Abosolute beginners questions

My school is hoping to buy and install a W2003 server to act as a domain
controller for a small school network.
The network currently consists of 18 cat 5 wired XPPro PCs and a number (>
than a dozen)of XPro laptops and W98 PC's connected to the network
wirelessly. The network also has an old NT4 machine (steam driven!) acting
as a central file sharer, which we hope to replace with the new server. At
the moment, all users log on locally to the PCs and access the NT4 PC via a
url shortcut. All IP addresses are configured manually and would continue to
be so.

Question, re users and groups, can a user be a group? We would like to have
each year group (one log in name and password) log on as a user and to have
access to all that year groups folders and only the applications they
require to use during the school day. We thought about having each child log
on individually but it would be a nightmare having to remember all their
passwords when they "conveniently" forget them.
Does WS2003 allow for logging in from multiple locations with the same ID,
password etc., Everything we have read re the installion and configuration
of WS2003 only seems to allow for individual users in various groups, not
the way (I don't think) that we (hopefully) will be, operating it.
Would there be any issues regarding the wireless part of the network?
Any help with the above most gratefully received and also any pointers to
books or documenttion regarding this type of installation also most welcome.

TIA
Mike H

> Does WS2003 allow for logging in from multiple locations with the same ID,
> password etc.,

Yes it does. In fact one of the more popular questions is how to _prevent_
users from logging in to more than one computer at a time.



We thought about having each child log
> on individually but it would be a nightmare having to remember all their
> passwords when they "conveniently" forget them.

You need to "know" the password in order to "change" the password. You don't
need to know the password in order to "reset" their password. In the case of
a user forgetting their password you would reset their password and click to
enable "change password at the next logon".

hth
DDS W 2k MVP MCSE

"Mike Hyndman" <(E-Mail Removed)> wrote in message
news:dvukir$cpg$1$(E-Mail Removed)...
> My school is hoping to buy and install a W2003 server to act as a domain
> controller for a small school network.
> The network currently consists of 18 cat 5 wired XPPro PCs and a number (>
> than a dozen)of XPro laptops and W98 PC's connected to the network
> wirelessly. The network also has an old NT4 machine (steam driven!) acting
> as a central file sharer, which we hope to replace with the new server. At
> the moment, all users log on locally to the PCs and access the NT4 PC via
> a url shortcut. All IP addresses are configured manually and would
> continue to be so.
>
> Question, re users and groups, can a user be a group? We would like to
> have each year group (one log in name and password) log on as a user and
> to have access to all that year groups folders and only the applications
> they require to use during the school day. We thought about having each
> child log on individually but it would be a nightmare having to remember
> all their passwords when they "conveniently" forget them.
> Does WS2003 allow for logging in from multiple locations with the same ID,
> password etc., Everything we have read re the installion and configuration
> of WS2003 only seems to allow for individual users in various groups, not
> the way (I don't think) that we (hopefully) will be, operating it.
> Would there be any issues regarding the wireless part of the network?
> Any help with the above most gratefully received and also any pointers to
> books or documenttion regarding this type of installation also most
> welcome.
>
> TIA
> Mike H
>
>

"Mike Hyndman" <(E-Mail Removed)> wrote in message
news:dvukir$cpg$1$(E-Mail Removed)...
> My school is hoping to buy and install a W2003 server to act as a domain
> controller for a small school network.
> The network currently consists of 18 cat 5 wired XPPro PCs and a number (>
> than a dozen)of XPro laptops and W98 PC's connected to the network
> wirelessly. The network also has an old NT4 machine (steam driven!) acting
> as a central file sharer, which we hope to replace with the new server. At

You can still keep the NT4 box as a File Server. It is perfectly suited for
such a task and it lets you take advantage of the hardware you have,...there
is no sense in getting rid of something that can do that job it is doing
perfectly fine. Then you will have two servers instead of just one and you
won't have kids storing "crap" on the Domain controller and screwing it up.

> Question, re users and groups, can a user be a group? We would like to
have
> each year group (one log in name and password) log on as a user and to
have
> access to all that year groups folders and only the applications they
> require to use during the school day. We thought about having each child
log
> on individually but it would be a nightmare having to remember all their
> passwords when they "conveniently" forget them.

You don't have to remember them and are not even supposed to keep records of
them. If they forget them you change their password to a "default" password
and set the system to force them to change it to something else on the first
login. If you keep password records then they are never accountable for
what happens with their accounts because they can claim that since records
are kept, anyone who has access to the records could use those credentials
to do something "evil" instead of them doing it themselves. There is the
"real world",...and then there are Lawyers and "Rights Activists"

Also when they forget the password they get to write 100 times on the board
after school:
"I will not forget my password,..I will not give my password to other
people"
"I will not forget my password,..I will not give my password to other
people"
"I will not forget my password,..I will not give my password to other
people"
"I will not forget my password,..I will not give my password to other
people"
.......................

And then there is:
"I will not hack the School's records and change my grades"
"I will not hack the School's records and change my grades"
"I will not hack the School's records and change my grades"
"I will not hack the School's records and change my grades"
.......................................

Without individual passwords and accounts, with the student being the *only*
one knowing their own password, there will be no accountability for what
they do. If they give their pasword out to someone who then misuses it,..it
is still thier fault for giving it out in the first place.

> Does WS2003 allow for logging in from multiple locations with the same ID,
> password etc.

You can log in as many times with the same account as you want. The number
of Locations is adjustable, but by default there is no limit.

> Would there be any issues regarding the wireless part of the network?

There are always issues with Wireless Networks. They are, by nature,
insecure. They can be made mostly secure, but you have to work at it. If
you want your LAN hacked and abused by kids, go ahead and deploy it in its
default unsecured state. ;-)

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Mike Hyndman" <(E-Mail Removed)> wrote in message
news:dvukir$cpg$1$(E-Mail Removed)...
> on individually but it would be a nightmare having to remember all their
> passwords when they "conveniently" forget them.

