Network Practicum Assignment

www.firewall.cx

Index
Section 1: Planning the network Static IP Addresses DHCP DNS WINS Server Primary Domain Controller Windows NT Server Installation Internet Explorer 5 File Server - NETSTARPDC Microsoft Exchange Server Trust Relationships Security Backups Section 2: Backup Domain controller (BDC) Installing Windows NT4 Server BDC NT4 Workstations VET V10.2.1 Internet Explorer Adobe Photoshop MYOB Printers Section 3: Groups and users Creating users Account Policies User Directory Permissions Shared Directory Permissions User list System Policies Directory Replication Microsoft Office Installation Section 4: NetWare 5.1 File Server and Firewall Setup - Installation of NetWare 5.1 File Server - Installation of Novell BorderManager v3.5 - Configuring the NetWare 5.1 server DNS configuration E-mail Accounts Setup Intranet WebServer IIS v3 Windows 2000 Professional Setup Netstar Website Structure Remote Access Server Network Diagram Pages 47 -57 Pages 35-46 Pages 23 - 34 Pages 4-21

Table Of Contents
1. Planning the Network.........................................................................................................................4
1.1 Static IP Addresses...............................................................................................................................4

2. Dynamic Host Configuration Protocol (DHCP) .............................................................................6

2.1The DHCP Server configuration for Netstar .....................................................................................6 2.2 Domain Name Service (DNS) .............................................................................................................6 2.3 The DNS configuration for Netstar ....................................................................................................7

3.WINS Server.........................................................................................................................................8
3.1 The WINS Server configuration for Netstar......................................................................................8

4. Primary Domain Controller...............................................................................................................9

4.1 Windows NT Server Installation.........................................................................................................9 4.2 Logging onto the Server.....................................................................................................................12 4.3 Emergency Repair Disk (ERD).........................................................................................................12 4.4 Service Pack........................................................................................................................................13 4.5Internet Explorer 5 .............................................................................................................................13

5. File Server - NETSTARPDC...........................................................................................................13

5.1Optimising your File Server...............................................................................................................15

6. Microsoft Exchange Server..............................................................................................................16 7. Trust Relationships...........................................................................................................................17 8. Security..............................................................................................................................................17

8.1 Some Policies for Netstars Domain Security...................................................................................17

9. BACKUPS..........................................................................................................................................21
9.1 The PDC Backup................................................................................................................................21 9.2 The NetWare Server backup.............................................................................................................21

10. BACKUP DOMAIN CONTROLLERS (BDC).............................................................................22

10.1 Installing Widows NT4 Server BDC...............................................................................................22

11. Setting up NT4 Workstations.........................................................................................................23

11.1 Internet Explorer 5...........................................................................................................................24 11.2 Adobe Photoshop..............................................................................................................................25 11.3 VET V10.2.1......................................................................................................................................26

12. PRINTERS......................................................................................................................................28
12.1 Installing Network Printers.............................................................................................................28

13. MYOB..............................................................................................................................................32
13.1 Installation........................................................................................................................................32 13.2 MYOB Accounting Software User Rights......................................................................................33

14. Groups and Users ...........................................................................................................................36

14.1 Creating Groups...............................................................................................................................36

14.2 Procedure to Create Groups............................................................................................................36 14.3 Creating Users..................................................................................................................................36 14.4 To Create a Template User..............................................................................................................37 14.5 To Create Real Users ......................................................................................................................38

15. Account Policies..............................................................................................................................38

16.1 Shared Directory Permissions.........................................................................................................40

17. Creating System Policies ...............................................................................................................41 18. Directory Replication......................................................................................................................42

18.1 Setting up Replication......................................................................................................................43 18.2 Replicant User Setup........................................................................................................................43 18.3Export Server Configuration............................................................................................................44 18.4Import Server Configuration...........................................................................................................46 18.5 Problems Encountered.....................................................................................................................47

19. Microsoft Office Installation.........................................................................................................48

19.1 Installation........................................................................................................................................48

20. NetWare 5.1 File Server and Firewall Setup...............................................................................52

20.1 Stage 1 Installation of NetWare 5.1 File Server..........................................................................52 20.2 NDS Details Objects created.........................................................................................................53 20.3NetWare Enterprise Webserver Ports.............................................................................................53 20.4 Stage 2 Installation of Novell BorderManager v3.5....................................................................53 20.5 Stage 3 Configuring the NetWare 5.1 server...............................................................................54

21. Intranet WebServer IIS v3..........................................................................................................57 22. Windows 2000 Professional Setup................................................................................................58 23. Netstar Website Structure..............................................................................................................59 24. Remote Access Server.....................................................................................................................59 25. Network Diagram............................................................................................................................60

1.

Planning the Network

Netstar Pty Ltd applied for a Class C IP address with Melbourne IT. The IP address assigned was 203.31.218.0 The Subnet Mask is 255.255.255.0
The internal network address is 134.147.10.0

Set out below are the IP address assignments for Netstars servers, printers and workstations. 1.1 Static IP Addresses
1.1.1 Servers

NT Servers are assigned a static IP address in the range of 134.147.10.1-20

134.147.10.1 134.147.10.2 Novell Server 134.147.10.254

1.1.2

NetstarPDC NetstarBDC Novell Server, Gateway server, Mail server

Printers

Printers are assigned a static IP address in the range of 134.147.10.200-220 Management 134.147.10.201 Accounts 134.147.10.202 Network Support 134.147.10.203 Web Administration 134.147.10.204

2.

Dynamic Host Configuration Protocol (DHCP)

A DHCP server maintains a list of available IP addresses, and when a client computer logs onto the Domain, the DCHP server sends an IP address along with other TCP/IP information such as the DNS address and subnet mask. With Static IP addressing, it has to be remembered which IP address is on which client computer, and when the network is a large one, this can become a time consuming task, which is also prone to error. DHCP automates IP addressing and makes the job of the Network Administrator a much easier one. To set up the DHCP server the following points had to be carried out:-

From the server

The DHCP service is installed from Control Panel and the server restarted. Establish a Scope by going to Administrative Tools, DHCP Manager, select Create, and then Scope. The Scope encompasses the range of IP addresses that have been made available to the client computers. Settings such as Start Address, End Address, Subnet Mask, Excluded Addresses and Lease Duration are configured as part of the Scope. Setting Global and Scope Options. This is set up when the client computers are going to communicate with other computers beyond the subnet and network. From the client Client computers configured to find a DCHP server. Instead of entering an IP address into the Network configuration panel, the computer is configured to obtain an IP address from the DHCP server. The computer is restarted, and during the next boot up process, the computers IP address is set by the DHCP server, according to the Scope created in DHCP Manager.

2.1

The DHCP Server configuration for Netstar

Start Address 134.147.10.21 End Address 134.147.10.22 Subnet Mask 255.255.255.0 Limited to 8 days

2.2

Domain Name Service (DNS)

DNS is the way TCP/IP computers resolve Internet names, eg. www.ozemail.com.au, into IP addresses, eg. 192.168.5.1. DNS is a client/server protocol, which means that the client requests

the domain name information from the DNS server. DNS is configured from the DNS tab in the Network configuration panel. DNS is fairly painless to set up, because when you set up DHCP, the DNS settings are included in the TCP/IP settings configured on the server. The DHCP server will do the job for you, or you can configure it manually via the Network configuration panel.

2.3

The DNS configuration for Netstar

The DNS Service runs on the NetWare server. The IP address of the DNS is 134.147.10.254.

3.

WINS Server

WINS translates Windows networking UNC names to and from IP addresses. WINS is set up via the Network configuration panel. Configuring client computers to use WINS is simple, as is DNS. The DHCP server will do the job for you, or you can configure it manually via the Network configuration panel.

