Guys, i started learning Win Server 2012 few days ago (i know, i know, but there's a reason for it...

Guys, i started learning Win Server 2012 few days ago (i know, i know, but there's a reason for it, i'll get a job if i pass MCSA). This is first time for me to face server world and i'm kinda puzzled.

1. I noticed File sharing aka file server is installed by default. If i do not create Domain Controller and Active directory how do i make users see this shared folder?

2. Are there some good practices when organizing server environment for companies, i think there shouldn't be one machine acting as all servers needed in a company, but is that always the case?

3. Mail server. Does MS really force people to buy Exchange server also next to Win server and do companies really use that over gmail and other shitty public email clients?

Other urls found in this thread:

bigcorp.intra
msdn.microsoft.com/en-us/library/bb727085.aspx
msdn.microsoft.com/en-us/library/ms935682(v=cs.70).aspx
twitter.com/SFWRedditGifs

Also, i'm interested if Linux also has something like active directory

Yes

Thanks a lot friend, Cred Forums is always helpful

At least you bumped the thread

>1
You dont understand what authentication is do you?

2>
yes that is always the case

3>
yes they make you pay seperatly and the licenses are expensive. and no real company uses gmail. if you're asking question 1 you shouldnt even consider running an exchange server as you'll wonder why it stoped working one day and the hard disk is full because you didnt back it up.

Regarding 1.

As i understand, people can choose between Workgroup/Homegroup and actual server for file sharing. Now i am wondering if it's possible to share folder without implementing authentication through AD, and if that makes any sense whatsoever

2. But there has to be some roles that are complementing each other like DHCP and DNS. Those are surely one server, DNS possibly on several server for failover reasons. What roles should be separate without any question? I sense that SQL should be separate server

3. Why would be HDD be full?

>1
>I still dont understand the difference between authentication and a file server
you really arent going to pass a MCSA and you shouldnt have a job beyond being a phone jocky on a helpdesk

>Now i am wondering if it's possible to share folder without implementing authentication through AD
yes, this is the default behavior. have you even used windows before?

>But there has to be some roles that are complementing each other like DHCP and DNS
They arent complementing each other. they do entirely different things.

> DNS possibly on several server for failover reasons
but not DHCP? because who gives a fuck if your clients cant get IP addresses.

>What roles should be separate without any question?
All. The only things i havent bothered to seperate are the AD and DNS servers due to AD's reliance on DNS

>3
because the logs filled up the hard drive. on exchange 2016 it generates several GB worth of log files per day just being idle.

op you really have no idea what you are doing go read some more books

>I'll get a job if I pass MCSA
Tell me more about your freedoms user.

I understand completely, but i am trying to comprehend situations where people already have Winserver in company for dhcp for example, and they choose to share folders now, and they DONT have AD, so no authentication in company. Should you just connect all pcs in a workgroup and thus avoid server or should you change the whole comapny and implement DC and fuck every single employee

>so no authentication in company.
There will still be authentication. It will just be local rather than provided by a directory service.

>Should you just connect all pcs in a workgroup and thus avoid server
If you're a company without a IT department then sure why not. If you have any significant number of employees, than never.

> should you change the whole comapny and implement DC and fuck every single employee
what

>There will still be authentication

i was in company 400 employees with no auth, shit's crazy

>what
employees hate passwords

>I still dont understand what authentication is

Regarding point 1, the difference between using AD and using workgroups is where the authentication takes place. With AD all authentication requests will be handled by the domain controller, in a workgroup all authentication is handled by the single workstation.
As best practice, if your domain spans different physical locations, you would want a DC in every physical location so a client that is physically on the west coast doesn't have to rely on a server on the east coast for authentication.
When it comes to service separation, I like to keep DC, DNS and NTP server on the same machine. DHCP is usually handled by network equipment.

Remember that a server is basically nothing but a computer dedicated to doing a task. I work in a mixed environment with both win and linux servers, and the usual setup is basically the following:

1. Set up a domain
2. Set up AD for users and groups and their permissions.
3. Set up file servers and shares for the users
4. Set up group policy to assign rights and access for your user groups. You can control basically all aspects of the member computers from lock screen timing to administrative rights.
5. Set up things like deployment servers, exchange, whatever you need really, and configure this to your domain or forest.configure this to your domain or forest.

