Hi, well i have been building pcs for a few years now, and im interested in running my own domain controller on win2k.

I have built a server which consists of :

1.7 Ghz Athlon
768 MB PC133 RAM
2 x 60 GB harddrives
1 MBit connection

i have got windows 2k advanced server installed and want to set up a secure domain controller. I dont know much about this, and i was wondering whether anyone knows of any online tutorials which show you how to configure a domain controller from the basics to the more advanced stuff

Thanx in advance, Matt.

Well, you say: "I dont know much about this", then how do you plan to run such a service? :confused:

To search for tutorial, try http://www.google.com :)

its only gunna be for myself knowone else, i know someone who is doing it, and he said its not that hard to learn how to configure and secure a server. he would teach me, but doesn't have the time

Originally posted by matt2kjones
its only gunna be for myself knowone else, i know someone who is doing it, and he said its not that hard to learn how to configure and secure a server. he would teach me, but doesn't have the time


Of course securing a server is easy...that's why there are so few attacks on servers...especially Windows servers :rolleyes:

If you are referring to a domain controller in a traditional Windows sense, this is the wrong forum, as it has nothing to do with hosting. If you are using domain controller as a synonym for DNS server, save yourself a lot of headaches and install FreeBSD and run BIND.

I guess the question is, why would you want to run a "domain controller" for "personal use"?

Do you mean a Windows 2000 Domain Controller? And if so, why?

Or a DNS server? And if so, why?

Few people start out building a domain controller or dns server for 'personal use'. Are you using the right terminology for what you want?

Why don't you describe in plain english what you hope to achieve and then its likely someone will be able to help you.

This is definite a good way to learn. You will learn much that is not written and new insight for that which is. I encourage you in this.

There are discussion forums where the exchange of information is priority. I would recommend but I am in the Linux world and so are my recommendations. There are a few stag-forums where head butting is a ritual. Don't take these personal. Look for the professional groups.

right ok this is what i want to do exactly, i have a fast internet connection, and i have a website writting in php, which connects to a mysql database. I have a fast machine sitting around, so i want to set up my own server to host my site as i dont want to pay for hosting.

So in installed windows 2000 advanced server. and i have iis installed. My friend who is running a webserver said that to secure it properly, so i dont get hacked, etc, you have to set it up as a domain controller and configure dns.

And i was wondering if there is any tutorials that show you how to do this???

Thanx

Originally posted by matt2kjones

So in installed windows 2000 advanced server. and i have iis installed. My friend who is running a webserver said that to secure it properly, so i dont get hacked, etc, you have to set it up as a domain controller and configure dns.


Ahh...the problem is your friend is an idiot :D.

You can run a much more secure server with without the DNS server enabled, and without it running as a domain controller. I'm sure Mike from RackMY can offer you some excellent advice about securing a Windows server...

who is mike from rackmy?

Win 2K advanced server costs a pretty penny. Wish I could run that on my home machine.

But hey maybe he struck a deal with Bill and Microsoft :cool:

My friend who is running a webserver said that to secure it properly, so i dont get hacked, etc, you have to set it up as a domain controller and configure dns. Running a W2K web server as a Domain Controller/Active Directory is a bad idea. They were created to help larger networks manage users, permissions, etc. They really have no place in the hosting environment and can actually create more problems.

I would also recommend against W2K AS, and just use plain old W2K (unless you are running a cluster or LB).

Make sure you only install the services that are needed (if you don't need IIS SMTP, don't install it). The more services you install, the more of a security risk you are exposing yourself to. Also, once the installation is done make sure you disable all unneeded services (Print Spooler, DHCP Client, Messenger, etc.) Not only will this create a lean mean machine, it will also remove additional items that could create additional security risks.

Make sure you disable NetBIOS over TCP/IP & The TCP/IP NetBIOS Helper Service.

Make sure you do not have Client for MS Networks and File and Printer Sharing enabled on your NIC. Depending on the full use of the server, you can even go as far as disabling the Server & Workstation Services to be double sure.

Make sure you install ALL service packs and hot fixes: http://www.microsoft.com/security/

Install IISLockdown and URLScan: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/locktool.asp

Install HFNetCheck to make sure you have all the hot fixes installed: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/hfnetchk.asp

Enable security auditing.

Use strong passwords.

Set-up IPSec policies to create a "poor mans" firewall

As you can see, there are quite a few things to securing a W2K Server. I could actually go on and on, but I would suggest you pick up a few good books on W2K security and start there.

I hope this helps!

Originally posted by RackMy.com

As you can see, there are quite a few things to securing a W2K Server. I could actually go on and on, but I would suggest you pick up a few good books on W2K security and start there.


That's who Mike from RackMy.com is :)

A couple of other useful links:

http://www.labmice.net/articles/securingwin2000.htm
http://nsa2.www.conxion.com/win2k/download.htm

.. Though I will say, its no dead-simple task to fully secure a Windows 2000 box, loads of things you need to be aware of, beyond whats in a checklist like the above. Spend some time trying all of this stuff on a box you can light on fire and start over if all goes bad, you don't learn to manage a Windows 2000 Server in a week.

hi thanx for this, have been speaking with a server adminstrator i know and he has been helping me, he has told me software to get, such as backoffice, etc. so im getting there!

thanx for the links, they will come in useful

he has told me software to get, such as backoffice, etc. so im getting there! If you are running a webserver, I would stay away from BackOffice. It contains a lot of unneed programs and most are limited versions.

so what can i use instead? because doesn't back office to set up a proxy right? and he told me that it also closes ports to make it more secure.

Is there a better package out there or something?

Originally posted by matt2kjones
right ok this is what i want to do exactly, i have a fast internet connection, and i have a website writting in php, which connects to a mysql database. I have a fast machine sitting around, so i want to set up my own server to host my site as i dont want to pay for hosting.

Based on what you describe, why don't you reformat that machine and run some form of unix instead? It'll be cheaper and more secure almost by default.

Cost of the O/S? Zero. So its cheaper in that Windows 2000 Advanced Server licenses cost more than the PC you are running, and you do want to be licensed properly of course.
http://www.cnet.com/software/0,10231,0-806340-311-1503474,00.html

More secure - well that is one persons opinion but probably shared by many around here. A default FreeBSD install is more secure than a default Windows 2000 install.

If you decide to remain on W2K, try to avoid installing BackOffice if you can. You might explore other proxy or firewall solutions. Installing BackOffice adds a ton of other software to the box, including SQL Server which has been getting press lately for a newish exploit. One basic rule of thumb with security is not to run more software than you need to.

i would change to unix, but have no experience with it what so ever, also, im running win 2k pro clients which are connected to the server, they wont connect to a unix os right?

also. i can get alot of information on win 2k adv srv as i know allot of people who work with win 2k servers everday, i wont be able to get any help from anyone with unix as i dont know anyone that uses it

apart from those reasons i would use unix

Originally posted by gagsplus
Win 2K advanced server costs a pretty penny. Wish I could run that on my home machine.

But hey maybe he struck a deal with Bill and Microsoft :cool:


HEY :D What's wrong w/ running 2000 Sever for home use :D

To RackMy

Make sure you only install the services that are needed (if you don't need IIS SMTP, don't install it). The more services you install, the more of a security risk you are exposing yourself to.

Can u please list out w2k services that is absolutely essential to run w2k as a web server.

Thanks