Need some advice on learning networking

**bsm2** · 07-09-2021, 02:45 AM

Re: Need some advice on learning networking

Did you understand how to make a 7 layer burrito yet? Rookie

Smb is not boring it's fundamental in understanding how copiers scan, as is Ftp and scan to email

Your welcome

**BillyCarpenter** · 07-09-2021, 02:48 AM

Re: Need some advice on learning networking

Originally posted by bsm2

Did you understand how to make a 7 layer burrito yet? Rookie

Smb is not boring it's fundemnetail is understanding how copiers scan
Your welcome

You need to watch this dude. He's f'n brilliant.

Smb is not boring it's fundamental in understanding how copiers scan, as is Ftp and scan to email

Networking a copier is boring if you ask me.

**bsm2** · 07-09-2021, 02:54 AM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

You need to watch this dude. He's f'n brilliant.

Networking a copier is boring if you ask me.

Let the Pro's handle it

**BillyCarpenter** · 07-09-2021, 12:17 PM

Re: Need some advice on learning networking

Here's what I learned setting up my first Windows Server 2019 Domain Controller in an actual customer's office.

I'll skip talking about installing the roles & features and promoting to a Domain Server as that's pretty basic stuff.

There was a lot more to this than I first thought. For someone with a lot of experience, I'm sure this would an easy job, but for doing this for the first time, it was very stressuful as I didn't want to screw anything up nor did I want to fail.

Here was the checklist I wrote down before I started the job.

1. Install Windows Server 2019 and activate via PowerShell.
2. Install DNS and Active Directory. ( I did not install DHCP)
3. Set Static IP Address and point server back to itself.
4. Install security updates.
5. Enable Remote Access
6. Install and configure Backup Services.
7. Install Security Suite (Bit Defender Gravity Zone)
8. Transfer Shared Folders and set permissions.
9. Transfer Quickbooks Enterprise company file.
10. Upgrade any PC's that were running Windows Home.
11. Join all PCs to Domain.
12. Create Users
13. Create Security Groups
14. Set up Folder Redirection so that users can have desktop and My Documents when logging in to any PC on the network.
15. Migrate all local profiles to newly created domain profile.
16. Set up printers and scan folders for each user.

For me this was a HUGE undertaking. It was stressful yet rewarding. I would say it went pretty smooth. Although Bit Defender did create some problems with Quickbooks Enterprise when "Multi-User" mode was activated. I had to create a few rules to allow access to the company files.

The customer is super happy and that makes me happy.

Also, I don't care if a company has 10 PC's or 10,000, they can benefit greatly from being able to manage their network with Active Directory. This particular company had about 35 PCs.

**rthonpm** · 07-09-2021, 12:59 PM

Re: Need some advice on learning networking

Now your customer has all of the client access licenses (CAL) to be properly licensed to access the server?

Microsoft licensing can be a nightmare in and of itself, but overall each computer or user needs to have a CAL to allow them rights to connect to the server. Trying to also understand what you need for say RDS or SQL or any other feature makes it even messier. For straight client/server it's more or less an honour system type of thing, but if the company ever does additional business with MS, there is the potential of an audit, in which case they would need to show proof of purchase for the CALs. Unless it's a major company, there's not much chance of an audit by Microsoft, though any good IT provider would also do one to make sure they're taking over fully licensed software, in which case they'd just get them to purchase what they need to get them up to compliance.

There is one exception to this, which is the OS variant of Windows Server Essentials, which allows up to 75 user and computer objects without needing additional CALs. It does come with some limitations but for many small businesses, it can be a great choice.

Overall, you hit what I'd consider most of the big points in a small environment. My only tips for the future:

Always run servers as VM's under a high level hypervisor like Hyper-V Server or ESXI for portability and flexibility. A single license of Server Standard gives you rights to create two virtual instances, so by going virtual you can double your server count. The only physical servers we build anymore are ones that need a physical connection to some kind of hardware, like a tape drive or some kind of scientific or industrial instrument.

With Server 2019, you really don't need a third-party antivirus since it comes with its own. Antivirus as an add-on product is going the way of third-party firewalls on client machines. The only advantage to a business class third-party AV is centralised logging and status. I've gone both ways with AV, and as long as the AV can update at least hourly you should be good to go.