Active directory seems to be the core utility here. It intergrates with basically everything on windows. Web servers can also be run with IIS. The benefit of Windows servers seems to be the integration of different "modules" such as AD, Exchange, Windows policies etc.

Good luck and hope this helps. A normal exercise for beginners would be creating a Virtual network (with for example virtualbox where you create maybe 3-5 client computers on windows 7 and another windows server where you create a domain, add the users and computers to the domain, set up a local network with a ip range and ad and set up some file servers where you assign access rights. Install a virtual printer and share it on the network - make a local network page maybe - the choise is yours. :-)

Ok, thanks a lot for some clarification, only thing i'm wondering is why do you have DHCP on routers, isn't that bad practice?

that is my plan for learning, vmware workstation and multiple clients and one server, exactly like what you have just said.

Oh, i forgot to answer this, that company had 0 authentication, both DC or local. 400 of them just turning their pcs on and off, with no actual server working, only one svm server for version control

That is what I did and what is being done at most schools that do basic ICT education. Virtual networks are super for learning.

Once you get going you can try some fun projects such as:
- Making a "realistic" network and fully functional domain for a fantasy corporation
- Remote access for helpdesk users
- Network drives mounting automatically in Group policy for some users
- You could try maybe making a DMZ network
- Firewalls
- Controlling passwords
- Making a intranet website accessible to only the core usergroups

Once you get good here are some harder challenges:
- Incorporating linux web servers
- Splitting up your servers into dedicated ones instead of one server for multiple services
- Setting up two domain controllers for authentication, and replicating all changes on one to the other and vice versa
- Making a password changing application in C# or website for changing password

I advise you to also focus alot on these:
- Practical planning, such as designing a setup with for example a DMZ, where you set up a hierarchy for user rights, such as admins, external users, etc.
- Documentation is super important while setting up servers and such. Write word documents with pages upon pages of adress ranges and OU design. This will be very beneficial in the long run.

Thanks a lot for advices.

Can you post some example of good documentation?

Also i study everything on my own, are all these things you have said possible to learn without any outside help (besides books and tutorials)

If i wanted to make internal website i would have to use sharepoint, right? I have literally 0 info on that thing

Dude, go take a class. Seriously. They will answer all your questions a lot better than some autists on Cred Forums.

Now take it from someone who manages windows servers for a living. Don't. You'll save yourself a lot od headache getting into something else. Especially if you're not willing to seek outside help. I wouldn't know half the shit I do now if I didn't take some classes to get started. Shit, I took a week long class on Sever 2012 when it came out to learn all the new features. Trust me user, go take a few classes or pick something a little easier for you to handle. I'm not trying to mean but it seems you have very little experience in this is kind of thing.

You can plan out a network using software such as Microsoft Visio or LibreOffice Draw with the network image gallery (google it). Its a nice way to visualize what and where things will happen.

For documentation, everything from Isimply noting down P address ranges and machine names, to drawing and listing AD groups and rights. What you do on which machine and how things are set up. Always keep in mind this - should you be ill for a day or a year, will the person covering for you understand how your network and computers are set up and what to do in case something goes wrong?

All these things are possible without outside help. Active Directory and Windows Server is as flexible as you want it to be. From two workstation pcs in a small family owned pizzeria with a website and a customer / finance database, to a worldwide company with hundreds of websites for different services, finance systems for billing and accounting, dedicated human resources groups or even domains, and thousands of users in different parts of the world, including consultant and temporary employees that has restricted access.

You dont have to use Sharepoint. You can use practically anything you want, for example Apache and Nginx. However IIS server is part of the "microsoft" package and intergrates well with Windows Server. By internal I mean accessing it from for example bigcorp.intra or so. Sharepoint is just a thing you can buy from Microsoft that acts as a "social media" type service that intergrates with your Exchange environment.

>Dude, go take a class

cant do

3rd world country (not pajeet, europe) + i am REALLY a poorfag

amazing, thanks man

Well good fucking luck learning this shit on your own.