3.1

The WINS Server configuration for Netstar.

The WINS server is on the BDC, NETSTARBDC. The IP address of the WINS server is 134.147.10.2 also.

4.

Primary Domain Controller

Servers perform various roles. In an NT domain one computer acts as the primary domain controller (PDC). In this case the PDC is the computer called NETSTARPDC. This computer authenticates logons for clients by validating the supplied username and password that has been entered in the accounts database and returning a security token to the requesting client. The security token presents the client to all other domain participants on the network whenever the user requests a resource shared by that participant. The security token gives access to the user and enables a single logon to the domain, but keeps all security permissions intact. The first Windows NT Server on the network must be the PDC. To install a PDC you are given the option to install the server as the PDC (see PDC installation procedure following in this report). The PDC holds the security accounts database and names the domain. If you ever need to change the role of the PDC to the Backup Domain Controller (BDC), you can promote the BDC and demote the PDC.

4.1

Windows NT Server Installation

The following installation is for the Netstar Primary Domain Controller (PDC). The boot sequence was changed in the BIOS to CDROM, C, A Welcome to Setup To set up Windows NT, press ENTER Setup recognised mass storage devices IDE CD-ROM (ATAPI 1.2)/PCI IDE controller Did not specify additional devices Licensing Agreement Paged Down until the end of the agreement, F8 to Agree Setup determined the PCs hardware and software components Accepted No Changes A list showed existing partitions and spaces available for creating new partitions D to delete the highlighted partition. Continue To delete press L Deleted any other partitions using the same method

This left us with an unpartitioned disk C to create a partition Enter a size for the partition in megabytes We chose 1024mb for the C: drive Create a partition in the unpartitioned space, Select C Accepted the size presented 5185mb To install Windows NT on the highlighted partition C Select a file system for the partition We chose NTFS for security purposes Setup formatted the partition Setup installed files onto your hard disk, Accepted the location presented Setup examined the hard disk for corruption Allowed Setup to perform exhaustive secondary examination of the disk This portion of Setup completed. Restarted the computer We took the CD out so that the computer wouldnt boot from the CD. The graphical part of Setup now commenced NT copied some files from the CD Step 1 Gathering information about your computer Name and organisation Name Netstar Organisation Netstar Pty Ltd Licensing Modes NT Supports 2 licensing modes We chose per seat mode Computer Name NETSTARPDC Server Type This computer is the Primary Domain Controller Administrator Account password of 14 characters Password is password Emergency Repair Disk Selected No at this stage. It can be created at a later stage. Select Components Added Windows Messaging Step 2 Installing Windows NT Networking Setup needs to know how the computer should participate on the network We selected Wired to the network

Install MS IIS Ticked the button to install Search for a network adapter Selected Search Intel 82557 Base 10/100 Ethernet PC /Adapter

A screenshot of files on the Intel 82557 Pro 10/100+ Client Adapter Configuration and Drivers Disk Version 2.55. The Oemsetup.inf is the information file for the Windows NT Installation, which details Platforms supported, Language, Registry Keys, DLLs, descriptions throughout the install, etc. The required drivers for the adapter are in the NT directory.

Networking protocols Added TCP/IP Protocol and NW Link IPX/SPX compatible transport The services are listed MS IIS 2.0 RPC Configuration NetBIOS Interface Workstation Server NT installed networking components The Intel PRO Set dialog box appeared Adapter:- Intel Ether Express PRO/100B PCI 100 Base/TX, 10 BaseT Configuration: I/O Address 0xE400 Interrupt: 9 Ethernet (MAC) Address: 00902776AEA7 DHCP Is there a DHCP server on your network?

Selected No (Note: The PDC will become the DHCP Server after installation of NT, however the DHCP server itself requires a static IP address. If the server address were changing every so often, other routes to the server would never find it.) TCP/IP Properties Specified an IP address IP address: 134.147.10.1 subnet Mask: 255.255.255.0 Default Gateway 134.147.10.254

Showed bindings for services, protocols, and adapters NetBIOS Interface Server Workstation NT was ready to start the network You have requested that NT create a PDC Supplied the name of the domain that this PDC will manage Computer Name NETSTARPDC Domain NETSTAR Step 3 Finishing Setup

The server got a blue screen at this stage, in other words the computer crashed. We discovered it was the port in the switch that the computer was connected to. The port was an MDI/MDIX port, which was incorrectly configured. We changed ports on the switch and re-ran the above set up. IIS server 2.0 setup Installed in c:\winnt\system32\inetsrv

4.2

Logging onto the Server

We logged on with Username Administrator Password is password The first thing we did after logging on was make the D: drive accessible by going into Administrative Tools, Disk Administrator, and formatted D: so that we could access it and commence setting up the File server directory structure. After using Disk Administrator the configuration of the Disks was: C: NTFS 1028mb D: NTFS 5154mb

4.3

Emergency Repair Disk (ERD)

At this stage, the Emergency Repair Disk was created. This enables you to copy system files to floppy disk. In the case of the NT server installation becoming corrupt or missing files, you can try fixing it by starting up the NT server installation from CD, selecting the Repair option, then when prompted, insert your Emergency Repair Disk. The ERD is a snapshot of the Registry. The executable file, RDISK.EXE, copies repair information to floppy disk (from c:\winnt\system32\repair), ie. the system hive, the security accounts manager, the security hive, the software hive, the default hive and the CONFIG.NT and AUTOEXEC.NT files. When RDISK is used with the parameter /s, these files are firstly updated and copied to c:\winnt\system32\repair. When attempting to create the ERD for the Netstar PDC, an error occurred that would not allow us to create the disk. Repair information could not be copied to or from c:\winnt\system32\repair. For

that reason, it was not possible to create an ERD for the PDC, however we have created ERDs for the Netstar NT Server BDC and NT Workstation, which will be made available in the practical assessment.

A screen shot shows the contents of the BDCs Emergency Repair Disk.

4.4

Service Pack

Microsoft Service Pack 6 was installed successfully on Netstars Primary Domain controller and Backup Domain controller. Prior to installation we were prompted to accept the Licence Agreement and selected to backup all files, which was necessary to uninstall this Service Pack. After the installation was completed, we restarted both NT Servers.

4.5 Internet Explorer 5

Internet Explorer 5 was installed on Netstars Primary Domain controller and Backup Domain controller. The Licence Agreement was accepted and custom installation was selected, along with the following components: Internet Explorer 5 browser Internet Explorer Help Microsoft Virtual Machine Internet Explorer browsing enhancements Media Player Media Player Codecs Visual Basic Scripting Language Auto Selection After the installation was complete, we restarted the servers.

5.

File Server - NETSTARPDC

A File Server is really a central repository where the users can save their work via their network drive mappings, the users can have some peace of mind knowing that the data on the file server is backed up, and permissions can be placed on the folders and files accordingly for security and privacy purposes. The file server must have enough hard disk space and the speed to respond to the client computers requests. Network capacity must also be adequate.

