Need some advice on learning networking

Re: Need some advice on learning networking



Last night I started learning about security groups and how they're used to access shared folders. I can't believe I'm just learning about this. HUGE time saver. I'm gonna set this up on the client's server.


Windows Server does some really cool stuff.

Re: Need some advice on learning networking

I need some help. I have a client that wants their employees to be able to work from home if need be. Or from a different city. Or another branch office.


I know that I need to set this up through a VPN and I know I need to set up split tunneling. At least I think I know.


I'm pretty foggy on this at the moment. Any tips/advice? Thanks.

Re: Need some advice on learning networking

I'm not much of a network engineer, but I'd recommend not doing a split tunnel. Let the VPN be the only network connection when an employee is on it. Allowing access to their home network at the same time, even with appropriate safeguards, is just asking for trouble.

So many other factors as well:

Are they using company owned or personal equipment to connect?

What do they need to reach inside the company's network?

Does the company have the hardware in place for a VPN?

Any 2FA or other account protection available?

VPN is one way of going about accomplishing this, but it also gets quite expensive in terms of management and hardware.

There may be much easier ways to do the same thing, such as a terminal server, or even just SharePoint Online or a similar product.





Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking

They have a Dell Server running 2019.

This will be a file server only.

I have no idea about 2FA. I mean I know what it is but not clear on how it's used in this instance?


I know nothing about Sharepoint but I'm gonna research it tonight.

Re: Need some advice on learning networking

Is working from home going to involve a lot of data access that needs to reside at the main office such as accounting data? If that is the case Remote Desktop Services might be the better option. Most major accounting software have options for remote access. The same is true if those working from home need to do large amounts of printing at the home office. The main drawback is that it does require a server to provide Remote Desktop Services and licensing.

Re: Need some advice on learning networking

The Server 2019 might have Remote Desktop Services as an available service. Used to come with 2 licenses to allow for remote administration. Additional licenses can be purchased, usually in multiples of 5. Number of simultaneous user determines the needed licensing. Remote users become VMs on the server so you may need to recommend additional memory as needed.

Re: Need some advice on learning networking


Server 2019 does have remote desktop. This is all done via VPN. I wish I could talk more intelligently about this but I know next to nothing about it. I'm in the initial research stage. I want to let you and rthon know how much I appreciate your help. Someetimes I can't believe I'm doing any of this stuff.

Re: Need some advice on learning networking

Remote Desktop services would likely require a second server to set up as the RDS host. If your Server 2019 system was set up as a VM, you would still be licensed for a second VM with the same license.

You'd need to open the RDP port on the edge router or place the server in a DMZ. Changing the default port of 3389 is also recommended, otherwise any script kiddy in the world will be hitting the server.

SharePoint and SharePoint Online are two different things: the latter is hosted as part of Microsoft 365 Business accounts and the former is a convoluted mess not worth touching since it's ridiculously intensive and needs multiple licenses and resources (SQL server).

Trying to do all of this with a single server isn't optimal since ideally you would want your server roles segmented out, though that's not always possible.

Setting up a production VPN isn't a good thing to learn on the fly so you may want to punt that to someone else with the right expertise.

Overall, it sounds like a couple of Microsoft 365 Business premium licenses would be the fastest, and cheapest, option. For $12.95 per user, per month full Office, hosted Exchange email, SharePoint Online, 1 TB of OneDrive storage, as well as multiple compliance tools is a pretty good deal. From there, you could even help them set up a Team in Microsoft Teams (which is a smoother front end for SharePoint) and go with the files they need from there.

There are plenty of options, but you're really opening yourself up to problems if you misconfigure access to their network from the public internet.



Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking

If they have a major ISP and the workers are also using the same ISP at their houses, VPN can be handed off to them. I have used Spectrum in the past.

Re: Need some advice on learning networking



Yeah, I think I'm gonna back off of this job. I don't need the headache or frustration. But I will add it to my list of things to learn.

Re: Need some advice on learning networking

So, about that Server 2019 that I set up recently....

There was one thing left that I needed to do and that was set up scan to folder for all users on the network. Before I get into this, keep in mind that I set up "folder redirect" for every single user. I bring this up because if I create a shared folder on the desktop it is no longer a local folder...that folder is now on the server in a shared folder that I set up earlier named: "Folder Redirection." It's kinda confusing but for anyone who's ever set this up, they'll know what I'm talking about.


Anyway, I created a shared folder on C-drive of the server. The MFP was a Kyocera 3551ci. On a kyocera you don't have to put in any \\ for the folder path. You simply need to enter the name of the PC and the name of the folder. It you have a sub-folder then you'll need to add a \

I've done this at the shop many times and never had a problem. But for some reason it would not work this morning. I spent a good hour troubleshooting it. I turned off windows defender and double checked everything. No luck. Then I realized I never checked to see if SMB1 was turned on at the server. It wasn't. I turned it on and all worked as it should. I must be more careful.

Re: Need some advice on learning networking

SMB 1 No No and NO
Never turn it BACK ON
Back to School for URookie

Re: Need some advice on learning networking

Here I thought I was going to have to post my regular Stop Using SMB1 post.

Stop using SMB1 - Microsoft Tech Community

There it is for everyone again.

Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking

SMB1 has been covered ad nauseum on this site. It's actually a pretty boring subject. But it's my fault for not being more clear and giving my 2 haters from the political forum a reason to stick out their chest and try to prove that they're some kind of network Gods. LOL


The reason I turned on SMB1 is because the Kyocera MFP didn't have the latest firmware installed thus it would only scan if SMB1 was turned on. So, the only reason It was turned on was for testing purposes. I actually returned later that evening with the latest firmware and turned off SMB1.



Now to address the "Network God's"....lol


I'm done with my Server 2019 install that I've been working on and I'm back to studying for the CCNA.

For bsm2 and the other idiot, if you want to impress me, explain OSPF to me in detail. This is the most used routing protocol in use today. Show me what you know. SMB1 is boring.

Re: Need some advice on learning networking

By the way, anyone ever use Bit Defender Gravity Zone? It's pretty cool.