The Teacher's Accounts (or Group) gets added to the Account Operators Group
and is given permission to use Remote Desktop on the Server. Remote Desktop
(or Terminal Services) will allow the Teachers to open up the Server while
sitting right at their desk and they can reset the student's password right
on the spot.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Danny Sanders" <(E-Mail Removed)> wrote in message
news:Orc%(E-Mail Removed)...
>> Does WS2003 allow for logging in from multiple locations with the same
>> ID, password etc.,
>
> Yes it does. In fact one of the more popular questions is how to _prevent_
> users from logging in to more than one computer at a time.
>
>
>
> We thought about having each child log
>> on individually but it would be a nightmare having to remember all their
>> passwords when they "conveniently" forget them.
>
> You need to "know" the password in order to "change" the password. You
> don't need to know the password in order to "reset" their password. In the
> case of a user forgetting their password you would reset their password
> and click to enable "change password at the next logon".
>
> hth
> DDS W 2k MVP MCSE
>
Danny,

Many thanks for your reply. I think that we will be going with the as a
"group" log on considering the age of the children in question, 5-11 years
of age.
Just one more thing, I've read that WS2003 prefers passwords of six or more
characters for security reasons. Obviously, this is not the issue with us as
it would be with a corporation. Would using a three character alpha numeric
be allowed?

Again, many thanks,
Mike H

"Phillip Windell" <@.> wrote in message
news:%(E-Mail Removed)...
> "Mike Hyndman" <(E-Mail Removed)> wrote in message
> news:dvukir$cpg$1$(E-Mail Removed)...
>> My school is hoping to buy and install a W2003 server to act as a domain
>> controller for a small school network.
>> The network currently consists of 18 cat 5 wired XPPro PCs and a number
>> (>
>> than a dozen)of XPro laptops and W98 PC's connected to the network
>> wirelessly. The network also has an old NT4 machine (steam driven!)
>> acting
>> as a central file sharer, which we hope to replace with the new server.
>> At
>
> You can still keep the NT4 box as a File Server. It is perfectly suited
> for
> such a task and it lets you take advantage of the hardware you
> have,...there
> is no sense in getting rid of something that can do that job it is doing
> perfectly fine. Then you will have two servers instead of just one and
> you
> won't have kids storing "crap" on the Domain controller and screwing it
> up.

We had thought of that but given its age,it could give up the ghost at any
time. We were just going to use it as another PC in the interim.

>> Question, re users and groups, can a user be a group? We would like to
> have
>> each year group (one log in name and password) log on as a user and to
> have
>> access to all that year groups folders and only the applications they
>> require to use during the school day. We thought about having each child
> log
>> on individually but it would be a nightmare having to remember all their
>> passwords when they "conveniently" forget them.
>
> You don't have to remember them and are not even supposed to keep records
> of
> them. If they forget them you change their password to a "default"
> password
> and set the system to force them to change it to something else on the
> first
> login. If you keep password records then they are never accountable for
> what happens with their accounts because they can claim that since records
> are kept, anyone who has access to the records could use those credentials
> to do something "evil" instead of them doing it themselves. There is the
> "real world",...and then there are Lawyers and "Rights Activists"

Tell me about it!
>
> Also when they forget the password they get to write 100 times on the
> board
> after school:
> "I will not forget my password,..I will not give my password to other
> people"
> "I will not forget my password,..I will not give my password to other
> people"
> "I will not forget my password,..I will not give my password to other
> people"
> "I will not forget my password,..I will not give my password to other
> people"
When I was their age I would forget my pencil/pen/gym kit etc., to get out
of the lesson, now it's more high tech, "Please sir, I couldn't finish the
assignemnt, my cat ate the mouse" etc.,
>
> And then there is:
> "I will not hack the School's records and change my grades"
> "I will not hack the School's records and change my grades"
> "I will not hack the School's records and change my grades"
> "I will not hack the School's records and change my grades"
They are kept at a County level.
>
> Without individual passwords and accounts, with the student being the
> *only*
> one knowing their own password, there will be no accountability for what
> they do. If they give their pasword out to someone who then misuses
> it,..it
> is still thier fault for giving it out in the first place.
>
>> Does WS2003 allow for logging in from multiple locations with the same
>> ID,
>> password etc.
>
> You can log in as many times with the same account as you want. The
> number
> of Locations is adjustable, but by default there is no limit.
Excellent
>
>> Would there be any issues regarding the wireless part of the network?
>
> There are always issues with Wireless Networks. They are, by nature,
> insecure. They can be made mostly secure, but you have to work at it. If
> you want your LAN hacked and abused by kids, go ahead and deploy it in its
> default unsecured state. ;-)

I was thinking more along the lines of connectivity.

Many thanks for the info

Mike H

"Phillip Windell" <@.> wrote in message
news:eRAX%(E-Mail Removed)...
> "Mike Hyndman" <(E-Mail Removed)> wrote in message
> news:dvukir$cpg$1$(E-Mail Removed)...
>> on individually but it would be a nightmare having to remember all their
>> passwords when they "conveniently" forget them.
>
> The Teacher's Accounts (or Group) gets added to the Account Operators
> Group
> and is given permission to use Remote Desktop on the Server. Remote
> Desktop
> (or Terminal Services) will allow the Teachers to open up the Server while
> sitting right at their desk and they can reset the student's password
> right
> on the spot.
They will like that (not), the younglings are more PC savvy than the
majority of staff.
This is one group I was thinking of assigning individual accounts as well
(to see who is doing the printing)

Many thanks

Mike H