The bottlenecks of file servers can usually be put down to the network interface card (NIC) and the hard disk drive speeds. Using a faster NIC or increasing hard drive speed by using faster drive or using more drives in a RAID array will help. Adding a faster processor, more processors or RAM beyond a certain point will not increase the performance of the file server. Another way to increase file server speed is to add another file server to the network. You could split the network load between the file servers. D: drive on NETSTARPDC is shared to everyone Permissions are then set on directories according to group permissions The Directory structure is as follows:D: (shared) DATA Accounts Word Excel Powerpoint Access MYOB Management Word Excel Powerpoint Access Network Support Word Excel Powerpoint Access Web Design Word Excel Powerpoint Access Users Jill Jones John Lord, etc. Typical File Server Hardware for the Netstar File Server would be:COMPONENT Processor RAM Disk space Tape backup Network adapter CD-ROM QUANTITY Pentium 500MHz 256mb 20 GB DAT 12/24GB native Fast Ethernet 2 x 8x CD-ROMs

5.1 Optimising your File Server

Netstar have optimised performance on the File Server. Go to Control Panel, Network, Services, Server, Properties and select Maximise Throughput for File Sharing. This process allocates the maximum memory for file sharing applications. If the server were an application server, the same process would be carried out, and the last option, Maximise Throughput for Network Applications, would be selected. A screen shot of maximising the file server throughput.

A screenshot of the D: drive on the File Server. This shows the directory structure of files available to the users on the network. The directories have permissions placed upon them to restrict or allow access to users.

snapshot of the Users home directories. This drive gets mapped by the client computers as a Z: drive, and users are able to save files to their own directory. Permissions are placed on the directories so that only the named user of the directory can access that directory.

A screenshot of the Users directory on the File Server

6.

Microsoft Exchange Server

Exchange Server 5.5 was installed on the Netstar Primary Domain Controller. Exchange was to be the internal mail server, but the decision was made to make the Novell Netware server the internal and external mail gateway (see Chris Partsenidis section). The Netware server is the external mail server. If we were to have Exchange as the internal mail server, and the Netware server as the external mail server, we wouldve had to have two email clients, Microsoft Outlook and Netscape. This is too complicated for users, so Microsoft Exchange Server was uninstalled, and the internal mail server changed to the Netware server.

7.

Trust Relationships

Netstar are not in a position to have Trust Relationships established at this stage, however we have included a plan for Trusts Relationships as a future requirement. It is intended that Netstar will expand in the next 2 years to have 2 more national offices. One office will be in Melbourne, the other in Brisbane. These offices will have their own domain controller servers, and a trust relationship between the domain controllers will provide a way for users to have secure access in those other domains without having to have an account in each domain. Within a Trust relationships there are two participants: The trusting domain The trusted domain The Trusts are created between domains using the User Manager for Domains tool. Each domain specifies other domains that they trust to make security decisions about who can and cant log on and access resources, eg. We want people in domain NETSTARVIC to be able to log on using accounts in Domain NETSTAR. We would place Domain NETSTAR in the list of Trusted Domains on the PDC of Domain NETSTARVIC and place Domain NETSTARVIC in the list of trusting domains on the PDC of Domain NETSTAR. The password specified must be the same on the trusted and trusting computers. Doing the trusted domain first is a faster process. A one-way or two-way trust relationship can be established. One-way is where one domain trusts the other, but not vice-versa. Two-way allows users in either domain to have access to the other domain.

8.
8.1

Security
Some Policies for Netstars Domain Security
Keep the domain controllers physically secure, ie. Behind locked doors with access only to authorised people. Netstars servers are in their own office, which can be locked. Dont leave the domain controllers (PDC or BDC) logged in, especially as Administrator. Only add a trust relationship between domains if several users need access. It is a good idea to rename the built-in Administrator account to another name. This account is the one account that can never be locked out from repeated failed log on attempts, and is popular with hackers who try to break in by repeatedly guessing passwords. By renaming the account, hackers have to guess the renamed account name as well as the password. Disable the floppy based boot if the computer hardware provides the option. If the computer doesnt require a floppy disk drive, remove it. The entire hard disk should be NTFS. If the computer doesnt require network access, remove the network card. The Guest Account

8.1.1

The Guest Account was disabled. The reason for this account being disabled is the Everyone group includes Guest users, and shares give full control to Everyone by default.

8.1.2

Logging Off or Locking the Workstation

Users should either log off or lock the workstation if they will be away from the computer for any length of time. Logging off allows other users to log on (if they know the password to an account); locking the workstation does not. The workstation can be set to lock automatically if it is not used for a set period of time by using a screen saver with the Password Protected option ticked. 8.1.3 Passwords

Anyone who knows a user name and the associated password can log on as that user. Users should take care to keep their passwords secret. Users at Netstar are advised to use stick to the following guidelines: Change passwords frequently, and avoid reusing passwords. Avoid using easily guessed words and words that appear in the dictionary. A phrase or a combination of letters and numbers works well. Dont write a password downchoose one that is easy for you to remember. 8.1.4 Protecting Files and Directories

The NTFS file system provides more security features than the FAT system and is used at Netstar because security is a concern. With NTFS, you can assign a variety of protections to files and directories, specifying which groups or individual accounts can access these resources, whether its read, write, change or all of the above. By using the inherited permissions feature and by assigning permissions to groups rather than to individual accounts, protecting the data is simplified. NTFS file permissions work in the following way: If a file is copied to another directory with different, more open permissions, the original permissions should be placed on the file asap, or it should have been moved to the new location in the first place, then copied back to the original directory. File permissions are retained by moving, but when copied, take on permissions of the new directory. In order to enhance the directory security on both NT4 servers (ie. The PDC and the BDC), the following actions have been taken:From the desktop, we double clicked on My Computer and selected the C: drive, right clicked on it and selected Properties. From the new window, we selected the Security tab, clicked on the Permissions button, and removed the Everyone group.

Screenshot of the c: drive permissions on the Netstar Primary Domain Controller Note: For the sake of brevity, we have shown one screenshot to cover both servers. The Directory Permissions are identical on both servers.

8.1.5

Backups

The regular backups carried out at Netstar protect the data from hardware failures and accidental mistakes by staff, as well as from viruses and any tampering with files. Backup privileges are only given to administrators and/or backup operatorspeople to whom the company is comfortable giving read and write access on all files, as they have read and write access to the files being backed up and restored. 8.1.6 Protecting the Registry

All the initialization and configuration information used by Windows NT is stored in the registry. Normally, the keys in the registry are changed indirectly, through the administrative tools such as the Control Panel. This method is recommended. The registry can also be altered directly, with the Registry Editor; some keys can be altered in no other way. The following restricts network access to the Registry in the case of someone trying to remotely access the Registry.

Hive: Key: Name:

HKEY_LOCAL_MACHINE \CurrentcontrolSet\Control\SecurePipeServers \winreg

This key defines who can connect to the system for remote registry access. The default Windows NT Workstation installation does not define this key and does not restrict remote access to the registry. Windows NT Server permits only administrators remote access to the registry. The Backup utility Netstar have in place allows you to back up the registry as well as files and directories. 8.1.7 Auditing

Netstar have Auditing in place to identify user accounts that perform audited actions. Auditing tells you what user accounts were used for the audited events, and as long as passwords are kept safe, it also tells you which user attempted the audited event. Of course if a password was stolen or something was done while a user was logged on but away from the PC, the event may not have been carried out by the owner of the user account. An audit policy can use up disk space and CPU, but the following at least should be audited: failed log on attempts attempts to access sensitive data changes to security settings. At Netstar have made the decision to audit the following events: Failure of Logon and logoff attempts Failure of File and Object access Success in changes to Security Policy

8.1.8

User Rights

The following recommended default user rights have been changed on the servers and workstation as follows: User Right Groups Assigned this right by default on workstation & standalone server Administrato rs, Everyone, Guests, Power Users, and Users Recommen ded change for workstation & standalone server Remove Everyone and Guests from having this right. Groups assigned this right by default on domain controller Account Operators, Administrator s, Backup Operators, Server Operators, Print Operators Account Operators, Administrator s, Backup Operators, Server Operators, Print Operators Administrator s, Everyone Recommen ded change for domain controller

Log on locally. Allows a user to log on at the computer, from the computers keyboard. Shut down the system. (SeShutdow nPrivilege) Allows a user to shut down Windows NT Access this computer from the network Allows a user to connect over the network to the computer 8.1.9

No Change

Administrato rs, Everyone, Guests, Power Users, and Users

Remove Everyone, Guests and Users from having this right.

