the computer.

Archiving options.

Hooray! Ready.

We go to the computer under account user.

You can work. The desktop already has all the necessary shortcuts.

Post scriptum

Of course, Windows Server 2012R2 Essentials is not a panacea. Much of it is automated, but not everything. However, for small organizations, this is quite interesting solution and it needs to be considered. In this article I talked only about the most basic settings Essentials. If you would like to get to know the product a little closer, you can watch my video reports on the website Techdays.ru.

Windows Server 2012 R2 Essentials first look: www.techdays.ru/videos/7351.html - here you can carefully study the Essentials installation process.

Windows Server 2012 R2 Essentials configuration: www.techdays.ru/videos/7370.html - configuration of all features is discussed, setting up remote access for your domain is shown.

Windows Server 2012 R2 Essentials Office 365 integration: www.techdays.ru/videos/7380.html - integration with cloud office from Microsoft.

WSUS Update Server is well known for being flexible and convenient tool organizations centralized update systems and products from Microsoft. With its help, you can not only control the process of patch distribution and collect information about the security of the entire network, but also significantly save external traffic.

The SUS/WSUS server installed on one of the computers on the local network replaces Microsoft Update and periodically synchronizes with the Microsoft website, downloading updates approved by the administrator. Client systems with the Automatic Updates service installed and properly configured download patches, drivers and service packs not directly from Microsoft Update, but from internal server. This approach has several advantages, the main ones: total control over updates and traffic savings. The latter is achieved due to the fact that updates from the Microsoft website are downloaded only once. Since all files are located on the local network, installation of updates is noticeably faster (important when it comes to fixing critical errors and vulnerabilities in the corporate environment).

To set up a WSUS server for client computers, you must:

All settings must be made with administrator rights!

2. In the object editor group policy expand the nodes Computer configuration, Administrative Templates, Windows components and select Windows Update.

3. In the details pane, double-click Specify the location of the Microsoft update service on the intranet.

4. Set the mode Included and enter the WSUS server URL in both fields Specify the intranet update service to search for updates And Specify the intranet statistics server, to do this, enter in both text fields http://wsus.ispu.ru and press the button OK.

5. If there is a need to configure other parameters, change them at your discretion (there is a detailed description for each parameter on the explanation tab)