Folder redirection is kind of on its way out. I recommend Microsoft 365 to all of my customers so that OneDrive can do the same thing, especially as many of them have moved to laptops over the past year, so it allows access to their own files and docs without needing a VPN. It's still a perfectly legitimate method of protecting files, but if machines leave the business for work offsite, you can run into sync issues.

Small businesses are tough for this one, but I like separating the DC from all other functions, it's good practise to use a segmentation of server roles mainly so that you can apply appropriate levels of protection by a server's function. so a DC would be the DNS server and also potentially DHCP, it just keeps user files off the DC in case something malicious does sneak through. Kind of have to work with what you have though, and it's not as if you can't expand in the future.

It's been fun seeing just how far along the concepts this thread has covered have advanced.

Once we stop learning, we start stagnating.

Sent from my BlackBerry using Tapatalk

**BillyCarpenter** · 07-09-2021, 04:17 PM

Re: Need some advice on learning networking

Originally posted by rthonpm

Now your customer has all of the client access licenses (CAL) to be properly licensed to access the server?

Microsoft licensing can be a nightmare in and of itself, but overall each computer or user needs to have a CAL to allow them rights to connect to the server. Trying to also understand what you need for say RDS or SQL or any other feature makes it even messier. For straight client/server it's more or less an honour system type of thing, but if the company ever does additional business with MS, there is the potential of an audit, in which case they would need to show proof of purchase for the CALs. Unless it's a major company, there's not much chance of an audit by Microsoft, though any good IT provider would also do one to make sure they're taking over fully licensed software, in which case they'd just get them to purchase what they need to get them up to compliance.

There is one exception to this, which is the OS variant of Windows Server Essentials, which allows up to 75 user and computer objects without needing additional CALs. It does come with some limitations but for many small businesses, it can be a great choice.

Overall, you hit what I'd consider most of the big points in a small environment. My only tips for the future:

Always run servers as VM's under a high level hypervisor like Hyper-V Server or ESXI for portability and flexibility. A single license of Server Standard gives you rights to create two virtual instances, so by going virtual you can double your server count. The only physical servers we build anymore are ones that need a physical connection to some kind of hardware, like a tape drive or some kind of scientific or industrial instrument.

With Server 2019, you really don't need a third-party antivirus since it comes with its own. Antivirus as an add-on product is going the way of third-party firewalls on client machines. The only advantage to a business class third-party AV is centralised logging and status. I've gone both ways with AV, and as long as the AV can update at least hourly you should be good to go.

Folder redirection is kind of on its way out. I recommend Microsoft 365 to all of my customers so that OneDrive can do the same thing, especially as many of them have moved to laptops over the past year, so it allows access to their own files and docs without needing a VPN. It's still a perfectly legitimate method of protecting files, but if machines leave the business for work offsite, you can run into sync issues.

Small businesses are tough for this one, but I like separating the DC from all other functions, it's good practise to use a segmentation of server roles mainly so that you can apply appropriate levels of protection by a server's function. so a DC would be the DNS server and also potentially DHCP, it just keeps user files off the DC in case something malicious does sneak through. Kind of have to work with what you have though, and it's not as if you can't expand in the future.

It's been fun seeing just how far along the concepts this thread has covered have advanced.

Once we stop learning, we start stagnating.

Sent from my BlackBerry using Tapatalk

As far as licenses, here's what I can tell you: every piece of Microsoft software that I installed was legit and that's about all I can tell you.

You brought up VM's and using MicroSoft 365 instead of Folder Redirect. I wanted to do both of those, however, I don't know either well enough to do it as I've never even done it in my Lab and I didn't have time to learn it before this install. I think this set up will work for them. But I am concerned about those with Laptops that would like to work from home. I do need to learn Microsoft 365 ASAP.

**BillyCarpenter** · 07-09-2021, 05:03 PM

Re: Need some advice on learning networking

I was just reading up on

Microsoft Windows Server 2019 - 5 User Client Access License (CAL)

$189.99

**slimslob** · 07-09-2021, 05:30 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

I was just reading up on

Microsoft Windows Server 2019 - 5 User Client Access License (CAL)

$189.99

With about 35 client computers you will need 7.