No Change

Administrato rs, Everyone and Power Users

Administrat ors, Power Users and Users

Administrat ors, Backup Operators, Server Operators, Print Operators, Users and Guests if it is enabled

Secure Print Driver Installation

For secure driver installation, Netstar have noted the following Registry entry: Registry key AddPrinterDrivers under HKEY_LOCAL_MACHINE\System\ CurrentControlSet\ Control\Print\Providers \LanMan Print Services\Servers is used to control who can add printer drivers using the print folder. This key is set to 1 to enable the system spooler to restrict this operation to administrators and print operators (on server) or power users (on workstation). The Emergency Repair Disk was updated to reflect these changes.

9.

BACKUPS

Backups are performed on the PDC and the Netware server. Backing up Netstars data is a critical day to day routine that is carried out by the Network Administrator. The daily tapes are on a fortnight cycle, with weekly and monthly backups are also performed routinely. A test restore is carried out on a weekly basis to ensure backups are working and in good order. A backup is only as good as the restore it can produce. Tapes are stored off-site by way of Data Security Ltd (DSL). DSL make a daily visit to Netstar to collect the previous nights backups, and to deliver that nights backup tapes. If a restore of a file is required, then a phone call is made to DSL, and they deliver the tape in their next visit. If the restore is urgent, DSL will deliver the tape within 2 hours, up until 3pm, Monday to Friday.

9.1

The PDC Backup

The PDC backup is scheduled to run at 11pm Monday to Friday. It is designed to back up the C: drive, the Registry, and the D: drive. The tape drive that is fitted into the PDC is a Seagate 224000 (Scorpion 24 DDS3) 12/24gb tape drive. This tape drive has the following properties:Media Format DDS-3 Interface 50-pinA Compressed Capacity Up to 24Gb Backup Speed Up to 132 mb/min Data Cartridge Model No. STMD24G, capacity 24Gb, Media Format DDS-3 The Seagate drive was purchased at $1,990. Netstar do not currently require the capacity that this drive offers, however, the decision was based upon future requirements and the growing needs of disk space. Included in the price is a single server software licence of Veritas Backup Exec. Backup Exec is a backup solution for mixed platforms such as Windows NT, Windows 2000 and NetWare.

9.2

The NetWare Server backup

The NetWare server backup is scheduled to run at 11pm Monday to Friday. It is designed to backup DNS records and mailboxes that are stored on the server. The tape drive that is fitted into the PDC is a Seagate 224000 (Scorpion 24 DDS3) 4/8Gb tape drive. This tape drive has the following properties:Media Format DDS-DC Interface 50-pinA Compressed Capacity Up to 4Gb Backup Speed Up to 66mb/min Data Cartridge Model No. 32000, capacity 4Gb, Media Format DDS-DC The Seagate drive was purchased at $958.00. Included in the price is a single server software licence of Veritas Backup Exec.

10. BACKUP DOMAIN CONTROLLERS (BDC)

We created a Primary Domain Controller and a Backup Domain Controller. The PDC contains the master record of all domain information. The BDC receives updates from the PDC so that there is a backup copy of the domain information. When a user logs in, they can authenticate with either the PDC or BDC. A domain is a group of workstations and servers associated by a single security policy. A user can perform a single logon and gain access to every server within the domain. They do not need to perform separate logons for each server.

10.1

Installing Widows NT4 Server BDC

Firstly we formatted C Drive to clear everything from it, and partitioned it. Loaded NT Server. For BDC we selected Intrup No:5 I/O Port Add IO channel Ready Transceiver Type: 0x300 Late Ticknet (AUI/DIX)

Microsoft TCP/IP Properties We gave it IP address, IP Address: 134.147.10.2 Subnet Musk 255.255.255.0 Windows NT Server setup Computer Name: NETSTARBDC Domain: Netstar Administrator Name: Administrator Administrator Password: Password Adaptor Information Memory Address: I/O Address Interrupt: Ethernet Address: (Bus) Slot Number: Speed/ Duplex: Adaptor Mode: OxED100000 OxE400 10 00902776AAFD (0)16 Auto Standard Mode

When the installation was complete we had an error message. "Cannot connect to domain controller". We had to reload Windows NT4 Server BDC setup. We followed the instructions. For Network Adopter we selected OEM Option. Intel EtherExpress PRO Adaptor. Network Protocols we selected TCP/IP Protocols NWLink IPX/SPX Compatible transport NetBEUI Protocol.

NetBeui Protocol Network Services RPC Configuration NetBIOS Interface Workstation Server. Adapters Installed Intel 82557/82558 10/100 Ethernet PCI Adaptor 100 Base-TX, 10BaseT. Adapter Information Memory Address: I/O Address Interrupt: Ethernet Address: (Bus) Slot Number: Speed/ Duplex: Adaptor Mode: OxED100000 OxE400 10 00902776AAFD (0)16 Auto Standard Mode

Microsoft TCP/IP Properties IP Address: 134.147.10.2 Subnet Mask 255.255.255.0 Computer Name: NETSTARBDC Domain: Netstar Administrater Name: Administrator Administrater Password: Password Note: Second installation also did not work. At the end we had to copy the drivers from a floppy disk, and it worked.

11. Setting up NT4 Workstations

We installed two workstations to allow the system to run programs across the network or off of the local drive as required. First we changed BIOS to boot from the CDROM. Prior to installation we were prompted to accept the licence agreement and selected to backup all files, which were necessary to uninstall this Service Pack. We created new partitions. We selected \winnt for the files to be installed. Checked the hard disk for errors. Restarted the computer. We selected typical setup for Windows NT Workstation Setup options. Followed the prompt. We entered Name of the Organisation Name: Netstar01 Organisation: Netstar Enter Registration: 50036-270-3260604-23337 We entered the computer name & password. For workstaion, We selected Accessibility Options Accessories Communications Multimedia

We selected this computer will participate on a Network Wired to the Network. Network Drivers We had network drivers on a floppy disk and loaded on. We selected OEM options Intel Ether Express PRO Adaptor. We selected TCP/IP Protocol. Networking Components to install themselves and raise dialogs so that they may install correctly. Adaptor Information Memory Address: I/O Address: Interrupt: Ethernet Address: Bus slot Number: Speed/Duplex: Adaptor Mode: 0xED100000 0xE400 10 00902776AEDE 0 16 Auto Standard Mode.

We entered Computer Name: Netstar Workstation: Workgroup After Time/Date, region setup we restarted the computer. For setting up Network, we went to Network Neighbourhood, Adaptors, Properties, Test the adaptor. Note: It did not work. We had to reload the network adapters from a floppy and it worked. We gave the workstation an IP address: 134.14.10.3 Netmask: 255.255.255.0 After the installation was completed, we restarted the NT4 workstation.

11.1

Internet Explorer 5

Next step was to install Internet Explorer 5 on the NT4 Workstation. Again, the Licence Agreement was accepted and custom installation was selected, along with the following components: Internet Explorer 5 Components Internet Explorer 5 browser V5 Internet Explorer Help V5 Microsoft Virtual machine Internet Explorer browsing enhancements V5 Media Player V5 Media Player Codecs Visual Basic Scripting Language Auto Selection After the installation was complete, the workstation was restarted once again.

