1

I found new work at a software company, the problem is there is no solid system infrastructure, all we have is a firewall and a 2008 r2 server, the anti - malware that we use is a simple Microsoft Security Essentials, all of the workstations have automatic IP’s and administrative accounts. I would like to ask the community on where should I start if I want to establish a good infrastructure in the company, i.e domains, file servers etc. thanks in advance for your help

4 Spice ups
2

  1. Start with a needs analysis. How many users, how many devices, how much data needs to be stored (and consider growth over at least three years), whether the backbone is sufficient (what kind of cabling/switching is currently in place), and where the company will likely be in 5-10 years.

  2. Assess the current hardware. The 2008 r2 server should likely be upgraded (unless it’s running on new hardware, but I doubt this is the case). How many switches, APs, etc. will be needed to provide proper coverage to the office? Do you need new wiring?

  3. Contact a vendor to get quotes on the necessary hardware, or if you’re comfortable you can assemble quotes yourself for most items.

  4. Present a report to management of the current state, the problems, and what you propose to solve the issue (including a budget).

There are lots of things to consider depending on your environment, but with the few details provided this is simply a general answer to get you started. I’m sure others will chime in with more details.

I recommend having a dedicated server rack, using proper hardware, and doing things correctly from the start - don’t head to Best Buy and mickey mouse something together like we have all seen before.

1 Spice up
3

Congratulations! You can start the company’s infrastructure.

Beforehand, check on how they work:

  • how many users/workstations

  • how everything was networked/connected

  • how they share files

  • how to access which resources

You will have to present to management the need for central management/domain controller. What impact, upgrade or advancement it will bring to the company. Start in searching using your favorite search engine. Here is one from Google .

Is the Server 2008 R2 legally acquired? What is the reason why it was bought? Why is it there in the first place? Is it there to only provide DNS/DHCP or is the router/firewall doing that?

1 Spice up
4

Below are just on the top of my mind, in layman’s terms and no way complete:

First and foremost is network security. You can enforce password policy/security access to files and other resources, based on computers, users or groups.

Centrally managed system will limit user control over their system giving them access to only perform their duties. Why is this good? It also limits what they can do to break the system. It also, in some ways, limit the infection of the system should there be one.

Roaming profile can be set. User can login to any domain joined computer and retain his preferences.

Folder redirection can be set. User can login to any domain joined computer and he will have access to his Documents and other files. You can also back this up as this is centrally located in a server folder share.

Aside from Group Policy Objects (GPO) which you can set, you can also set up Group Policy Preferences (GPP). GPO sets/adjusts what your computer/users can do to computer, how they behave, install or update supported softwares, whitelist/blacklist programs from running, etc. GPP are the ones which you normally do with scripts like mapping drives, creating shortcuts, copying file/s to user/computer folder.

Setting up update update through WSUS will also help manage approved updates and perhaps improve bandwidth.

Also note that there’s a limit in Microsoft Security Essentials usage in a company, you can only use it legally upto 10 devices, unless MS has removed the limit which I am unaware of. Reference: MICROSOFT SOFTWARE LICENSE TERMS - Microsoft Support . First 2 statements in 1. INSTALLATION AND USE RIGHTS reads and I quote:

  • Home Use. If you are a home user, then you may install and use any number of copies of the software on your personal devices for use by people who reside in your household.

  • Small Business. If you operate a small business, then you may install and use the software on up to ten (10) devices in your business.

1 Spice up
5

Have you setup a domain? Are you comfortable with setting up one? If not, I urge you make a research first. How to set it up and best practices. There are a lot on how-tos and best practices here in Spiceworks though a lot of it is targeted to specific setup/jobs.

The link below might be of some help in setup:

If you are not comfortable, it is highly recommended to seek out a trusted contractor.

Also, many here will advise you to set-up your Domain Controller as Virtual OS guest (make your physical server a Virtual Host).

1 Spice up
6

It’s an old system with nothing special … nuke it and start fresh :slight_smile:

Not because what you have is bad or anything. I’m just a HUGE fan of burn it all and start fresh. Fresh starts can be SO good for a business.

2 Spice ups
7

In a situation like this, there is SO much to think about. First, tell us about your environment and its needs. Make a list. Detail out everything that they have, need, want, etc.

Then consider not bringing ANY technical debt with you. Do you need a domain? Check that twice, are you sure? Do you need legacy “mapped drive” storage? Do you need LAN-thinking in any way? Do you need Windows servers for anything? Do you even need Windows clients?

Back up and think greenfield. What would a modern, fresh company REALLY look like. Often they are extremely different than the companies of just a few years ago. The IT world has changed.

1 Spice up
8

Watch this video for some ideas on thinking about the world a bit differently.

1 Spice up
9

we have 20 workstations 8 of which are used for customer software training, 12 laptops for marketing and sales dept.

we have no domain, and no email server, we just use hosting from a third party.

I have no control on what sites they visit or changes they do to the workstation

10

we have 20 workstations 8 of which are used for customer software training, 12 laptops for marketing and sales dept.

we have no domain, and no email server, we just use hosting from a third party.

I have no control on what sites they visit or changes they do to the workstation

we share files using a couple of external HDDs and LAN messenger software

11

Hi. Plenty of good suggestions in here already. Having been through that process myself, I agree with some comments in that I would work on the basis and starting from scratch and setting up. I’m a big believer in taking the time to think over jobs/projects like this, even if its just note-taking. Dont go into a job like this cold. Design and think it over properly now and you’ll see the benefits down the line.

I’m sure everyone has their own ways of working. However, I personally found setting up a comprehensive list of IT considerations prior to doing any actual technical works very useful. Nothing complicated, just a massive list of things to consider and build a overall IT plan from. For example:

Workstations - uniform operating system / uniform build / local admin rights / hard drive partitioning / dhcp / network printer / warranty / software applications / licensing / windows updates / firewall / anti-virus

Network (switching) - uniform switching manufacturer / gigabit or more / copper or fibre / patching / ip addressing & subnetting / vlans / spanning tree / manufacturer support / remote access method

Network (firewall / security) - internet filtering / port forwarding / NAT / email filtering / spam filter / phising & malware / manufacturer support / licensing & licensing expiry

Server (domain controller) - uniform server operating system / active directory / dns / dns forwarders / dhcp / group policy / print queues / windows updates / remote access method / software applications / licensing

Server (member) - uniform server operating system / windows updates / remote access method / fileshares & fileshare security permissions / ip addressing / software applications / licensing

Backups - software application to manage backups / centrally managed backups or per device setup / backup to what media / onsite backup / offsite backup / recovery process / backup schedules and timeframes

Users - active directory setup / uniform user account setup / active directory security groups / active directory group policies / user account home area mapping

The above list is just a starting point and there will be plenty of other things you’ll think of or come across for consideration. However, from the above initial list, start expanding and detailing the specific points. Highlight purchases where they may be required. Using the above process, very quickly you’ll have started to scope and design portions of an entire new IT setup for the organisation. You’ll also see where costs may be incurred and thus can take cost forecasts to management for approval.

Best wishes for the work ahead. Sounds like a good project.

12

Sounds like a perfect case for simple state management like Salt, Ansible, Chef, Puppet, etc. Zero cost, more power, a bit of effort :wink:

13

When you start shopping for new pieces of your infrastructure, I’d definitely take a look at PCM and TigerDirect! We can help you design the solutions you need as you’re getting started in your new environment, whether it be hardware or software solutions.

Both sites here:

http://www.tigerdirect.com/

But let me know if you’d like me to connect you with someone on my end!