**BillyCarpenter** · 07-09-2021, 05:34 PM

Re: Need some advice on learning networking

Originally posted by rthonpm

Now your customer has all of the client access licenses (CAL) to be properly licensed to access the server?

Microsoft licensing can be a nightmare in and of itself, but overall each computer or user needs to have a CAL to allow them rights to connect to the server. Trying to also understand what you need for say RDS or SQL or any other feature makes it even messier. For straight client/server it's more or less an honour system type of thing, but if the company ever does additional business with MS, there is the potential of an audit, in which case they would need to show proof of purchase for the CALs. Unless it's a major company, there's not much chance of an audit by Microsoft, though any good IT provider would also do one to make sure they're taking over fully licensed software, in which case they'd just get them to purchase what they need to get them up to compliance.

There is one exception to this, which is the OS variant of Windows Server Essentials, which allows up to 75 user and computer objects without needing additional CALs. It does come with some limitations but for many small businesses, it can be a great choice.

Overall, you hit what I'd consider most of the big points in a small environment. My only tips for the future:

Always run servers as VM's under a high level hypervisor like Hyper-V Server or ESXI for portability and flexibility. A single license of Server Standard gives you rights to create two virtual instances, so by going virtual you can double your server count. The only physical servers we build anymore are ones that need a physical connection to some kind of hardware, like a tape drive or some kind of scientific or industrial instrument.

With Server 2019, you really don't need a third-party antivirus since it comes with its own. Antivirus as an add-on product is going the way of third-party firewalls on client machines. The only advantage to a business class third-party AV is centralised logging and status. I've gone both ways with AV, and as long as the AV can update at least hourly you should be good to go.

Folder redirection is kind of on its way out. I recommend Microsoft 365 to all of my customers so that OneDrive can do the same thing, especially as many of them have moved to laptops over the past year, so it allows access to their own files and docs without needing a VPN. It's still a perfectly legitimate method of protecting files, but if machines leave the business for work offsite, you can run into sync issues.

Small businesses are tough for this one, but I like separating the DC from all other functions, it's good practise to use a segmentation of server roles mainly so that you can apply appropriate levels of protection by a server's function. so a DC would be the DNS server and also potentially DHCP, it just keeps user files off the DC in case something malicious does sneak through. Kind of have to work with what you have though, and it's not as if you can't expand in the future.

It's been fun seeing just how far along the concepts this thread has covered have advanced.

Once we stop learning, we start stagnating.

Sent from my BlackBerry using Tapatalk

Yep. I'm gonna pass this along to the customer and they can decide what they want to do.

**BillyCarpenter** · 07-09-2021, 06:24 PM

Re: Need some advice on learning networking

Do we need to use 3rd party AV software any longer?

**rthonpm** · 07-09-2021, 06:42 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

Do we need to use 3rd party AV software any longer?

Not really.

Third-party AV is arguably more of a potential threat since it often involves placing additional hooks into the kernel, or outright replacing kernel calls. There have been vulnerabilities in various AV applications over time that have granted kernel level access through trivial means. Look at how many techs also run into issues with AV software taking control over firewall settings or other system features.

You can even set GPO's in Windows to deny the ability to disable Windows Defender, which makes it harder even for an attacker with admin rights to disable the service.

The current version also uses the same detection engine as Microsoft's paid AV solution that you'd need to pay a fortune for by also getting SCCM and larger level management systems.

Fun fact: most of the telemetry in Windows that people screamed about goes towards AV signatures. I have my own servers and workstations using it, with our internal update servers pulling updates every hour so as long as a machine is online, the definitions it's looking at are never more than maybe two hours old. Compare that to some corporate AV systems that may only push out new definitions once a day!

Sent from my BlackBerry using Tapatalk

**BillyCarpenter** · 07-09-2021, 07:03 PM

Re: Need some advice on learning networking

Originally posted by rthonpm

Not really.