11.2

Adobe Photoshop

Next step was to install Adobe Photoshop V5 on the NT4 workstation. Following are the details and components of this installation: Adobe Photoshop V5 details and components Name to Register: Administrator Organisation: Netstar CD Key: pww400r7106337-339 Install Dir c:\program files\adobe Installation type Standard Selected files to copy Adobe program and help files Software registration was completed and program was run to ensure proper installation. Netstar02 Workstation, after reinstalling 1.E 5.5 and restarting our NT4 workstation, we got the following error message: Setup: C0000221 {Bad Image Checksum}. The image WININET.DLL is possibly corrupt. The header checksum does not match the computer checksum. Emergency Repair Disk had not been created at that time. We lost MYOB9, VET etc. We reinstalled NT4 Workstation Netstar02 the same as before. Also Netstar01 Workstation crashed, using original NT driver in the machine crashed the installation. Reinstalled NT4 Workstation as before. We used floppy disk to load Intel EtherExpress PRO Adaptor, and it worked. Next we installed Windows 98 on Netstar02. Booted to CD-ROM. The command prompt appeared at A:\ Changed directory to D:\ Drive Run Setup.exe First of all Windows checks the hard drive. Win 98 Welcome to setup appeared. Setup Wizard selected. Install Win98 in C:\windows. Chose Typical installation. Installed the most common components. Computer Name: Netstar02 Workgroup Workgroup Startup Disk, inserted floppy disk into drive. Copied Windows 98 files to the computer. User Information Name user Company Netstar Pty Ltd We accepted the licence agreement Entered Product Number Clicked finish to continue starting Windows 98 setting up hardware and finalising settings. Set Date & Time.

11.3

VET V10.2.1

We Installed Vet V10.2.1 on BDC, PDC and every workstation, to protect the workstation and domains from viruses. We selected to install Vet Anti-Virus for Windows NT server. Insert installation CD, Introduction page, Welcome page. We accepted Vet License agreement For setup option we selected custom. Destination location C:\Vet

User Identification Name PC2000 Company: Netstar We choose not to register our copy of Vet on-line. We used password to access Vet's emergency functions and options menu. We used password to access Vet's emergency functions and options menu. We did not select Enable password protection of Vet's options menu. We sad yes, to run Vet automatically when Windows start up.

For resident protection components we selected Enable resident floppy disk boot sector protection Enable resident file monitor (file protection)

Installed Vet icon in the system tray of the taskbar. We confirmed configuration selection.

We selected yes to display the 'Read me' file. We wanted to create boot sector templates for all local hard disks. We sad yes to create a Reference disk. Identification No is 18/10/00 8:21:05pm. We sad yes to scan local hard disks.

12. PRINTERS
We pretend we have five printers, a Colour printer shared, two Laser printers shared with Accounts, Secretary, Web/Netwere, Marketing and Receptionist. Two Bubble Jet printers for Management and Accounts Department. All printers are shared. All printers have a network card. We installed the printers on the BDC. We choose printers with high duty cycle, which they will handle, high volume of printing in a network area. The print server is BDC, provides a central point for network users to share a printing device. Print server is a computer to which printers are attached and connected via the network. When a user needs to print, the output is directed to a central holding area called a queue. A network print queue is a holding area for print jobs. The queue is located on a file server and is used to stage the print jobs prior to printing.

12.1

Installing Network Printers

To install the printers, We went to start, Settings, Printers. We selected add printer, and to be installed on my computer. Selected Port: LPT1. Manufacturers: Generic Printers: Generic/Text only Kept existing driver Printer Name: Colour Printer Selected Shared printer It came up with a warning "Share name that you entered may not be accessible from some MSDOS workstations, are you sure you want to use this share name? We said Yes. We said No to print a test page. We needed the file TXTOnly.DLL on Windows NT server CDROM. We inserted the CDROM.

The file where the path was located E:\i386. Colour Printer Instillation Complete. We installed and named Network Support Printer to port LPT2. We installed and named Marketing Printer to port LPT3. We installed and named Accounts Printer to port COM1. We selected BJ Accounts printer from Printer directory, we went to properties, security, removed all users. We added only accounts department and administrator to have full access to the printer.

We installed and named Management Printer to port COM2. We selected MD & Secretary printer from Printer directory, we went to properties, security, removed all users. We added only management user and administrator to have full access to the printer. Printers are given a static IP address in the range of 134.147.10.200-220 Management 134.147.10.201 Accounts 134.147.10.202 Network Support 134.147.10.203 Web Administration 134.147.10.204 Add Printers to client: Add Printer Network Printer Netstar BDC Select Printer Marketing Printer Selected No, for default printer Now we can see the Marketing Printer on the Network.

13. MYOB
13.1 Installation

MYOB9 is an accounting software. It is very useful to keep the company financial records in order. We installed MYOB V9 single user accounting software on two workstations. To be shared with Accounting Department, Managing Director and Receptionist. We followed the instructions to install the software. Welcome page We installed it in the default folder of C:\MYOB 9.

We selected typical setup option. We accepted default program folder MYOB Accounting plus 9. We selected Microsoft word & excel office link programs to be linked with MYOB. We accepted the settings for installation.

Restarted the computer for the installation to take effect.

13.2

MYOB Accounting Software User Rights

The accountant & General manager will have full access to accounting data file. The receptionist to have limited access, because there is sensitive data which are payroll and General Ledger we don't want everyone to know about. We created data file and named it Netstar under C:\Data\MYOB9 directory.

Entered Company information. Company Name: Netstar Pty Ltd Company Address: 255 Pittwater Road, Brookvale 2100. Company ABN: 11 222 333 444

Entered User ID: Password:

Accountant Password

We shared MYOB9 Directory in Netstar02 Workstation. We highlighted MYOB9 Directory, properties, sharing, share this folder. Share name: Data Comment:: C:\MYOB9\Data\Netstar.dat User Limit: 3 users Share Permissions: General Manager, Accountant & Receptionist full access. Caching Settings: Allow caching for documents. Setting: Manual caching for documents. Map MYOB9 in computer Netstar02 Drive: \E Folder: \\Netstar02\MYOB9 Reconnect at logon MYOB account shortcut Start in: C:\MYOB9\Data\Netstar.dat In MYOB9 Netstar file we created sub-password for Receptionist: Password1 We gave the receptionist limited access for sales and receivables, purchases and payables. She will be helping the accountant in those arrears. We had problem seeing the MYOB data file in Netstar01 workstation, Due to Novel installed. Ones the system booted in NT4, shared and mapped, C:\MYOB9\Data, in Workstation Netstar01. We map it to drive F and it worked.

14. Groups and Users

All employees in Netstar Pty Ltd the company needed to have their user account set up on the network. The users also need to be assigned with permissions and rights according to the level of access they have to company data. This of course depends on their position in the company and on the area they work in. Naturally, only administrators can perform these tasks.

14.1

Creating Groups

Before we have created users on the network we decided what groups the users will belong to according to their position and the actual work they perform. We decided to create a group for each area of production in the company as well as a managerial group. We assigned to these groups appropriate rights and permissions. This way we could make sure that once we assign a user to a certain group he or she will inherit all the characteristics of that group. This method helps to eliminate the chance of making mistakes in setting up individual user rights and ensures that all users in a particular group have identical rights. We have set up five user groups. Management Group Contains the Managing Director, his PA, the company accountant and the manager of each production area. Network Support Group Contains the members of the network support team and the managing director Web Design Group Contains the members of the web design group and the managing director Sales/marketing Group Contains the sales/marketing team members and the managing director. Accountant Group Contains the company accountant, the managing director and the receptionist (with limited permissions) Domain Users Group Contains all users.