Spoilers. You won't.

I am You can still learn alot from testing out with a few virtual machines. If you are gonna work in a real world environment, alot of things will be different and you will be introduced to their setup anyway. I advise you to start with a few virtual machines, then see if it looks allright. Try setting up a small network and make all the computers able to ping the server. Thats a start, then take it from there.

Oh, i will learn, don't worry about that

I already managed to do that.

I have setup DNS and AD on my server, i have managed to ping my shitlord.local domain by setting dns settings in network adapter properties on my client machine. Do i have to change that for every single one of them or is there some easier way?

Right, I don't doubt you'll learn the basics, but honestly there's just so much more to it than that. Setting up a few VMs and setting up some diagrams in Vizio is the way to start like stated. But until you actually enter the job market or take a class from someone who's been doing this kind of thing for sometime, you will hit roadblocks that will be difficult for you to get past. It isn't impossible to learn this shit on your own, but judging from the questions you ask in this thread, you're going to have a tough time.

Also, why does domain name follows NAME[dot]NAME nomenclature, is it because of DNS? Can i set it to be just myServer, without anything after that?

You can use DHCP to assign automatic IPs. This is however usually done on network controllers (switches / routers). Put static ips (or names preferably) on your servers and let clients get automatic assigned IPs.

Also microsoft has some good guides on AD and whatnot, for example:
msdn.microsoft.com/en-us/library/bb727085.aspx

Just a quick question, how do you turn off automatic IP allocation when using vmware workstation, how to point it to vm server?

This is the kind of question I'm talking about. You are referring to the fully qualified domain name. It's HOSTNAME.DOMAIN because that's the full name of a computer joined to a domain.

You need to follow the rules of DNS to make everything resolve correctly, its just how its designed for the most part. For example in some domains you have computernames.hostname.domainname or perhaps asia.intra and europe.intra. Its as said flexible but it follows certain designs. Not too pro on that tho. You can set up local folders, websites and whatever without suffixes in the domain names. Its mostly practical too for multiple domains, trees and more complex design.

As for im not sure how vmware works but you could make your computers "join a windows domain" and configure them from there. This way it doesnt matter what network adapter.

>you could make your computers "join a windows domain" and configure them from there. This way it doesnt matter what network adapter.

wow, so as soon as client joins domain it does DORA only with dhcp server on that domain?

You can deploy windows on computers with a web deployment from BIOS and have them automatically assigned a machine name and IP. As I said, you can for example turn off a setting in Microsoft Excel for a few users, or you can block 100,000 computers from facebook for a day. Its all flexible as hell so do whatever you want. Look into group policy for example.

Look here for example:
msdn.microsoft.com/en-us/library/ms935682(v=cs.70).aspx

This website is great for learning. I gotta go now and watch movie, but good luck. Also if you get a job in microsoft server / ad stuff, its mainly getting introduced by colleagues to the design and network, since everything is always different from company to company, everyone has different setups, so you need to get used to shit and learn from beginning every time.

Add a pfsense VM into the mix for dhcp

this sounds interesting, is it hard to set it up as vm?

Whn it comes to firewalls, do people use hardware ones like cisco asa or software ones?

Hardware firewalls will always be better. We use checkpoints at my company and they work fairly well.

But for real user, try to find someone you can talk to about this stiff irl. Cred Forums is not the best place for this kind of advice.

>I'm too retarded to figure things out
>I have to pay someone to spoon feed me

To be fair, managing DHCP on iOS is a pain in the ass and it is far easier with Windows.

Its under one of the menu items, Virtual Network Editor iirc.

>OP wants to learn windows system administration
>I'll retardedly recommend a Linux program instead
>inb4 cygwin

Cisco ASAs are software based firewalls. They're just PCs with encryption accelerator ASICs for VPN, pic related.

Have you read some of the questions OPs asking? For a lot of people sure they can figure it out. OP is another story though...

>For a lot of people sure they can figure it out.
I was making fun of the user stating you he couldnt figure out things by himself so he had to take classes

Well fuck. Apparently I'm the retard and can't into reading comprehension.