Third-party AV is arguably more of a potential threat since it often involves placing additional hooks into the kernel, or outright replacing kernel calls. There have been vulnerabilities in various AV applications over time that have granted kernel level access through trivial means. Look at how many techs also run into issues with AV software taking control over firewall settings or other system features.

You can even set GPO's in Windows to deny the ability to disable Windows Defender, which makes it harder even for an attacker with admin rights to disable the service.

The current version also uses the same detection engine as Microsoft's paid AV solution that you'd need to pay a fortune for by also getting SCCM and larger level management systems.

Fun fact: most of the telemetry in Windows that people screamed about goes towards AV signatures. I have my own servers and workstations using it, with our internal update servers pulling updates every hour so as long as a machine is online, the definitions it's looking at are never more than maybe two hours old. Compare that to some corporate AV systems that may only push out new definitions once a day!

Sent from my BlackBerry using Tapatalk

I know that a lot of folks read your posts in this thread. You should be getting 100 likes and thanks for most every post that you make. I, for one, hang on every word you say.

**BillyCarpenter** · 07-09-2021, 08:05 PM

Re: Need some advice on learning networking

Here we go. There's never a bad time to learn and this is really, really cool. Thanks again to rthonpm:

Redirect and move Windows known folders to OneDrive
06/14/2021
5 minutes to read

This article is for IT admins managing the OneDrive sync app.

There are two primary advantages of moving or redirecting Windows known folders (Desktop, Documents, Pictures, Screenshots, and Camera Roll) to Microsoft OneDrive for the users in your domain:

Your users can continue using the folders they're familiar with. They don't have to change their daily work habits to save files to OneDrive.

Saving files to OneDrive backs up your users' data in the cloud and gives them access to their files from any device.

For these reasons, we recommend moving or redirecting known folders to OneDrive if you're an enterprise or large organization. See all our recommendations for configuring the sync app. Small or medium businesses may also find this useful, but keep in mind you'll need some experience configuring policies. For info about the end-user experience, see Protect your files by saving them to OneDrive.

Prepare to move known folders on existing devices
We recommend that you upgrade to the latest available build before you deploy to decrease deployment issues. Known Folder Move doesn't work for users syncing OneDrive files in SharePoint Server.

To check eligibility on existing devices, data volume, and item counts as you decide on a rollout plan, and to later monitor progress of the rollout, use the Known Folder Move PowerShell script.

Important

If your organization is large and your users have a lot of files in their known folders, make sure you roll out the configuration slowly to minimize the network impact of uploading files. For users who have a lot of files in their known folders, consider using the policy Limit the sync app upload rate to a percentage of throughput temporarily to minimize the network impact and then disable the policy once uploads are complete.

About the Known Folder Move policies
OneDrive policies can be set using Group Policy, Intune Windows 10 Administrative Templates, or by configuring registry settings. For a full reference of available policies and their registry settings, see Use OneDrive policies to control sync settings.

The following policies control the Known Folder Move feature:

Prompt users to move Windows known folders to OneDrive

Use this setting to give the users a call to action to move their Windows known folder

If a user has already redirected their known folders to a different OneDrive account, they'll be prompted to direct the folders to the account for your organization (leaving existing files behind).

Important

We recommend deploying the prompt policy for existing devices only, and limiting the deployment to 5,000 devices a day and not exceeding 20,000 devices a week.

Silently move Windows known folders to OneDrive

Use this setting to redirect and move known folders to OneDrive without any user interaction. Move all the folders or select the desired individual folders. After a folder is moved, the policy won't affect the folder again, even if the selection for the folder changes.

Note

You can choose to display a notification to users after their folders have been redirected.

Various errors can prevent this setting from taking effect, such as:

A file exceeds the maximum path length
The known folders aren't in the default locations
Folder protection is unavailable
Known folders are prohibited from being redirected
For info about these errors, see Fix problems with folder protection.

Important

We recommend deploying the silent policy for existing devices and new devices while limiting the deployment of existing devices to 1,000 devices a day and not exceeding 4,000 devices a week. We also recommend using this setting together with "Prompt users to move Windows known folders to OneDrive." If moving the known folders silently does not succeed, users will be prompted to correct the error and continue.