14.2

Procedure to Create Groups

In User Manager for Domain (Start/Programs/Administrative tools) Click on User - New Local/Global Group Give a name to the new group Give a description of the group

14.3

Creating Users

We had to create a user account for each employee of the company. There are 25 employees in the company. To make it easier on us, first we have created a template user with the characteristics which will apply to all users. From that template user, other users can easily be created by copying the template and only changing certain characteristics.

14.4

To Create a Template User

In User Manager for Domain

Go to "User" - New user Type in a user name (template), which will be the person's login name. The username is the full name of the person. In the next box type in the full name of the user Give a description of the user such as their position in the company Type in the password for this user or leave it blank if you dont want the user to have a password Tick any or all of the options regarding the password usage of the user. (we only ticked Password Never Expires) Click on the first button on the bottom of the screen called "Groups" Put the user in the appropriate groups and nominate which group will be their primary group Click OK Click on the Profile button On this screen you nominate the drive which will be mapped when the user logs-in on his/her workstation. Z:\ was set up as the mapped drive for users.

14.5

To Create Real Users

We have created the user accounts for the company employees as follows:

In User Manager for Domain Highlight the template user Go to User Copy Name and description (we decided to use the full name of the person as the login name and the description is their position in the company) We nominated the group(s) the user belongs to. The primary group of the user is Domain User) All other settings for Config, Profile, Hours, Logon to, Account and Dial in should be correct. However individual details can be changed.

15. Account Policies

We have also specified some account policies for the domain regarding password expiry, length and restrictions as well as rules regarding account lockouts. These policies apply for the entire domain.

16.User Directory Permissions

Once all users were set up user directories were created. Once a user logs on a user directory is created automatically for this user under the Profiles directory. We have set up the directory permissions to these user accounts in a way that the owner of the account and the administrator will have full control of it, but everybody else have access denied. This is the area where users can store their private files.

16.1

Shared Directory Permissions

Each group within the company will have a shared directory (folder) containing data relevant to their work eg. Network Support, Sales/Marketing, Web Design, Accounts, Management. As a general rule, only users belonging to that particular group will have access to that folder. However some individuals, such as the managing director will have limited access to these folders. There will also be a common directory which can accessed by all domain users. This is the directory where files that might need to be shared between the groups can be placed into.

17. Creating System Policies

We have created system policies to set certain restrictions to prevent users tempering with the system. We also wanted to create a uniformed user environment for each group. We have created policies for each of group instead of individual users, that way we ensured that each user in a group have the same settings.

Firstly we have created the Management group and specified the following policies:

In the desktop area we have specified the wallpaper that should appear on the PC of all members of the Management Group. In the Control Panel area we ticked restrict display and denied access to the display icon. In the shell area we ticked Remove Run Command from the start menu and Hide Network Neighbourhood. In the System Restriction area we Disable Registry Editing Tools. In the Windows NT Shell - Restrictions area we ticked Remove Map Network Drive and Disconnect Network Drive options. In the Windows NT User Profiles we ticked - Limit profile size to 30MB - Notify user when profile storage is exceeded - Remind user every 240 minutes

After saving the policy we then proceeded to create all the other user groups in the company. We copied the policies for the management into each group. This way we didnt have to re-create every individual policy for each group, only change the ones that were not appropriate for the particular group.

18. Directory Replication

Directory replication allows a server to publis a directory for replication in the domain. The server publishing the data is called the Export server and the servers that can subscrubed to received that data are called import servers. Only Windows NT servers can be export servers however Windows NT Workstations as well as Windows NT servers can be import servers. The shortfalls of directory replicationis that it cannot replicate open files and is that it cannot synchronise different verions of files, therefore it is only useful to replicate files that are not changed (mostly read only files). An example of these read only files are administrative files, user profiles, company policies, templates etc. We set up directory replication on the PDC and BDC.

18.1

Setting up Replication

To set up replication we had to create a user called "replicant" on the PDC and made this user to be a member of the "backup operators" and "replicators" groups.

18.2

Replicant User Setup

The "replicant" user was set up in the Use Manager for Domain using the Template user. On the first screen: Username - Replicant Type - Logon user for directory replication service "Must change password at next logon" - had to be unchecked "User cannot change password" and Password never expires - had to be checked.

On the group screen: We added the user to the "Backup Operators" and "Replicator" groups.

18.3

Export Server Configuration

The next step is to configure the servers for directory replication. This takes place in the "Server Manager". Start - Programs - Administrative Tools - Server Manager Select the first export server (PDC) Select - Computer - Services

Double click on "directory Replicator" in the service list box.

Select Automatic Select this account - and specify the replicator account just created Enter and confirm the password Ok - to close service configuration page Ok to acknowledge the logon as a service right Click Start - this will start the directory replication service Close the services window

In Server Manager - Select Computer - Properties Click on the replication button Click Add in the Export Directories control group Select the computers to import from (PDC) Click OK. Click Alerts

The Administrative account should appears in the "send alerts to" window. If not you have to type it in.

18.4

Import Server Configuration

The next server needs to be configured is the import server. In the Server Manager: Select the import server (BDC) Select - Computer - Services Double click on "directory Replicator" in the service list box. Select Automatic Select this account - and specify the replicator account just created Enter and confirm the password Ok - to close service configuration page Ok to acknowledge the logon as a service right Click Start - this will start the directory replication service

Close the services window In Server Manager - Select Computer - Properties Click on the replication button Click Add in the Import Directories control group Select the computers to export to (BDC, PDC import directory) Click OK. Click Alerts The Administrative account should appear in the "send alerts to" window. If not you have to type it in.

18.5

Problems Encountered

The directory replication doesn't seem to be working. Alert messages are sent to the administrator with an error code of 1385. We have looked up this error message on Technet and found that the problem is related to the user roaming profile. (we also had difficulty with making the roaming profiles working). According to Technet this problem occurs when the when "the user dont have the right to access this machine from the network" and this occurs if the administrator removed the Everyone group from this right.

19. Microsoft Office Installation

We have installed Microsoft Office97 Professional Edition on our network for wordprocessing, spreadsheets and presentation. We installed MSOffice on the NT workstation, the Windows 98 workstation and on the BDC.

19.1

Installation

Place the Microsoft Office97 (Professional Edition) CD ROM into the CD ROM driver and run Setup from the CD by doing the following: 1. Click on the Start button. 2. Click on Run and type in D:\Setup.exe You will see the following screen.

Press Continue. Setup will examine your system and prepare it for the installation of the software. If you have a previous version of Microsoft Office running on your computer Setup will ask you if you want to update or remove the previous version. Choose to remove all previous files, but none of the shared components, as this could affect other applications. This will get rid of your existing office installation. Setup will also ask for your details and for the name of the directory where the program files will be installed. There is a choice of Typical or Custom installation. We performed a typical installation which installs the main components of the office suite such as Word, Excel, Powerpoint, Access, Binder, Bookshelf.

Note: We have encountered no problems with the MSOffice installations.

20. NetWare 5.1 File Server and Firewall Setup

The NetWare 5.1 server was installed to provide Internet Access and Firewall services to our network. In order to accomplish this, we decided to install Novells BorderManager 3.5 Enterprise edition. For simplicity reasons, we have broken into stages the work completed to install and configure this server. The Following steps were taken to successfully install the NetWare 5.1 file server and Novells BorderManager 3.5.

20.1

Stage 1 Installation of NetWare 5.1 File Server

Created a Licence disk which will be used to install necessary server + user licences. Specifically, 1 server license and 100-user connection license. Created a Licence disk for BorderManager 3.5 and Firewall services. Created dos 6.22 boot disk, which will be used to create a small DOS partition from which the NetWare server will boot.

After booting into dos and running Fdisk, we created a 100MB FAT16 partition and marked it as Active in order to make it bootable. Rebooted system and formatted the partition using the format c: /s to also transfer the system files onto it. After loading the cdrom drivers, we switched to d: drive (cdrom) and ran install The Install program copied all necessary files to initialise the graphical installation of the NetWare file server and we accepted the default settings when devices such as IDEHD (IDE Hard disk drive) and IDECD (IDE Cdrom) were detected. When asked to enter the size of the NetWare partition, name of the server and other parameters, we chose the following : Total Volume Size [NetWare SYS Partition] [Hot Fix area size] Server Name LAN IP Configuration [Public Interface] [Private Interface] [Gateway] DNS Configuration [Hostname] [Domain] [Name Server] 6369.0 MB 6374.6 MB 5.1 MB Gateway 203.31.218.2 / 255.255.255.0 134.147.10.254 /255.255.255.0 203.31.218.1 Gateway Netstar.com.au 139.130.4.5, 203.31.218.2

After the above parameters were entered, we selected the appropriate time zone which was NSW-Sydney When asked to install a new NDS tree, we answered yes and created the following :

20.2

NDS Details Objects created

[Tree name] Firewall [Organisation] O=Netstar [Users] Administrator (password = password)

Next step was to install the licences we had, as mentioned earlier, these were: Custom installation was the next choice, and these are the items which we selected: v2.0.1 v3.14.0 v1.0.0 v1.0.3 v2.1.1 v3.5.1 v1.0.0 v4.2.0

- 1 Server licence and a 100-user connection licence. NetWare File Server Components [Novell Certificate Server] [LDAP Services] [NetWare Management Portal] [Storage Management Services] [NDPS Printing Services] [NetWare Enterprise Web Server] [NetWare FTP Server] [Novell DNS/DHCP Server] v1.0.4 [Novell Internet Access Server] [NetWare Multimedia Server] v1.0.0

When prompted to create a Organisational Certificate Authority we gave it the name NetWare Organisational CA and selected to export the trusted root certificate filename to SYS:Public/Rootcert.der In the next screen, we were asked to enter various ports, URL's and more DNS information.

20.3

NetWare Enterprise Webserver Ports

[Regular] [Secure] [Netware Portal] http://gateway.netstar.com.au:80 https://gateway.netstar.com.au:443 http://gateway.netstar.com.au:2200

DNS/DHCP Settings [Locator Object NDS context] O=Netstar [Group Object NDS context] O=Netstar [Rootserver zone NDS context] O=Netstar Restarted server, installation completed successfully

20.4

Stage 2 Installation of Novell BorderManager v3.5

After restarting successfully the NetWare file server, we loaded inetcfg.nlm and transferred all LAN protocols commands INITSYS.NCF and NETINFO.CFG as the system suggested we do, and restarted the server once more. At this point we got the license for BorderManager ready, and loaded the cdrom which had a volume name of BMEE35EPFGS_DE. Automatically the installation program started and we accepted the licence agreement and selected to install the BorderManager Firewall and caching services along with the Virtual Private Network services. When prompted, we selected the CE100B_1 network interface card as the Private part of out network and did not enable the secure all private interfaces option, which if we did, it would have set packet filtering on and also enable the HTTP proxy.

Next step was to verify the domain (netstar.com.au), and also verify our DNS from the previous installation. We were prompted with a summary of selected options from the previous steps and after we agreed with everything, we initiated the copy of necessary files onto the file server, which also completed the installation.

20.5

Stage 3 Configuring the NetWare 5.1 server

20.5.1 Patching the server

After the installation of Novell BorderManager, we had problems with licensing, so we consulted the support pages online, and found that we had to load some patches in order for the licensing scheme to function properly. When we first attempted to install the patches, we did not pay attention to the order in which they had to be installed.. This resulted to major problems regarding grace logins, no valid licences could be located by the system and NDS errors while trying to add objects to the NDS tree. Since the problem had extended and became more complicated cause we had to delete all licences installed, including license objects, it got to the point where we couldnt do much with the firewall system, so we decided that it would be a better idea and more time saving, to install the firewall again. Similar procedures were followed and the settings were the same. After the installation and setup of BorderManager, we applied the patches correctly:

We needed to add the following patches into the system 1) bm35sp1.exe BorderManager 3.5 Patch 1 2) nlslsp4b.exe nlslsp5a.exe Novell Licensing Services (NLS) 5.02 (nlslsp4b could not be found, it has been replaced with nlslsp5a.exe) 3) admn519f.exe Updated NWAdministrator All patches were downloaded and installed onto the server according to instructions, which accompanied the files. After the licensing issue had been sorted, we proceeded with the configuration of DNS, E-mail and packet filtering.

20.5.2 DNS configuration First we had to install the DNS/DHCP software in order to setup DNS on our firewallwebserver. Installation software was located in the SYS:public\dnsdhcp At the DNS panel, these are the steps we took:

1. Created a DNS server DNS server Object:Gateway 2. Created a Primary Zone NDS context:O=Netstar Domain Name:Netstar.com.au Authoritative DNS: Gateway 3. The following resource records (RRs) were created within the Zone : NS (Name server) RR ns1.telstra.net A (Address) RR 139.130.4.5 NS (Name server) RR gateway.nestar.com.au A (Address) RR 200.200.200.1 CNAME(Canonical) RR www.netstar.com.au MX (Mail exchange) RR mail10.netstar.com.au

4. After successfully creating the above objects, we enabled the DNS server by entering the following command at the NetWare 5.1 console : Load NAMED V The -v option is used for debugging and forces the system to show all requests sent to the DNS server. 20.5.3 Login Scripts Since we decided to use the NT servers to hold the user accounts and data, we didnt need to create custom login scripts. However, since the administrator is the only user logging in, we created a custom login script only for the user Admin. The following logging script (contained in the OU login script) will stop the default logging script from executing and also provide the following mappings for the system administrator: F: Drive mapped to SYS: Public -To provide access to all public utilities. G: Drive mapped to SYS: Public\Win32 -Easy access to NWADMIN. H: Drive mapped to SYS: Users -Users dir. Where e-mail is held. I: Drive mapped to SYS: System -Administration utilities S1: Search drive mapped to SYS: System S2: Search drive mapped to SYS: Public Below is the login script used to accomplish the above: Remark Greetings for Users & disabling the default login script NO_DEFAULT Write Good %GREETING_TIME, %FULL_NAME Rem Network Drive Mappings Map Display off Map Errors off Map F:=SYS:PUBLIC Map G:=PUBLIC\WIN32 Map H:=SYS:USERS Map I:=SYS:SYSTEM Rem Search Drive Mappings Map INS S1:=SYS:SYSTEM Map INS S2:=SYS:PUBLIC 20.5.4 E-mail Accounts Setup As a first step we installed the Internet Mail System (IMS) v2.1 by loading the cdrom drivers at the console (load cdrom) and then loading nwconfig from which we selected Product Options and choose to install IMS by pointing to the cdrom. After installing the software we edited autoexec.ncf from nwconfig, and modified it to load Mailcon which is the mail console. Webmail, a web interface provided with IMS so users can access their mail box via their web browser, was configured to run on port 100 NWADMIN was then loaded, and user accounts were created. The user accounts created are to serve the e-mail addresses and not for storage. Following are the users and e-mail addresses which we created on our e-mail system All users have a minimum of 5 characters for their passwords and there is also a periodic force policy which forces users to change passwords every 30 days, with two grace logins allowed.

User name Bill Brown Lisa Smith Kathy Stuart Jane Thomson Peter White John Lord Lauren Price Mandy Right Tony Green Paul White Bruce Willis Maria Taylor Stephen Forbes Diane Hayes Chris Brown Jenny Phillips Janette Barnes Michael Moon Jill Johnson Belinda Roche

E-mail Address Bill@netstar.com.au Lisa@netstar.com.au Kathy@netstar.com.au Jane@netstar.com.au Peter@netstar.com.au John@netstar.com.au Lauren@netstar.com.au Mandy@netstar.com.au Tony@netstar.com.au Paul@netstar.com.au Bruce@netstar.com.au Maria@netstar.com.au Stephen@netstar.com.au Diane@netstar.com.au Chris@netstar.com.au Jenny@netstar.com.au Janette@netstar.com.au Michael@netstar.com.au Jill@netstar.com.au Belinda@netstar.com.au

Password Billyb Lisas Kathys Janet Peterw Johnl Laurenp Mandyr Tonyg Paulw Brucew Mariat Stephenf Dianeh Chrisb Jennyp Jannetb Michaelm Jillj Belindar

To provide stronger security to our firewall and e-mail service, we decided to enable a few more options. At the Internet Services object details, we selected the following options to be logged to SYS:ETC\ims.log : Emergency, Alert, Critical, Errors, Warning. We expanded the Internet Services object in order to enable and modify more options in other objects. The Gateway messaging system options were modified so the Queue Timeout would be 2 days instead of 5 days. Also to protect from mail looping we enabled the Bounce message control and set the Interval to 10 and Entries to 5. In the Webmail object, we limited the each e-mail message to 10mb. The Finger Agent was disabled so that no users outside our network can get information about internal users e-mail accounts. All users will be using Netscape Communicator to retrieve and send e-mail. The settings for the mail program are as follows: Incoming Mail Server (POP) : 134.147.10.254 Outgoing Mail Server (SMTP): 134.147.10.254 Username field is subject to the user. Password filed is subject to the username. 20.5.6 Packet Filtering In order to provide adequate security to the internal LAN from the public (Internet), we decided to use packet filtering along with NAT. The 2 interfaces on our firewall/gateway have been identified as Private for the internal LAN, and Public for the external WAN. Only the public IP is to be seen from the Internet. Firstly we configured the Public interface so it will block all incoming and outgoing RIP, EGP and OSPF packets. This way we ensure that no internal routes or IP address ranges will be advertised to the public.

Secondly we created a policy which determines what type of access will be allowed within the organisation. This Policy states that the following packets are denied: Source All Interfaces All Interfaces Packet Type Any Any Destination Public Private Comments Deny traffic to Internet Deny traffic to LAN

The Policy also states that the following packets are allowed (exempted): Source All Interfaces All Interfaces All Interfaces All Interfaces All Interfaces All Interfaces Public All Interfaces Packet Type Dns/udp-statefull Www-http-st Www-https-st Smtp-st nntp-st ftp-port-pasv-st www Webmail-st Destination Public Public Public Public Public Public All Interfaces Private Comments For DNS queries For web browsing For secure www For Email For News Groups Passive statefull ftp Netstar Webserver Web based e-mail

The Policy exemption, which allows packets to travel, in and out the firewall has been made using statefull packet filtering. This method offers the advantage that you only need to create one exemption rule for any packet instead of two (one for incoming and one for outgoing). Statefull packet filtering keeps track of the packets going in and out of the firewall and knows what type of a packet its expecting (reply) and from which host. Network Address Translation was enabled only on the Public interface, and we decided to use NAT-Dynamic mode since we had no services, which needed to be accessed by the public, in which case we would use the combination of NAT-Dynamic and NAT-Static. The Network Address Translation support which comes with BorderManager v3.5 has a table of 5000 dynamic ports, which are allocated to users dynamically as they need so they can access Internet resources, and are recycled when the users connection is terminated. We felt that this approach was adequate for current and future needs.

21. Intranet WebServer IIS v3

Because this Webserver is only for our Intranet, we only needed to apply minimum security polices on it. This web server will hold online documentation and announces for all users. The following actions have been taken to ensure the security of this webserver. 1. The InetPub directorys permissions were changed from Everyone Full control to Everyone Read. 2. Configured TCP/IP filtering by specifying which ports are allowable on the PDCs network card. : Control Panel | Network | Protocols | TCP/IP | Advanced | Enable Security | Configure. Following options were set: - Permit only TCP ports 80 - Permit no UDP ports - Permit only IP Protocol 6 (TCP) 3. Removed All Net Shares. Ran Net Share from the command-line and made sure we delete all of them using Net Share /d. 4. Changed "Access this computer from the network" from Everyone to Authenticated Users. This only allows users having an account in the domain or on the machine to

access shares on the server. : User Manager | Policies | User Rights, then choosing "Access this computer from network", remove Everyone from the list and add Authenticated Users to the list. 5. NOTE: We had to disable all above security measures cause of problems we had trying to access the Internal Web Server.

22. Windows 2000 Professional Setup

We decided to install Windows 2000 Professional on one of the workstations. This proved to be quite troublesome since we had problems with the network IP number that was constantly automatically allocated to the workstation by the operating system, rather from the BDCs DHCP server. During installation, we gave the machine an static IP address, but this did not result in the TCP/IP stack to work correctly. Following are the steps we took while trying to install the operating system: After starting the setup procedure, when prompted, we deleted all existing partitions and created one 6173MB partition that was the capacity of the whole drive. We then formatted the partition using NTFS file system. Setup copied all necessary installation files to the hard disk drive and restarted the PC to complete copying a few more files needed. Windows graphical user interface started and the system started to install the devices attached to it (peripherals). When prompted, we selected customise in order to customise the regional options. Local location was set to English-Australia. Name: PC 2000 Company: Netstar PTY LTD Product Key : XXXX-XXXX-XXXX-XXXX-XXXX Computer Name: Windows 2k computer Administrator Passwd: password Time Zone: Sydney Australia TCP/IP : 134.147.10.50 Subnet : 255.255.255.0 Gateway : 134.147.10.254 Preferred DNS: 134.147.10.254 Protocols installed : TCP/IP Netbeui Selected to join Netstar domain.

After restarting the computer, we started to experience connectivity problems. The workstation's IP connectivity was tested using PING, but failed to succeed. In our attempt to rectify the problem, we changed the IP configuration to be Automatically obtained from a DHCP server, but this too had failed. The system was autoconfiguring itself, which made us suspect that either the network interface card has failed, or the drivers and TCP/IP stack were not correctly working. After numerous attempts to fix the problem had failed, we decided to format the PC and install Windows 98. NOTE: This workstation must be marked for having network problems so that any future installations will be much easier and ensuring that not much time is lost.

23. Netstar Website Structure

Netstars Website was developed to provide adequate information to its customers about the companys goal and services. In this report we have only given a outline of the website structure to allow easy understanding of how all pages are linked together. The files which consist the website are stored in the SYS:Novonyx\suitespot\docs dir. Netstars Main Page Home About Netstar Back to main menu Netstars Pictures Contact Us Our Aim Network Services Links Email Network Services RAS Services
Consultancy Services

Security Services Firewall Services

24. Remote Access Server

Firstly we installed the 28.8K modem, which is connected to COM2 In the Network properties | Services, we added the RAS service Configured RAS as follows : Receive calls only Allow TCP/IP protocol only DHCP assigned IP address Users are not allowed to request a predetermined IP address Only the Administrator user is granted dial-in access, with the call back feature disabled.

25. Network Diagram

Network diagrams were created to give a better understanding of the network layout and setup. Figure 1 shows the floor layout, including individual departments and workstation locations. Figure 2 shows the setup of the room which contains the main file servers and firewall.