Prevent users from redirecting their Windows known folders to their PC

Use this setting to force users to keep their known folders directed to OneDrive.

Note

Users can direct their known folders by opening OneDrive sync app settings, clicking the Backup tab, and then clicking Manage backup.

Prevent users from moving their Windows known folders to OneDrive

For info about using the OneDrive policies, see Use Group Policy to control OneDrive sync app settings.

Transition from the Windows Folder Redirection Group Policy objects
The OneDrive Known Folder Move Group Policy objects won't work if you previously used Windows Folder Redirection Group Policy objects to redirect the Documents, Pictures, or Desktop folders to a location other than OneDrive. The OneDrive Group Policy objects won't affect the Music and Videos folders, so you can keep them redirected with the Windows Group Policy objects. Follow these steps to switch to using the Known Folder Move Group Policy objects.

If folders have been redirected to OneDrive using Windows Folder Redirection Group Policy:

Disable the Window Folder Redirection Group Policy and make sure to leave the folder and contents on OneDrive.
Enable KFM Group Policy. Known folders remain in OneDrive.
If folders have been redirected to a location on a local PC:

Disable the Window Folder Redirection Group Policy and make sure to leave the folder and contents at the redirected location.
Enable KFM Group Policy. Known folders move to OneDrive.
If folders have been redirected to a network file share:

Note

We recommend using Windows 10 Fall Creators Update (version 1709 or later) or Windows Server 2019 and the current version of OneDrive to get the benefits from Files On-Demand.

Use Migration Manager to copy contents in the network file share location to a user's OneDrive, making sure that all contents go into the existing Documents, Pictures, or Desktop folders.
Disable the Window Folder Redirection Group Policy and make sure to leave the folder and contents on the network file share.
Enable KFM Group Policy. Known folders move to OneDrive and will merge with the existing Desktop, Documents, and Pictures folders, which contain all the file share content that you moved in the first step.

**BillyCarpenter** · 07-09-2021, 08:50 PM

Re: Need some advice on learning networking

I get easily excitable when learning about Server 2019 or anything to do with IT but I think KFM (Known Folder Move) to One Drive is a game changer. rthonpm must think I'm an idiot because he's told me this a few times but in my defense I can only grasp so much information at once. I was reading what he was saying but I really wasn't grasping the full impact of what he was saying.

Instead of Folder Redirect to a shared folder on the server, I'll now be redirecting known folders to the cloud where they can be accessed from any device and they'll be automatically backed up.

From what I gather this is something that is fairly new to the scene? I LOVE it.

**rthonpm** · 07-09-2021, 09:16 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

I get easily excitable when learning about Server 2019 or anything to do with IT but I think KFM (Known Folder Move) to One Drive is a game changer. rthonpm must think I'm an idiot because he's told me this a few times but in my defense I can only grasp so much information at once. I was reading what he was saying but I really wasn't grasping the full impact of what he was saying.

Instead of Folder Redirect to a shared folder on the server, I'll now be redirecting known folders to the cloud where they can be accessed from any device and they'll be automatically backed up.

From what I gather this is something that is fairly new to the scene? I LOVE it.

It's been a part of OneDrive for about two years now. It was partially a way to protect user files from ransomware, since the online side of OneDrive would still have previous revisions of the files to recover. To take full advantage of it, the user will need a Microsoft 365 (formerly Office 365) account. I have at least two customers storing more in their OneDrive than their computer would have space to hold. Windows does a great thing of automatically moving files off the machine's cached version if they're not accessed for at least 60 days (if memory serves) to free up space on the local computer.

It's much cheaper giving customers 1 TB on OneDrive through M365 than it would be buying server drives and building out RAID arrays to give the same amount of storage, not to mention the added expense of backup software and media.

That's also even before the ability to share specific files or folders with other people, and the ability to work on the same fie at the same time with someone else.

In the near future, I can see most file servers going away with personal files stored in OneDrive, and group files accessible through MS Teams (which is really just a front end for SharePoint Online). Local file servers will be for more specialised cases like collecting data from offline systems or software installers or other local management files.

Need some advice on learning networking

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment